Hi there,

Some quick background.. When I sign up to websites using my own domain name, I enter that site's name as the destination address ie. 1-day@mydomain.co.nz

Back in Feb 2010, I started receiving a number of spam emails to my "1-day@mydomain.co.nz" address. I queried 1-day who said it was probably a dictionary attack (yeah, righto!). Then I got another response saying

" We have been looking into this, and at this stage we believe that the company who we employ to handle our daily emails has had a security breach, although at this stage this is unconfirmed."

I gave them some examples, and that was that.

So I changed my address to 1day@mydomain.co.nz, /dev/null'd the old one, and all was well for a few months.

Now i've started receiving spam to this address. Its of note, that i'm not getting random dictionary attack spam, so this doesn't appear to be purely coincidental. I'm thinking their third party email handler has had yet another compromise, or given out these details. This is speculation however.

I approached 1-day again, but didn't get any reply, so i've decided to remove my account.

I have also had the same thing with aa.co.nz, specifically the aatravel competitions website. They also confirmed there was a security breach when I approached them.

I guess they don't bother telling their customer base about breaches, because most people use a static email address and wouldn't be any the wiser where it originates from.

Has anyone else seen a similar thing, who may have the same setup as me?