Mike Schroll

Insights from Security Expert turned Web Entrepreneur

Typo Email Are Belong to Me

I recently subscribed to Mailchimp’s Wavelength venture, and saw in their confirmation email a link to their blog post Comacast and Gmai: all your typo email are belong to us.

Now, certainly there are those who go out of their way to grab typo domains for popular consumer email providers. They mention examples of comcast along with gmail, and its easy to imagine plenty of other well known providers.

The point they didn’t bring up however is that of corporate email domains. I use Catch-alls on all my email domains, so I can do fun things like servicename [at] lx.tc - and then watch as they spam me.

I happen to own spent.us (don’t ask), which is very similar to
spnet.us - the email domain for Successful Practices Network

Who happen to send me email… all. the. time.

A quick search of my email box shows over the last 3 years I’ve received no less than 18 email threads of email from them. I’ve received emails about HR issues, attachments to clients, and countless personal communiques. Each and every time I diligently forward the email to the correct party, CC everyone on the email thread, and beg them to please not make the same mistake again. One user even had a colleague’s email entered as spent.us in his address book, leading to a long discussion about the merits of contacting their IT group and asking them to resolve it if he doesn’t understand how to edit his address book.

Its left me with more questions than answers:

  • Who else experiences these issues?
  • What domains have you received others email at?
  • What can we do to solve this problem?

If the email admins at spnet.us chose to, they could forcefully reject sending mail to spent.us via a number of means (DNS, configure spent.us as a local email domain mirroring spnet.us). (To that end, having just thought of this solution - I’m reaching out to their contact on the domain whois)

What of the future? As people such as myself point this out - Will someone devise a methodology for identifying more commonly mis-typed or misspelled corporate email domains, and purposefully try to capture rogue emails? To what benefit?

Comments