Does somebody sell lots of IDs as a wholesale business?
Harvesting active email IDs is a big business for spammers. Two likely scenarios:
- direct harvesting: you had malware on your PC, it harvested your address book, and the list was incorporated in a zombie spambot network.
- indirect harvesting:
1) Someone you know had malware on their PC, their addy book was harvested, etc. This is the most likely scenario.
2) A website/business you subscribed to had their email database rooted/hoovered. This happened to Ars Technica last year. They had changed server hosting, the old host sorta forgot to delete Ars' info and then old host was rooted by a hacker. Microsoft
and several governments teamed up to kill the Rustock
Bot network last week. Supposedly responsible for 60% of all spam traffic.
So, bottom line, you are only as spam-free as your friend's PCs are free of malware.
A while back, I opted to host my own mail domain. I took three steps to reduce spam:
- Whitelist for my primary email account (the one's my friends use). So, if you aren't on my list, the mail goes to the trash bin.
- Bounce all email that went to an invalid addy (otherwise, Postmaster gets hammered).
- Create unique email ID's for all subscription sites. It becomes the canary in the coal mine and when you see spam, it lets you know a site was rooted, failed to follow their privacy rules, etc. I let Ars know their database had been hacked...it took them 4-5 days to believe me...but, it worked.