When I started getting spam on an ISP email account that I don't even use, I got suspicious. At first I wondered if PlusNet had leaked account names or something. But eventually I figured it out.
See, PlusNet ADSL customers get fixed IPs and reverse DNS with a hostname like accountname.plus.com. For the purpose of this post imagine mine is kera.plus.com (note: it actually isn't).
Although I don't use the email account other than for the service announcements which I can't not get on the admin account, I have the default setup whereby everything sent to strong>@kera.plus.com goes to my mailbox anyway. But the most obvious address is strong>kera@kera.plus.com which is the 'default' account owner email address.
And I was getting spam on this address.
I got scratching my head, because I've never sent out a mail from it, and never written it anywhere online. I did briefly use strong>ds5-domain@kera.plus.com as the Whois contact email for one of my old domains, but I never got spam off that and it's a different address anyway.
It seemed totally ridiculous.
But the answer is quite simple.
See, the reverse DNS means that when you connect to most IRC servers, they see you as your hostname and that's the address that everyone in the channel sees when you join, part, etc. Further, since my account name is a name I use online frequently (deliberately), it's hardly a co-incidence that my chosen ident username is the same word. Because that's my identity.
So I end up joining channels with lines like this:
* Joins: tomalak (kera@kera.plus.com)
And quitting like this:
* Quits: tomalak (kera@kera.plus.com) (Reason: bored)
Half by co-incidence and half not by co-incidence, that IRC address (em>ident@host) is identical to that unused email address (em>accountname@accountname.plus.com). And although I can not immediately find any Google results for that address, I figure it's getting onto the web in published archives of IRC channel logs. Ripe for the picking by spambots.
And that, my friends, is how my unused email address is getting harvested: not even as an email address.
Although this won't be a problem for most with stupid hostnames like 69-11-54-253.ath.ma.comcast.net, that might be something to watch out for if you have a nice, short reverse DNS that might mirror an email account.