Ask Slashdot: How To Convince a Company Their Subscriber List Is Compromised? 247
jetkins writes "As the owner of my own mail domain, I have the luxury of being able to create unique email addresses to use when registering with web sites and providers. So when I started to receive virus-infected emails recently, at an address that I created exclusively for use with a well-known provider of tools for the Systems Administration community (and which I have never used anywhere else), I knew immediately that either their systems or their subscriber list had been compromised. I passed my concerns on to a couple of their employees whom I know socially, and they informed me that they had passed it up the food chain. I have never received any sort of official response, nor seen any public notification or acceptance of this situation. When I received another virus-infected email at that same address this week, I posted a polite note on their Facebook page. Again, nothing. If it was a company in any other field, I might expect this degree of nonchalance, but given the fact that this company is staffed by — and primarily services — geeks, I'm a little taken aback by their apparent reticence. So, since the polite, behind-the-scenes approach appears to have no effect, I now throw it out to the group consciousness: Am I being paranoid, or are these folks being unreasonable in refusing to accept or even acknowledge that a problem might exist? What would you recommend as my next course of action?"
Use This Thunderbird Plugin (Score:5, Informative)
This does not directly address the question, but it is topical.
I do the same thing with my domain and it was always a hassle to make sure I filled in the correct From: address on each email I sent. Then I found the Virtual Identity Plugin [absorb.it] for thunderbird.
It automagically remembers what From: address to use with what To: address. It also makes the From: line fully editable on the fly and remembers what you used for the next time. It makes it dead simple to make sure that you never accidentally leak one of your unique addresses to the wrong person/company.
Re:Is it fixed? (Score:5, Informative)
Acknowledging it is likely to be against the advice of the company's attorneys whether or not it really is their fault.
Exactly. Datek or Ameritrade or TD Ameritrade, I forget at which point in their many buy-outs, has been repeatedly compromised in the past. At first they denied it and claimed that spammers had just guessed by email account. So each time I would create a new email account in my own domain consisting of a random collection of 12 letters, numbers, and punctuation marks. And each time they were compromised I would point out to them the impossibility of a spammer guessing my email account.
Finally, they just started a policy of sending me an email saying they are investigating it but their company policy does not allow them to give me any details of their findings or what, if anything, they did to fix it.
Re:Is it fixed? (Score:3, Informative)
Re:Write threatening letters (Score:0, Informative)
"I create a unique email address for each company I deal with, and each website I register on."
Does nobody of you morons know of mailinator.com?
Why on earth would someone create a mailaddress just to register to a website when mailinator with their gazillion aliases exists?
Just give them mythrowawaylogin@mailinator.com as email address, read it _once_ to click the confirmation link and forget it.