Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed

Home :: Email

09 Nov 2010

My, that's secure Email

Back on October 21 I found some bogus charges on my credit card bill. So I called up the bank, had them taken off, and the bank changed my card number. They suggested I look at my credit report and put a fraud alert on it. I went to annualcreditreport (the only one of many similarly named sites that is legitimate), and got my Equifax credit report.

There wasn't anything that looked fraudulent, but it did say that I lived in a house that belongs to a relative in which I have never lived. So I set up an Equifax web account so I could tell them to fix that mistake, which involved providing an e-mail address so they could tell me when it was done. After a day or two they wrote and said they'd removed the wrong address. Fine, all done.

Not quite. Yesterday, I got this money mule recruitment spam sent to the address I gave Equifax. It was sent from, a poorly run French ISP. The address they spammed was long and non-obvious, not anything that might have been guessed or invented. (It included the name equifax, but it wasn't equifax@somedomain.)

So it took less than three weeks for Equifax, which has highly personal credit information about nearly every adult in the country, to leak my address to sleazy spammers. What else are they leaking? And do whom do I complain?

posted at: 22:52 :: permanent link to this entry :: 5 comments
posted at: 22:52 :: permanent link to this entry :: 5 comments

comments...        (Jump to the end to add your own comment)


OVH is not a "poorly run French ISP", it's the top 1 or 2 european provider for dedicated servers and web hosting. And just like with every very big hosting company, there's abuse. You can forward to, they don't answer but they do take action.

My 2 cts, from France Julien

(by Julien 10 Nov 2010 02:28)

Executive Director, CAUCE
John, I just ran across this very helpful page by our friends at the CDT, they have automated complaints to the FTC - I suggest you file.

France Julien - having reported hundreds of phish to OVH over the years, I agree with John, who probably has more experience, via than anyone in filing complaints. They are poorly run.

(by Neil Schwartzman 10 Nov 2010 05:33)

To me, the bigger problem is Equifax. They are either selling e-mail address lists, an employee is doing it from the inside or they have been compromised. Any of which make me quite uneasy.

(by Jason Gardiner 10 Nov 2010 07:26)

I agree, I am much more worried about Equifax' failed security than about one more spam from ovh.

(by John L 10 Nov 2010 09:40)

And do whom do I complain?

First stop: Equifax Second stop when they do nothing: The ICO.

(by Martin Bonner 10 Nov 2010 11:50)

Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

Email: you@wherever (required, for confirmation)
Title: (optional)
Show my Email address
Save my Name and Email for next time


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

Remembering JD Falk - 10 years later
223 days ago

A keen grasp of the obvious
New Hope for the Dead
465 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.