Over the past 24 hours, I've gotten about 400x the amount of spam I usually get. Thing is ... I run my own email server, so I leverage catchall addresses to segment vendors.


As a throwaway example: 24 Hour Fitness knows me as 24hourfitness@myprivateemaildomain.tld. (Not a real domain, obviously...)

It looks like someone I'd registered with at one point - 'ampest' - was included in the verifications.io breach. Downside is ... I can't remember what 'ampest' was and my Google Fu is weak ...

I would not be surprised, though, if someone had just fat-fingered my domain when offering their own email, though. It's happened ... far more frequently that I'd like to remember.

I'm also getting junk subscriptions to 'est' at the same domain ... so I suspect someone else was trying to use my email domain and verifications.io slurped it up.

@ericmann "amp" sounds like someone got their URL encoding wrong. Often used to happen when using "+" in email addresses, for example.

@galaxis That's what I was thinking, too. I'd set up this particular email domain to skip the + in an address trick, as people have started stripping those out.

Sign in to participate in the conversation

Invite-only community of developers, builders, makers, and tektons.