Dropbox rant

[WoodDragon]

@Pale Rider
...

my email address and those of other people are being targeted by spammers.

Seems the case to me, as a very safe bet, rather than a certainty.

Also I feel Pale Rider seems to provide a strong, unreasonable view and could perhaps learn from this thread. I like the fair point he made that some spam emails received are randomly generated, but in this case a simple search (as I have just done) shows that there are cases of dropbox mails having been leaked. I registered with Dropbox in early 2012. I started receiving spam on my unique dropbox mail on 20th August this year. They are uniquely numbered. After 3 genuine emails, 4, 6, 7, 9, 10, 12 were spam and arrived in my Inbox, 5, 8, 11 are missing so must have been trapped by a spam filter on my mail host.

 

[Spoked Wheels]

Now Wiggle has leaked my email or being victim of a data theft. I just noticed an email "Giver her continues joy" that was sent to my unique email address wiggle.something@something.com

End of rant

 

[CopperBrompton]

Like the OP, I use unique, identifiable email addresses when registering for sites and services. My dropbox email has never been spammed. I do, however, receive email (mostly spam-trapped) to such gibberish addresses as ghyfkyfwe@. As has been said several times, spammers use a combination of dictionary and random characters to generate email addresses. It costs them nothing to try. This explanation is way, way more likely than Dropbox being hacked and nobody knowing about it.

 

[Pale Rider]

Now Wiggle has leaked my email or being victim of a data theft. I just noticed an email "Giver her continues joy" that was sent to my unique email address wiggle.something@something.com

End of rant

We have a different view on this, so without wanting to start an argument, is that the first 'breach' since the dropbox one six months ago?

If so, is it worth worrying about?

We agree - I think - that random generation is one source of spam.

I have only one personal email address, so there is only one combination of letters and numbers which will reach me.

If a person has many email addresses, then there are many combinations of letters and numbers which will reach them.

Thus the multiple email address person is more likely to receive spam than the person with one address.

And by the looks of it, the multiple address person is more likely to worry about it.

I occasionally look in the junk folder of my hotmail account, but there's never anything of interest or concern in there.

 

[ASC1951]

...I occasionally look in the junk folder of my hotmail account, but there's never anything of interest or concern in there.

Same here. PlusNet must have very efficient (free) filtering, because I get about one spam email a month, if that.

 

[CopperBrompton]

It's also partly down to how long you've owned an email address or domain: the longer it exists, the more spam it will get. I've had my main personal email address since 1998 and it gets a tonne of spam; an email address I've had for less than a year gets very little.

 

[Spoked Wheels]

Like the OP, I use unique, identifiable email addresses when registering for sites and services. My dropbox email has never been spammed. I do, however, receive email (mostly spam-trapped) to such gibberish addresses as ghyfkyfwe@. As has been said several times, spammers use a combination of dictionary and random characters to generate email addresses. It costs them nothing to try. This explanation is way, way more likely than Dropbox being hacked and nobody knowing about it.

I don't think you have read the thread. Dropbox admitted to me they had a problem. They thought they had taken steps to protect email addresses but it seems the new steps don't go far enough. On one of my posts there is a link to a thread that highlights the email leak issue.

I still get spam from Dropbox but that is meaningless now, the email address is already leaked and I'm not interested in creating a new one to test their security.

I get very little spam emails so when I get one like dropbox or now wiggle, it sets alarm bells right away.

 

[CopperBrompton]

So you think a spammer got your email address in the summer of 2012 and waited until now to use it? Ok ...

 

[Spoked Wheels]

So you think a spammer got your email address in the summer of 2012 and waited until now to use it? Ok ...

 

[Spoked Wheels]

It's also partly down to how long you've owned an email address or domain: the longer it exists, the more spam it will get. I've had my main personal email address since 1998 and it gets a tonne of spam; an email address I've had for less than a year gets very little.

I think I have my Hotmail account from 96 I think and my gmail from the very beginning, by invitation if I remember correctly. I get very little spam on both accounts and that is partly because I use my real email accounts with family and friends only but disposable addresses. Once a disposable address is not longer required I put it to sleep. The last time I checked the numbers of emails that were sent to disposables addresses, after I put them to sleep, were close to 1/4 of a million emails. Obviously not all are spams but an important % I think they are.

I use dedicated email addresses with my domains, I don't use text to provide email information on the website and I use email verification steps to make things difficult for robots.

 

[ASC1951]

I think I have my Hotmail account from 96 I think and my gmail from the very beginning, by invitation if I remember correctly. ....I use dedicated email addresses with my domains, I don't use text to provide email information on the website and I use email verification steps to make things difficult for robots.

You do seem to have to go to an awful lot of trouble, my lad. I use the same couple of email addresses that I have had for 20 years and have half a dozen domains and get virtually no spam - and I have used Dropbox for years. My ISP filters out all but one or two dubious emails a month, so what on earth are you doing wrong?

 

[Markymark]

Spammers just find domains then email to info@ support@ it@ mary@ dropbox@ (and another million combinations). I disable the catch-all for my domains now as I got so much span. So, it's possible it was not deliberate.

 

[Spoked Wheels]

You do seem to have to go to an awful lot of trouble, my lad. I use the same couple of email addresses that I have had for 20 years and have half a dozen domains and get virtually no spam - and I have used Dropbox for years. My ISP filters out all but one or two dubious emails a month, so what on earth are you doing wrong?

What am I doing wrong? I don't think I'm doing much wrong. I get very few spams but if I didn't use disposable email addresses then I would get plenty.
You might have used Dropbox for years but if they leaked your email address then you have no way of knowing that.
Unlike somebody that doesn't use disposable email I can differentiate what disposable address is being targeted. It can be very handy.... for instance, say you register with a site to download some software and you suspect they will sell your address, you then register dodgysite.something@something.com so next time you see an email from Natwest to dodgysite.something@something.com you don't need to open the email to start laughing. On the other hand, when you register with an organisation that you think will protect your data and after a while you start receiving spam to the disposable address then you know who to ask questions. That is how Dropbox admitted to me that their security had been bridged but they felt there were no more problems. My guess is they still had a problem.

As for emails from domains, you can easily send everything to spam but to try to filter out only unsolicited mail takes a bit more work.... fortunately I can write the code to take a few more steps to try to keep the spammers away.

It's obvious that I'm not the only person that suspect Dropbox has a problem (see their forum). Dropbox is never going to volunteer information about security issues unless they have been caught, also, people using one address for everything would never have a reason to suspect them.

Finally, I'm not saying your files in dropbox are at risk, I don't know that, however, I think email addresses were accessible up to last year or maybe they still are.

Wasn't in the news last week that 85% of companies / organisations were the subject of malicious attack in 2013? We have to wake up to the threat cause it's real.
So my lad, my isp also does a good job in filtering spam. The spam box gets maybe under 10 emails a month and sometimes I find genuine emails there too.

There's nothing else I'd like to add and if a mod can close the thread then that would be great.

 

[Pale Rider]

after I put them to sleep, were close to 1/4 of a million emails.

A quarter of a million?

I use one hotmail address for everything.

The junk folder currently has 32 messages in it, dating back to March 8, so I'm getting three spam messages a day.

Oh, and a few of the 32 are 'facebook notifications' which I seem unable to stop them sending despite having not used the account for several years.