Oracle (née Sun) joins the club of companies who can’t keep their mailing lists secure

By | August 11, 2011

In September 2009, I registered as a developer at When doing so, I used a tagged email address, i.e., an email address part of which was unique to my registration at that site. I’ve never used that particular email address anywhere else or published it anywhere.

In January 2010, Oracle completed its acquisition of Sun. The Sun developer web sites were eventually decommissioned and are not active today. Since the completion of the acquisition, I’ve received no email at the tagged email address I gave to Sun. Until today, that is.

Today, I received this spam sent to that tagged email address:

Received: from ( [])
	by (8.13.8/8.13.8) with ESMTP id p7BNER5P022529
	for <[elided]>; Thu, 11 Aug 2011 19:14:27 -0400
Received: from find ([]) by with MailEnable ESMTP; Thu, 11 Aug 2011 18:14:39 -0500
MIME-Version: 1.0
From: "Tech-centric Jobs" <>
To: [elided]
Date: 11 Aug 2011 18:14:39 -0500
Subject: Technology job openings
Content-Type: text/plain; charset=us-ascii
Message-ID: <>
Content-Transfer-Encoding: 8bit


Find the latest software & programming jobs


A good programmer is someone who always looks both ways before crossing a one-way street. ~Doug Linder

The latest programming jobs are available:

If however you are not interested in exploring programming jobs at this time please optout:[elided]&token=[elided]

All the best,
The Health Medical Job Site
1350 E Flamingo Rd
Las Vegas NV, 89119

It looks like either Oracle sold the email addresses of web site users to a third party, or somebody stole them. Neither of these casts Oracle in a particularly good light.

I am, of course, going to do my best to contact someone in Oracle who might be willing and able to look into this, but I am rather skeptical that I will have any success.

Print Friendly, PDF & Email

2 thoughts on “Oracle (née Sun) joins the club of companies who can’t keep their mailing lists secure

  1. Laziest DBA

    In my opinion this leak exists much longer. In 2004 I moved to a new Company and registered there. After a few day I got masses of SPAM and a few weeks later all members of the whole mailing list got SPAM. I never user mail addresses of Companies I work for to register at a web side except “metalink”.

    In my opinion regular metalink users are (or where) able to get mailadresses of others. For example if you write something in a forum.


Leave a Reply

Your email address will not be published. Required fields are marked *