Recently, I received the following strange email from a person named Disha Yadav:
I’ve been using Gmail and thought you might like to try it out. Here’s an invitation to create an account.
<snip>
Disha Yadav has invited you to open a free Gmail account.
To accept this invitation and register for your account, visit
http://mail.google.com/mail/<some uid>
Once you create your account, Disha Yadav will be notified with your new email address so you can stay in touch with Gmail!
If you haven’t already heard about Gmail, it’s a new search-based webmail service that offers:
<blah blah blah>
So what is so strange with a pretty standard Gmail invitation? Well, a few things really:
- I do not know a person named Disha Yadav (although a search on the name seems to yield results for about 20 different people).
- I didn’t get the invitation email once, but TWICE.
- The invitation email was sent to my primary email address, which is ALREADY ON GMAIL!
Then I realized something:
Once you create your account, Disha Yadav will be notified with your new email address so you can stay in touch with Gmail!
Ahh… so this is probably some elaborate email address farming/validation scheme from spammers. However, a few problems with this half-baked scheme:
- The notification email from Google only tells you the person’s registered full name and new Gmail address, and not the old email address which the Gmail invitation was sent to. So unless the spammer has a database mapping email addresses to full names, this scheme will only help farm the new email addresses, but not confirm the old one.
- Has Gmail been compromised so that the process of sending out Gmail invitations can be programatically automated? If not, this is a pretty labor-intensive endeavour which won’t scale.
- Every Gmail address has a limit of 100 invitations, again limiting scalability.
Are spammers getting more innovative or more desperate? You decide.
Tweet