Email addresses from tophe.net

For many years, I've owned the domain tophe.net and use it for personal email. Since I own the domain, I create a new address for each website, raffle, or other signup I run across. This way, if someone starts spamming that address, I can shut that address down. If you've come across this page, I'm assuming it's because you have run across an email address that ends in @tophe.net. If it appears someone has signed up for an account, product, or service with my name and an email @tophe.net that mentions your company or the like, it's not that I'm trying to spoof you or steal your trademark — I'm flagging the mail as legitimate, and the address as one I've handed to you.

Sadly, at some point in the late 1990s to early 2000s, spammers started selling lists of email addresses, and in some cases they tried to brute-force guess these addresses. They guessed many, many bogus addresses at tophe.net. When spambots send email to those addresses, they end up in my inbox (and hopefully my spamfolder). I got tens of thousands of spam messages to random strings of characters @ my domain, making it impractical to shut them each off one by one. Unfortunately, spambots also started sending email from those addresses. It's a little known fact that the way Internet email is transmitted makes it quite easy to forge a return address. So if you are getting spam apparently from tophe.net, it's not me.

The side effect of me having done this for so long is I actually have a pretty large dataset of which companies or organizations have leaked my email, and which haven't. In every single case, when I've contacted an organization to say they have a data security problem, I get blown off, either because the company reps don't understand how I can track things down to them, or because they just don't care since I'm the only one who can trace this breach back to them. When I get some spare time, I will publish a list of shame here to identify these organizations in the hopes that somebody pays attention to any data security problems they have. This could be as minor as a contractor misusing a rented list, or one person at the company who corresponded directly to me with a virus on their computer, or as major as a full scale theft of all customer records. We have no real way of knowing. All we know is an address I created for them got spammed.


Copyright © 2012 Christopher Hoadley. Last updated 11 June 2012.