I set up a new web site today….
Have you ever been forced to fill out an email address in a web-form, even when you never, ever, wanted to hear form the site again?
If so, you probably lied, and made up an email address on the spot that you were sure didn’t exist.
The word “niet” is a Dutch word generally meaning “not”.
A lot of dutch internet users, when confronted with a form where they are forced to enter an email address, use an address endig in “niet.com”.
For example: “liever@niet.com” translates as “rather@not.com”. In a way, they’re telling the site the’d rather not receive anything by email.
Of course, there are more rude variants. This website lists all email received in the last month or so, destined for the niet.com domain.
THERE ARE NO VALID NIET.COM ADDRESSES.
In other words, EVERY single mail you see is a spam message from a company that forces you to enter an email address in their web forms, either directly from that company, or sold to spammers.
The mail server refuses connections from ip addresses known to be spamming, and known to be in a dial-up range, so all the mail you see is really from asshole marketeers who think they can collect your address on a web form and then harrass you.
July 3rd, 2008 at 20:33
Taking a quick look through, I was struck by a few things:
- not a lot of legitimate follow-up mail for whatever purpose people were registering for
- a lot of emails to john.doe@niet.com, all english names, unlikely to have been people who used niet.com to create a fake address.
- on the other hand, not a lot of evidence of simple user name dictionary attacks
Sometimes addresses fall into the wrong hands because a business or site goes belly-up and the inventory gets sold off. Privacy laws should prevents this, but there are cases where the original personwho asked for your address is not really at fault.
Given that a lot of spam has a forged From address, aren’t you exposing people’s legitimate email addresses to further harvesting here?
July 3rd, 2008 at 20:48
- not a lot of legitimate follow-up mail for whatever purpose people were registering for
Most honest marketeers have found out that confirmed opt-in is the only way to stay off blacklists, so that’s not a surprise (and actually a good thing)
- a lot of emails to john.doe@niet.com, all english names, unlikely to have been people who used niet.com to create a fake address.
Those are from backscatter from a few years ago when niet.com was used with random english names @niet.com as a “From” address by a spammer.
Sometimes addresses fall into the wrong hands because a business or site goes belly-up and the inventory gets sold off
Of course they do - does that make the new “owner” of the list any less of a spammer?
Given that a lot of spam has a forged From address, aren’t you exposing people’s legitimate email addresses to further harvesting here?
If the address shows up on niet.com, the address was already in a spammer database. I’m not making links of the addresses, so any harvester has to wade through plan text to find them. The added “risk” is acceptably small.