Did Google sell me out?

I use Gmail and don’t get a lot of spam. In fact, I have the spam filter turned off - everything goes to my inbox. In the last few years spam would come intermittently, but even at its worst, never more than a few a week. At its best, it could be several weeks without spam.

That’s all changed… here is what happened:

  • June 2 I sent some emails to my accountant re taxes.
  • June 4 I started getting spam. Several per day, all about loans, credit scores, avoid taxes - be your own boss, etc
  • A week later, and right up to now, I get general spam: viagra, cheap rolexes, etc

So of course I’m very suspicious. I know that Google will target you with ads in the app based upon email conversations, but did they sell my id to the spammers? Or was there a leak somewhere else (e.g. my accountants ISP).

What do you think?

Is your email address guessable? Or is it random like your username here?

Also, do you use your gmail address anywhere as a login? Like a message board.

I doubt a major email provider would do that, it makes their own service less attractive.

I think your email address got on a spam list that was sold to a lot of people. I think Google had nothing to do with it.

When I give out my Gmail address now, I customise it: Username+sitename@gmail.com
Gmail ignores the + symbol and everything after it.
Not only can I tell who has sold my address, but I can set up a filter to trash any mail that comes to that address.
Won’t fix your current problem, but may help in future.

This also seems to work for my AT&T mail, serviced by Yahoo.
I hadn’t realized that. Thanks.

Thanks everyone for the replies

This is seven shades of brilliant. Thanks for that !

Here are the spam counts I get from my e-mail providers:
G-mail.com – 4 per day
Yahoo.com – 90 per day
Hotmail.com – 3 per day
mail.ru – zero in a year
yahoo.no – zero in >10 years

What do you mean by “sitename”? You mean the name of the site you are sending it to?

Say I give my email address to the straight dope, I give them myusername+straightdope@gmail.com, or something like that.
I try to stick to the exact characters in their URL because I often need to use my email address to log back in to sites. It’s no good trying to log back in as username+sdmb@gmail.com if that’s not what I used when I signed up.

I’m fascinated by this, and I want to learn more about it.

What happens when SDMB sends you something? It sounds like it goes to myusername@gmail.com. How does it appear in your inbox, in other words, what do you see that shows you who has sold your address, or to set up filters?

Gmail delivers the mail to the username portion before the +, but it still has the full To address in the headers. To filter, you just set up a filter for the To address username+sdmb@gmail.com. You could use the same trick to filter all mail from a company that uses different From addresses because they’d all be using the same unique To address - ie, if mail coming from the Straight Dope sometimes came from admin@straightdope.com, sometimes from editor@chicagoreader.com, sometimes from Cecil@perfectmaster.com, sometimes jackbootmod69@hotmail.com you could still filter them all automatically into a Straight Dope label by using the unique To address as the filter criteria.

I don’t understand how it’s effective. Can’t spammers just remove the ‘+’ and everything following?

Sure they can. It’s not foolproof. But if they don’t, you can trace where your address was compromised, and you can filter all further messages to that address. It’s not the solution to all the ills of the world, but it is a small, simple step to take.

I don’t habitually give my address to sites I don’t trust. That’s the main way I protect my address.

My main email is a Juno account. Doesn’t work. Oh well.

I don’t get too much spam anyway, because I don’t give out my email randomly. But it would have been nice to see the origin of the spam that I do get.

perhaps your accountant’s contact list has been hijacked or your accountant is selling your personal info (which is extremely unlikely).

don’t know the specifics on how it’s done, but i believe that viruses/malware are capable of skimming the info from contact lists.

Guess: Your accountant got hacked, and the email addy’s of everyone he corresponds with are now out there.

Your accountant sold you out. Is what I’d guess.

Most spam is automatic. So it would take someone noticing people doing this, figuring out what sites it worked on, and programming the spambot to drop what came after the plus sign. There probably aren’t enough people doing this to make it worthwhile. Especially since you’re weeding out the people who apparently really dislike spam .

But, really, I’m not sure there’s much interest in the spammer hiding where they got your email. Sure, you can filter it out, but you’re that knowledgeable, you’re already having your spam filtered anyways. The people who have an interest in removing it are whoever shares it, and they have to share a lot of them to make any money off it. And since they don’t generally specialize in this sort of thing, they are even less likely to set up these filters.