For a long time, I’ve been making up email addresses every time I need one e.g. to shop online or post a comment on someone else’s blog. As the owner of the entire domain I’ve set things up so anything not recognized as belonging some other specific mailbox is dropped into mine, so it’s almost the same as just using my real address everywhere except that this approach lets me track who’s selling my address or allowing it to be harvested by spambots. Somewhat surprisingly, this has generally yielded few results. Most of the spam I get does not go to addresses I’ve actually used, but is instead addressed to “generic” accounts like sales@atyp.us or info@atyp.us (both of which are automatically thrown away).

Recently, though, I’ve been getting quite a bit of spam, and phishing attacks too, from one of these “bait” addresses. Somehow it’s not a surprise that the offender is libertarian/laissez-faire blog site QandO because spamming is exactly the kind of “free market” cost-shifting that their ideology makes inevitable. Most blogs that are harvested frequently notice the traffic and implement countermeasures such as obfuscating email addresses, but that requires a modicum of technical skill. Since it’s not in full-of-ads QandO’s interest to protect their visitors from phishing, nobody bothers … and that assumes QandO isn’t deliberately making life easy for spammers and phishers.

The moral of the story is: if you leave comments at QandO, don’t use your real email address.