For over twenty years, we’ve delivered email for our clients and for our own projects (like The Home Lottery News, for example). We’ve made lots of mistakes along the way, of course, and we’ve worked diligently to correct those mistakes, put procedures in place, and learned a great deal from them.
Once of the things we’ve learned, by really digging into our data, is that the oft-repeated mantra that spam traps do not open or click on emails they receive is false. We found bad addresses in our lists over the years, and we saw that for some of them, they were not only opened, but virtually every link was clicked on, this raised my suspicions. “WTF?” was more like it. And this got me thinking that I’d like to know just what in the hell these anonymous actors are doing out there on the internet.
This page will describe, as much as possible, the really eye-opening things we’ve seen.
Why are Domain Typos so important?
This is a hot button for email security types. Some use them as sensors – inspecting the emails to determine information about spam senders or mailing lists with poor management. Some feel this is an invasion of privacy for those people who innocently make a spelling mistake. I now believe it’s both. I will admit I didn’t think typos were a big problem until this week (March 7/8, 2020). I found a few relatively poor spelling errors for some Canadian domain names and registered them. I had the emails dumped into a folder, thinking to myself, “I’ll check see what kind of junk goes there in a couple of days.”
Well it’s a lot. More than 40,000 messages in about 5 days.
This caught me off-guard. Those messages are now regularly moved to a secured folder; the message bodies stripped off to ensure privacy of the contents. And now I’m caught in a quandry: Do we simply bounce the messages? Yes we probably should, but time and resources are limited at the moment to that. Do we try to automatically correct the spelling and alert the sender? Can that be part of the bounce? These are questions that need some serious thought before implementing. In the meantime, know that we’re doing our best to delete any personal information sent our way, and protect whatever remains in the message headers.
I’d like to point out that the typos we registered domains for aren’t even common typos, to the best of my knowledge. Imagine the millions upon millions of email that show up for people misspelling gmail or hotmail email addresses.
These are the domain names we own as part of this security project:
We’ll continue updating this page as time permits.