Has Shoemoney sold his soul (and our addresses) to spammers? No, I don’t think so. I read that someone asked him about that lately and he seemed sincere. Of course you can lie, but from what I read about him, he’s not the guy that risk his reputation selling addresses to spammer (or being a spammer himself).
But..
But he failed victim of someone who sold his Database.
How do I know? Well, (almost) every time I register to a site, I use a different email address. I don’t use the “+” trick Shoe wrote on a post a while back, I’m using a completely different email address. Using the + thing is the easiest way to check who’s sending spam, but it’s not that difficult for a spammer to filter email with + sign on it..
The best thing is to use several email addresses.
I think I know more or less what happened to him by just checking my inbox. Last year in December Shoe started to try some Email Marketing services different from the one he is using now (and he always used for what I know). Around 11-12 December 2009 he started to mail everyone on his lists about the ShoemoneySystem. He was probably evaluation bronto.com, because he sent out the same email with Aweber and with bronto. I have to admit that I messed up with my various email addresses and I probably registered on his site with 3 different email addresses. One was my original email address (easy to guess since it’s my name), the other were two special addresses created for the situation. I used to work on windows and linux without sharing the data so I probably registered once on windows and once on linux :( My fault. Anyway during the 11-12 december I received this email from Shoe. I am not complaining about this, mind you.. I got this email 3 times 2 on the aforementioned email addresses and one on an address I used to register to pimpmyblog. Again I’m not complaining. I know that when I register to a site, I get information from the owner, so it’s ok. I’m just trying to rebuild what happened at that time.
I don’t know how he tested bronto.com, but only 2 out of 3 email were sent with it. Judging by his latest newsletters, he didn’t like the service :)
He used bronto.com again later, I am not sure when he stopped though, I should check the rest of my emails.
Anyway after a week he tested another email marketing service, this time from softwareprojects.com. (you can check by yourself either by looking for link on the emails (sp.com owns spilnk.com ) or checking the email headers.
This time our Shoe sent us an email about the success of the shoemoney system and a f-bomb that was left unedited from a video :)
This time I correctly receive 4 emails: 1 for the pimpmyblog address and 3 for the shoemoney address. The “fun” part of this and probably the reason he never used softwareprojects.com again is that someone did a huge mistake. I don’t know who did it, but whoever did it made a huge mistake importing the data into softwareprojects’ system! They imported part of the email address! Instead of import email124@etc.com, they imported mail123@etc.com, forgetting the first letter! This is tricky to check if you use public email services and you can’t check misspelled email addresses, but I can and I can clearly see 4 email, all with the 1st character missing.
Around the same period the spam started to soar. Well..not really thousand of email, but still, 3-4 more than usual (usual = 1,2 per day. I already filtered a couple of addresses. They were from blogs I commented where the owner forgot to upgrade wordpress and someone stole their db) I probably deleted some of those spam messages, but I can clearly see on 28th of September the first spam from an email address I used to register to AuctionAds (which is ShoppingAds). On the 18th of December I see the first two spam to the address I used with Shoemoney.com. This is the same day he sent me the emails from softwareprojects system. I doubt they copied his list, for two reason:
1st the spam arrived at only one of the four email addresses
2nd the spam address was correct, while the newsletter’s one was wrong.
In January 2010 things get worse, I get spam to all my shoemoney’s address other than pimpmyblog’s one and together with AuctionAds’s address, also the ReviewMe one starts to get spam.
All that spam come from one system. I can see that spam comes in groups and either the title or the date are the same for at least two of them at the same time. Sometimes I see three spam email with the same title but only two have the same date. Unfortunately the email protocol is so weak that even dates can be manipulated, but having two different spam networks sending the same date and title is very difficult.
After that date I receive regularly spam for all those addresses, except for the pimpmyblog one.
I don’t know how those bot networks works, but sometimes I got the same spam twice. Ah those inefficiencies :(
I have no idea what happened and if all those three companies have been a target of hackers or just victims of some black sheep employee. The spam emails unfortunately doesn’t give much information. The only sure thing is your email address on them. Actually not even that is sure; sometimes you can get spam with someone else’s email on the “To:” Field. Checking all the spam together could reveal patterns, like the one I mentioned about the dates. So I can easily say that the spam is generated by the same organization.
Something else I can add is that both ReviewMe and ShoppingAds have their servers on the same center. I don’t know how it works by sungard, but if atlir8-v1-1 and v1-2 are on the same room, it could be that someone was able to access ShoppingAds and ReviewMe’s servers. I don’t know if Shoemoney has server there, but at least shoemoney.com isn’t there.
Anyway, I think that Shoemoney, ReviewMe and ShoppingAds got their email address database stolen in some way.
I hope this post will help them find who’s responsible for that. I am also available to give the evidence if needed.
Oh. I forgot something. I receive spam also on my TextLinkAds address. This means MediaWiz’s got two dbs stolen :(
ps. I usually send an email to the siteowners when I start to see 2-3 spam emails from the address I used with them. I tried to contact Shoe, but I failed.
pps. Hey, maybe it’s all a coincidence! Maybe spammers got so lucky to guess all those email addresses. :)
