# Sell our email or hacked?



## TTMartin (Mar 5, 2016)

I am getting SPAM addressed to the email address I use only for Canon Rumors.

Did Canon Rumors sell our email address or were they hacked?


----------



## rfdesigner (Mar 5, 2016)

no new spam here... thinking about it, I used one email for the lens giveaway sign up ( a decent one ) and a "spam pit" when I originally signed up.. quick check of the spam pit.. hmm no new spam there either, just the same old same old.

so all looks good from here.


----------



## monkey44 (Mar 5, 2016)

None here


----------



## zim (Mar 5, 2016)

no problems either, then again maybe they checked my bank account and realised no point in sending me spam ;D


TTM you may only use that email address for CR but the info is on your machine/ email address books so you may want to look in that direction too. I don't know what email account you used but if it is Hotmail or Yahoo etc. you may as well consider that as public domain!


----------



## slclick (Mar 5, 2016)

Nope, not even retro spam.


----------



## IglooEater (Mar 5, 2016)

Um, some spam is sent by robotic randomizers, so no need for either to occur. (Basically a robot punches in randomness as a destination until something works.) Also, unless your address is a gmail one, it is quite possible someone else owned that address before you, so anything is possible. (Gmail addresses are reserved permanently and never reused after one deletes the account, whereas that is the exception. I have (had) a hotmail address that was filled with spam the second I opened the account. It was a common sequence of words and had apparently been owned before.)


----------



## AlanF (Mar 5, 2016)

zim said:


> no problems either, then again maybe they checked my bank account and realised no point in sending me spam ;D
> 
> 
> TTM you may only use that email address for CR but the info is on your machine/ email address books so you may want to look in that direction too. I don't know what email account you used but if it is Hotmail or Yahoo etc. you may as well consider that as public domain!


What? Not been offered loan?


----------



## Click (Mar 5, 2016)

None here either.


----------



## Mt Spokane Photography (Mar 5, 2016)

I'd say that its more likely that your web account has been hacked. I never receive spam or other email to my CR Mail Account.

Change your e-mail to something random that a robot can't guess.


----------



## zim (Mar 6, 2016)

AlanF said:


> zim said:
> 
> 
> > no problems either, then again maybe they checked my bank account and realised no point in sending me spam ;D
> ...



beyond even that :'( 
still get box offers for discount wine though so all's good with the world  ;D


----------



## intuition (Apr 21, 2016)

I too have had spam sent to me, originating from the canonrumours mailing list. 
I know this with 100% certainty since I used a unique adress to sign up for the list. 

Hugely disappointed of course, but I will drop that mail account in an instant and never again sign up.


----------



## intuition (Apr 21, 2016)

Just like to add that the robot-theory (someone guessing my sign up email) can't be true either, as the spammer faked the sender name to canonrumorsnewsletter gmail.com
So spanner knows what randon adress on my domain was linked to the mailing list, which kind of rules out guessing and also rules out a targeted attack harvesting this data from my computer (as this relation is not stored on any computer)


----------



## Admin US West (Apr 22, 2016)

intuition said:


> I too have had spam sent to me, originating from the canonrumours mailing list.
> I know this with 100% certainty since I used a unique adress to sign up for the list.
> 
> Hugely disappointed of course, but I will drop that mail account in an instant and never again sign up.



Sorry to disappoint you, but CR does not send spam, or even send e-mail, if you signed up for the newsletter, you might get that.

You received a e-mail with a faked from address, so you know for a fact it came from CR? 

And ... other members do not get them?

Its interesting that the OP uses a virtually identical email address to yours, his is extremely easy to guess.

Use something random, or not easy to guess. a email like CR or CanonRumors, for example only requires your domain.

If CR was hacked, we would get a flood of people complaining in minutes, we have many tens of thousands of members. #377624 is the latest, we started with number 1.

If you have a facebook account and follow canon rumors, hacked facebook accounts are as common as dirt. I would recommend that you change all of your passwords, if someone got your CR email, they may have other information or passwords. I cannot see your password, Its pretty securely locked up, but nothing is totally secure.


----------



## Admin US West (Apr 23, 2016)

One other thing to check on. Go to your profile, account settings, and make sure that the allow users to e-mail me is not checked.


----------



## Mt Spokane Photography (Apr 23, 2016)

CR Backup Admin said:


> One other thing to check on. Go to your profile, account settings, and make sure that the allow users to e-mail me is not checked.



That happened to me, I was getting email from CR and had that box check to allow users to send e-mail. I unchecked it just now.


----------



## Rob-downunder (Apr 23, 2016)

I received the following approximately a week ago. It isn't random spam, but advertising that has come via canon rumours.


----------



## d (Apr 23, 2016)

Rob-downunder said:


> I received the following approximately a week ago.



Then you only have three weeks left to take advantage of the savings, Rob!!


----------



## MickDK (Apr 23, 2016)

CR Backup Admin said:


> One other thing to check on. Go to your profile, account settings, and make sure that the allow users to e-mail me is not checked.



I got the same "Datacolor || Canon Rumors" spam as another user in here.

My "Allow users to email me"-option is not checked. 

Spam originated from [email protected] with return path of [email protected] - image linked to http://canonrumorsltd.cmail20.com/t/i-l-hijtck-dhqydlkj-y/

Btw... email clients should not be allowed to show images from unknown senders. Spammers use this to verify that the email address is valid (and so you get more spam).


----------



## privatebydesign (Apr 23, 2016)

Yeh I got that Datacolor 'offer' too. That is the price of 'free' competitions I suppose, somebody has to pay for the giveaways, it is also the reason I use throwaway emails.


----------



## JonAustin (Apr 23, 2016)

I received the same offer a few days ago. My e-mail address for Canon Rumors is the same one I use for my consulting business (which includes a little photography).

First time it's ever happened, to my recollection, so I just deleted it. If it happens again, I'll just add the sender's address to my spam filter. (I've already purged my deleted mail folder, so I can't go back to see if it was sent from a randomized address.)


----------



## TeT (Apr 23, 2016)

You signed up for the free drawing, you signed up for these emails. Use the unsubscribe button on the bottom of email...


----------



## Orangutan (Apr 23, 2016)

TeT said:


> You signed up for the free drawing, you signed up for these emails. Use the unsubscribe button on the bottom of email...



+1


----------



## Mt Spokane Photography (Apr 23, 2016)

TeT said:


> You signed up for the free drawing, you signed up for these emails. Use the unsubscribe button on the bottom of email...



Yes, the free drawing signup included a e-mail news letter. I understood that.

I email I received was a private e-mail from another member which did not use the standard CR interface for a reply but came straight to me rather than my having to reply online. Turns out I had checked that allow e-mail box which had nothing to do with the drawing.


----------



## slclick (Apr 23, 2016)

Someone told me there's a girl out there with love in her eyes and flowers in her hair


----------



## Old Sarge (Apr 23, 2016)

My feelings are hurt. I never get email from Canon Rumors. I feel unloved. :'(


----------



## pierlux (Apr 24, 2016)

Datacolor concerned about my health in spring time here, too. Btw, interesting offer though US only, I couldn't benefit of the discount even if I wanted to.

No problem for me, a little bit of advertising doesn't hurt as long as it's photography-related, and if it is of any help to my favorite website I can even say it's welcome.


----------



## intuition (Apr 25, 2016)

CR Backup Admin said:


> You received a e-mail with a faked from address, so you know for a fact it came from CR?


I didn't say the mail came from CR. I'm saying the email-address used as recipient in the spam came from Canon Rumors in one way or another. I stand by that claim. 
My perception is that the sender was faked in order to circumvent spam filters. However, I just deleted it and did not investigate any further. 



CR Backup Admin said:


> Sorry to disappoint you, but CR does not send spam, or even send e-mail, if you signed up for the newsletter, you might get that.



Am I to understand that the Datacolor mail in fact was sent from the Canon Rumors mail list? Are the spams a part of the mail list we signed up for?




CR Backup Admin said:


> Its interesting that the OP uses a virtually identical email address to yours, his is extremely easy to guess.
> 
> Use something random, or not easy to guess. a email like CR or CanonRumors, for example only requires your domain.



About easy to guess email, they only need to know your domain - while that may be true in my case, the spam sent was targeted towards me as an canon rumors follower. To use a targeted spam sucessfully with the guessing addresses technique, the spammer would have to know that someone at my domain was a member of canon rumors and sigend up for your mail list. I'd say that seems very unlikely. 
The spamming technique using a known sender is a targeted technique designed so that the recipients spam filters allows the mail to go through and so the recipient actually looks at it, since the recipient thinks it is a valid mail. It would be extremely elaborate to target all mail domains in the world and guess email recipients, on the whim that some tiny fraction of the domains has canon rumors users who will fall for the trick.




CR Backup Admin said:


> ...
> And ... other members do not get them?
> ...



Not true. In this thread a few others are saying they are getting the same datacolor ad. 
I have a friend who signed up for the list and got the same spam the same day. So certainly more than me is getting it. For all we know, thousands of people could be getting these mails but they just didn't go online here to tell you about it. 



CR Backup Admin said:


> ...If you have a facebook account and follow canon rumors, hacked facebook accounts are as common as dirt. I would recommend that you change all of your passwords, if someone got your CR email, they may have other information or passwords. I cannot see your password, Its pretty securely locked up, but nothing is totally secure.



Again, I use a separate specific mail address on canon rumors and I use it nowhere else. The email associated with this account has nothing to do with any other account I hold. There is no way a hacked facebook account could be used to learn about my activities on canon rumors. 


As for sending spam through the "Allow members to mail" it is not a valid angle on neither me nor my friend. I have this feature un-checked and my friend has no account on Canon rumors. We got the same spam the same day. The only thing that links these two e-mail-addresses with canon rumors is the mail list sign up.



CR Backup Admin said:


> If CR was hacked, we would get a flood of people complaining in minutes, we have many tens of thousands of members. #377624 is the latest, we started with number 1.



I am not saying the site was hacked. But either the mail list was compromised or these ads are a part of the mail list. 
Maybe the case is the latter and that would be the end of this discussion. I thought I signed upp for a canon rumors mail list (If I recall it correctly it was described as the sites whishes to interact a little bit tighter with its community). If I misunderstood, then no big deal. I can remove myself. But clearly I wasn't the only one thinking it was spam.


----------



## intuition (Apr 25, 2016)

TeT said:


> You signed up for the free drawing, you signed up for these emails. Use the unsubscribe button on the bottom of email...


The difficulty with that approach is that each ad has their own "unsubscribe". So I can now tell Datacolor I'd like to unsubscribe from their ads. That doesn't mean that I will stop getting ads, since they can give my email address to any number of ad-partners. Once your address is in the wild, there is no unsubscribe.


Also, it is a common spamming technique to harvest activities through "unsubscribes". When you click that link the spammer not only learns that you are reading his spams, he also learns your IP, your browser fingerprint, your third party cookies and so on. The "unsubscribe" page may very well serve you malware hidden in a banner ad and harvest other things from your computer.


----------



## intuition (Apr 25, 2016)

By the way, these were the premises I signed up for:


> We’d like some more direct interaction with our readership, we hope to do that with our newsletter. Some people are not into social media or discussion forums but would still like to be part of the discussion and to be included in giveaways and additional content. In 2016 we’re going to have exclusive monthly giveaways only available to people that receive our newsletter. We PROMISE our newsletter is not going to “spam”, we just want to add some value for our loyal readers. We also promise that if you unsubscribe, you’ll actually be unsubscribed, we won’t just email you more often.


http://www.canonrumors.com/canon-rumors-lens-giveaway-to-celebrate-2016/

There was a PROMISE of no spam. 

There was nothing indicating there would be ads, so the comments that "we signed up for it, live with it" is uncalled for.


----------



## old-pr-pix (Apr 25, 2016)

Decided I better go check my garbage email account... sure enough I got the same spam on April 21. I have no idea how they would have gotten that address other than via Canon Rumors? I have no Facebook account and "allow emails" is not checked in my profile.

BTW: about those monthly giveaways... have I missed something? Or should I consider free spam a "giveaway?" 



intuition said:


> By the way, these were the premises I signed up for:
> 
> 
> > We’d like some more direct interaction with our readership, we hope to do that with our newsletter. Some people are not into social media or discussion forums but would still like to be part of the discussion and to be included in giveaways and additional content. In 2016 we’re going to have exclusive monthly giveaways only available to people that receive our newsletter. We PROMISE our newsletter is not going to “spam”, we just want to add some value for our loyal readers. We also promise that if you unsubscribe, you’ll actually be unsubscribed, we won’t just email you more often.
> ...


----------



## dppaskewitz (Apr 25, 2016)

old-pr-pix said:


> Decided I better go check my garbage email account... sure enough I got the same spam on April 21.



I also received the same one on April 21st, purporting to come from Canonrumorsnewsletter. Although I thought I had signed up for the Canon Rumors Newsletter back when the promotion started, I have not received any newsletters (no wonder I didn't win any of the lenses). I don't know what any of that means, but there it is.


----------



## verysimplejason (Apr 25, 2016)

I thought Canonrumors includes advertising/posting photography equipment/accessories discounts. Why are there complaints? You don't complain when those lens and camera rebates and discounts are posted in the main page. Right?


----------



## intuition (Apr 25, 2016)

verysimplejason said:


> I thought Canonrumors includes advertising/posting photography equipment/accessories discounts. Why are there complaints? You don't complain when those lens and camera rebates and discounts are posted in the main page. Right?


There are complaints because the sign up promised no spam and now we are getting spam.


----------



## romanr74 (Apr 25, 2016)

I also received that e-mail. To me it clearly came from canon rumors...


----------



## neuroanatomist (Apr 25, 2016)

old-pr-pix said:


> BTW: about those monthly giveaways... have I missed something? Or should I consider free spam a "giveaway?"



Exactly - YOU WON!!!


----------



## neuroanatomist (Apr 25, 2016)

intuition said:


> By the way, these were the premises I signed up for:
> 
> 
> > We’d like some more direct interaction with our readership, we hope to do that with our newsletter. Some people are not into social media or discussion forums but would still like to be part of the discussion and to be included in giveaways and additional content. In 2016 we’re going to have exclusive monthly giveaways only available to people that receive our newsletter. We PROMISE our newsletter is not going to “spam”, we just want to add some value for our loyal readers. We also promise that if you unsubscribe, you’ll actually be unsubscribed, we won’t just email you more often.
> ...



You were promised that _the newsletter_ would not be spam. Sorry, but I don't see anything in the text you quoted that promises your email address will not be shared with 3rd parties. Did you such a statement as part of signing up for the CR mailing list?


----------



## Mt Spokane Photography (Apr 25, 2016)

Although I received the news letters, they did not contain any advertising.

I'd suggest writing to the forum owner and telling him about the advertising you received.

Give him a chance to look into it. I'm sure he will want a copy of the e-mail along with the full headers. He can then have the IT guy check the server logs to see if it was sent, or if it is fake.


----------



## GuyF (Apr 25, 2016)

slclick said:


> Someone told me there's a girl out there with love in her eyes and flowers in her hair



Going to California any time soon? 

Do I win a prize?


----------



## Mt Spokane Photography (May 30, 2016)

Well, I am going to have to eat crow.

I opened my spam filter, which is almost 100% efficient, and there was a ton of Spam directed to my Canon Rumors email that is only known to CR and Google. Other Google email address aliases are not receiving the spam, so it is very suspicious. I have changed to a new email (alias) and will see if that generates spam.

I seldom look in my spam folder, and only two days ago did I change Thunderbird to show both sender and recipient. That caused all those spam emails to pop up.

I had previously sent a e-mail to the CR owner, Craig and he replied that he would ask his admin to check it out. I've sent another and will monitor for spam sent to the new address.

If you can, change the email address used for Canon Rumors to a unique one and see if spam starts arriving at the new address.


----------

