Where Did They Get That Address?
As we noted in the bit about the Associated Press article, the folks at the AP created a couple accounts on their servers. Within a few hours, those accounts were receiving spam. Such accounts are commonly referred to as spam traps. We've created several of these accounts over time for the purposes of catching spam so that we can write filters to block it. We then share these filters with other, like minded ISPs.
One such account, created in February, had a very common, woman's name. Nevertheless, this account never existed in any practical sense and was never advertised anywhere on the Internet. Within 3 days, the account began receiving spam. Since then, it has received 70 pieces of spam. We have other spam trap accounts that receive nearly that much in a day.
It is important to note that our primary mail server has mechanisms which attempt to prevent spammers from guessing addresses. However, as you can see, these are not 100% effective. The AP reported that it only took spammers a couple of hours to find their new accounts. In our case, it usually takes a few days. Regardless, it would seem that it is only a matter of time before users new to the Internet are deluged with an unbearable amount of spam.