Long-time readers of my blog may remember my multiple postings about Honda Village in Newton, Massachusetts. You can read the whole series of Honda Village postings here.
Archive for the ‘Spam’ Category
Honda Village fires us as a customer
Wednesday, January 18th, 2012![[Digg]](http://blog.kamens.us/wp-content/plugins/bookmarkify/digg.png)
![[Facebook]](http://blog.kamens.us/wp-content/plugins/bookmarkify/facebook.png)
![[Email]](http://blog.kamens.us/wp-content/plugins/bookmarkify/email.png)
IMPORTANT UPDATE on Brave New Foundation and Nation of Change
Friday, August 12th, 2011I wrote several days ago about spam I received from Nation of Change at an email address which had previously only been shared with Brave New Foundation. Earlier today, I wrote about Nation of Change apparently attempting to cover their tracks after their unauthorized use of email addresses was discovered and reported by me.
I have been in conversation about this with a high-level employee at Brave New Foundation, and I am now able to report the following important information:
- Brave New Foundation does not sell, share or rent their email lists.
- There is a Brave New Foundation employee with access to their lists who has a relative who works for Nation of Change.
- Brave New Foundation believes that this Nation of Change employee made unauthorized use of his/her relative’s access to copy an as yet undetermined subset of Brave New Foundation’s email lists for Nation of Change’s use.
- Brave New Foundation does not believe its employee was complicit in this unauthorized access. In fact, s/he was unaware that it had occurred until I brought it to Brave New Foundation’s attention.
- Brave New Foundation considers this breach of their data to be extremely serious, and they are actively investigating it.
- Brave New Foundation is considering legal action against Nation of Change both to prevent any further use of the copied email addresses and to obtain financial compensation for the damage to Brave New Foundation’s reputation and the time and resources spend investigating this incident.
All of this information, as well as some additional off-the-record supporting information that I cannot report here, was provided to me directly by an employee of Brave New Foundation. I have no reason to believe that employee is lying, and what s/he told me is consistent with my suspicions and impressions about Nation of Change. However, in the spirit of full disclosure, I want to be clear that I have not seen any hard evidence supporting any of Brave New Foundation’s allegations against Nation of Change.
When you combine these new allegations against Nation of Change with all the other issues I raised in my first posting about them, it seems doubtful that this is an organization which deserves anyone’s support.
Nation of Change trying to cover their tracks?
Friday, August 12th, 2011I wrote recently about spam I received from a new, shady-seeming progressive organization called Nation of Change, sent to an email address that I had only ever used to subscribe to another organization’s mailing list.
I asked a lot of questions about Nation of Change, and thus far they’ve failed to respond to any of them. Here’s what has happened instead.
Oracle (née Sun) joins the club of companies who can’t keep their mailing lists secure
Thursday, August 11th, 2011In September 2009, I registered as a developer at sun.com. When doing so, I used a tagged email address, i.e., an email address part of which was unique to my registration at that site. I’ve never used that particular email address anywhere else or published it anywhere.
In January 2010, Oracle completed its acquisition of Sun. The Sun developer web sites were eventually decommissioned and are not active today. Since the completion of the acquisition, I’ve received no email at the tagged email address I gave to Sun. Until today, that is.
Today, I received this spam sent to that tagged email address:
Received: from mail.recruitingbee-agent8.com (mail.recruitingbee-agent8.com [184.172.232.199]) by jik3.kamens.brookline.ma.us (8.13.8/8.13.8) with ESMTP id p7BNER5P022529 for <[elided]>; Thu, 11 Aug 2011 19:14:27 -0400 Received: from find ([127.0.0.1]) by recruitingbee-agent8.com with MailEnable ESMTP; Thu, 11 Aug 2011 18:14:39 -0500 MIME-Version: 1.0 From: "Tech-centric Jobs" <noreply@recruitingbee-agent8.com> To: [elided] Date: 11 Aug 2011 18:14:39 -0500 Subject: Technology job openings Content-Type: text/plain; charset=us-ascii Message-ID: <EF440C500DF841B3AE10C51197A0EA91.MAI@recruitingbee-agent8.com> Content-Transfer-Encoding: 8bit **********************************************************************
Find the latest software & programming jobs http://www.tech-centric.net/
**********************************************************************
A good programmer is someone who always looks both ways before crossing a one-way street. ~Doug Linder
The latest programming jobs are available: http://www.tech-centric.net/
If however you are not interested in exploring programming jobs at this time please optout:
http://www.recruitingbee.com/unsubscribe.aspx?email=[elided]&token=[elided]
All the best, The Health Medical Job Site 1350 E Flamingo Rd Las Vegas NV, 89119
It looks like either Oracle sold the email addresses of sun.com web site users to a third party, or somebody stole them. Neither of these casts Oracle in a particularly good light.
I am, of course, going to do my best to contact someone in Oracle who might be willing and able to look into this, but I am rather skeptical that I will have any success.
“Nation of Change”, who are you and why are you spamming me?
Thursday, July 28th, 2011IMPORTANT UPDATE: As of August 12, 2011, it appears that Brave New Foundation had nothing to do with the spam reported below and in fact they are as much a victim as I am. Please see this posting for details.
Dear Nation of Change (along with Brave New Foundation),
Let me tell you about a little strategy I use to find out who’s buying and selling my email address… When I give my email address to an organization or Web site, I “tag” it to make it unique to that site while still ending up in my inbox. So when that site decides to sell or share my address, I know who did it.
When I put my address on a petition created by Brave New Films (now the Brave New Foundation) during the 2008 presidential campaign, I did not give Brave New Films permission to give it out to others. Guess what, folks, that’s spamming, and it’s evil, and I don’t support organizations that spam or help others spam. By giving out my address and others without permission, Brave New Foundation has permanently lost my support, and by using my and others’ illicitly obtained addresses, so have you.
But that’s not the end of it. (more…)
Who’s using my email address, and why?
Thursday, June 23rd, 2011
Somebody seems to be using my email address in a weird, ongoing way that doesn’t seem to be benefiting them in any way. The fact that I can’t figure out why they’re doing it concerns me, because I have to suspect that there is some benefit to them, which I just haven’t been able to figure out. I’m worried that if it’s helping them, it’s probably hurting me, even if I don’t know it.
Therefore, I’m blogging what I know, in the hope that perhaps someone else will be able to look at the facts and point out something I missed about why this is going on.
A study in contrasts: handling stolen email lists
Monday, April 4th, 2011I try to make a habit of giving out “tagged” email addresses to web sites when I sign up for accounts / mailing lists / whatever. For example, when creating an account at widgets.com, instead of just signing up as “jik@kamens.us”, I might sign up as “jik+widgets@kamens.us”. It ends up in the same mailbox regardless, and it gives me some visibility into who is sharing or selling or allowing my email address to be stolen.
About six months ago, I started getting spam from an email address that I had only used in one place: signing up one of my kids for a Scholastic, Inc. book club through their web site back in 2007.
I contacted Scholastic and told them that either they were selling my email address and it needed to stop, or they had suffered a data breach of at least customer email addresses, if not more.
In response, Scholastic’s CISO informed me that Scholastic doesn’t sell email addresses to third parties; their children’s book club business was sold to Sandvik Publishing in 2008; the email address in question was no longer in Scholastic’s database; and I should contact Sandvik if I wished to pursue the matter further.
I sent a reply to the CISO which read as follows:
I don’t recall ever being asked whether I considered it OK for Scholastic to sell my PII to another company. This is especially disturbing since at that point I was no longer a customer of Scholastic’s for the business that was sold.
Granted, your privacy policy gives you the legal right to sell any information you collect to anyone you want. The fact that you are legally permitted to do that doesn’t make it right.
Your privacy policy also says, “Scholastic ensures that all personally and non-personally identifiable information that it receives via the Internet is secure against unauthorized access.” Alas, you apparently do not consider it your responsibility to ensure that the third parties to whom you sell PII keep it as secure as you claim to do yourselves. That is rather disappointing.
I will contact [Sandvik] as you have suggested. However, if I were in your shoes, I would be extremely concerned that a third party to whom Scholastic had sold PII allowed it to be compromised, and I would consider it my responsibility to investigate the issue myself, rather than leaving the wronged (former) Scholastic customer entirely on his own.
I received no further response from Scholastic.
Something is going right in the fight against spam
Saturday, October 2nd, 2010Zombie botnet connection attempts to my mail server have gone down by 51% in the past four and a half months. I’ve posted more about this on my spam page, but a picture is worth a thousand words:
It looks like the good guys are successfully shutting down some big botnets!
Yad Sarah: Good work, bad fundraising
Monday, July 12th, 2010I periodically post about organizations which can’t handle one of these two simple requests: (1) don’t spam me; (2) don’t send me junk mail. If an organization is incapable of implementing effective policies and procedures to accommodate these two straightforward requests from donors, they are probably also incapable of implementing effective, efficient policies and procedures for doing the work for which donors are sending them money.
I’ve had run-ins of varying magnitude about this with numerous organizations over the years. The ones that I post about here are the worst of the worst. They have either overtly refused to accommodate my requests, or claimed repeatedly, but falsely, that they had done so.
Today, I am forced to add Yad Sarah to this disreputable bunch. I am sorry to do this, because the work Yad Sarah claims to do is important, and because they appear to be respected by other organizations which I respect and tend to trust. However, after my experience with them, I must wonder how efficiently and effectively they use the money entrusted to them by donors to perform their mission.
Spam-Rape from Robert Wexler continues, this time via Scott Maddox
Tuesday, May 18th, 2010Yet another chapter in the saga of the political spam I can’t seem to put a stop to, courtesy of ex-Congressman Robert Wexler. I’ve just been spammed by Scott Maddox, who is running for Florida Commissioner of Agriculture & Consumer Services. Like I care!
