Part 2: The day I got a “Your Google Account has been deleted” notice

In Part One, I told you about a weird email problem that caused me to receive a take-down notice from Google, telling me my account was being killed due to Terms of Service violations.

The notice was 100% real, but turned out to be meant for someone else at “Langa.Com.”

Trouble is, I’m the only one here! I own the domain and site; I’m the only admin and webmaster; I have the only email accounts here. Why was I getting someone else’s mail specifically addressed to “Langa.com,” at a mailbox I didn’t set up?

It was no fluke. It was just the first of thousands and thousands of real emails I began receiving, all meant for others.

I’m talking honest-to-god personal stuff: Emails with other peoples’ bank and credit card account information; loan approvals and rejections; bills and receipts; job applications and offers; security alerts, take-down/shutdown notices and password-change emails from every major online service and business (Google, Facebook, Microsoft, Amazon, Apple, Samsung…); on and on.

I’ve also gotten a ton of private corporate email, including a quarter-million dollar invoice (with account numbers attached) for the final payment on a million-dollar engineering contract; fully detailed construction blueprints for major projects (a shopping center, a highway bridge, interchanges…; licensing and governmental authorization forms; and lots more.

All this mail was sent specifically to “Langa.Com;” but none of it should ever have come here.

(Part One contained a number of examples you can see.)

Over the course of the last year (!) I’ve reduced this flood of unwanted email to a relative trickle — but I still get private emails intended for others.

For example, moments before I began writing this article, I received the following financial transaction confirmation. It’s a pretty benign example, but was complete with name and account numbers. (I’ve blurred sensitive info here, but the originals were fully legible):

I think I’ve figured out why I’m getting other people’s private email, and if you own or manage a domain — a .com, .net, .org, etc. — I believe there’s a general lesson in what happened to me; and an easy way you can prevent something similar from happening to you!

Steps initially taken to stem the flood

When my mailbox first filled with private emails clearly meant for others, I felt horrible! Intimate details of their lives and businesses — financial and medical info, corporate plans, just about everything you can imagine — were being delivered to me, a total stranger. I had no evil intent, and had done nothing to cause this problem, but still… it just wasn’t right.

So, at first, when someone else’s important-seeming email would arrive in my Langa.Com mailbox, I’d contact the senders and intended recipients, to help them sort things out. But that quickly proved impractical.

First, I really did get thousands of these, and it started taking up way too much time to sort through them, to select what seemed important, and to try to contact the parties involved.

Second and frustratingly, there often was literally no way to follow up, even if I wanted to.

For example, take a look at this fairly harmless FreeConferenceCall.Com note I got:

There’s no s.savin-grosso@langa.com here; and I don’t speak French. (The mail came to me because the Langa.Com webmaster is the default recipient for emails that don’t match an existing account.)

I have no way to contact s.savin-grosso@langa.com — any email I sent would loop right back to me. And it would do no good to contact noreply@freeconferencecall.com, as it’s an unmonitored account.

And what would I tell them even if I got through to support? I’m not s.savin-grosso, and I’m not a customer, so why would they even listen to me, much less institute an address-change at my request?

There’s no way I can redirect this email, or even let the parties know there’s a problem.

So, I mostly resort to slash and burn with mails like those. In some cases, it’s easy. For example, I have no account at ConferenceCall.com, so I can safely block or filter all mail from that domain.

But, as I described in Part One, that won’t work for services I actually do use. For example, I can’t block all mail from Google, Microsoft, Amazon, or any place where I actually do have an account; or I’d run the risk of missing mail that really was meant for me. I usually have to at least peek at those emails to see what’s what.

Creating one-at-a-time email filters also doesn’t help much because most of the bogus emails are one-offs; only a few addresses are used over and over. I can easily block the repeaters, but there’s no point in setting up a filter for a one-time address.

Then there’s mailbox-segregation; maintaining separate accounts/addresses for my personal, site owner, editorial contact, and webmaster roles. (Reader David B asked about this after seeing Part One.)

I do have separate mailboxes; the webmaster is the catch-all account that collects most of the weird mail. So, why not simply discard the mail in the catch-all Langa.Com account — that is, just dump mail not sent to one of my specific addresses?

That’s the generally-accepted solution, but it wouldn’t work for me, due to some unusual circumstances. These circumstances have nothing to do with the core problem — getting tons of other peoples’ personal mail — but it did complicate the recovery.

The complication was that the current Langa.Com site — the one you’re reading this on now — is actually on its third web host, fourth publishing platform, and second domain registrar in less than 12 months. (Long story for another day.)

The frequent changing of webhosts/registrars/platforms generated a long tail of multi-hop bounces and forwards from the previous sites/accounts so that my Langa.Com catch-all mailbox ended up with just enough unpredictably-addressed legitimate email mixed in with the dreck that I couldn’t safely burn it all. Sigh.

Again, that’s not the cause of my email problem — it’s not why I was getting other people’s mail — but it sure complicated things.

After a while, I was able to weed-whack through the bad email and regain control of my mailbox. Over time, the legit mail from previous webhosts and registrars mostly ran to completion; and the array of sorting/filters/blocks I’ve built is mostly working. Today, only a manageable handful of bogus emails arrives each day. Whew!

But what caused the initial email flood? And how can it be prevented?

I think I’ve figured out why this happened, and how to prevent something similar from happening again to me or to you, if you own or manage a .com, .net, .org, or other domain.

Here’s the thing: The Langa.Com domain name has been continuously registered since the 1990s; but the actual website has come and gone.

The first Langa.Com website went live at the time of the initial domain-name registration. Everything worked fine; the domain name and the associated website perked along happily for a long while.

Years later, the Langa.Com site and domain name were part of the intellectual property involved in the sale of my newsletter business; I transferred domain and site ownership to the new buyers. Everything still worked fine.

The new owners kept the domain registration current and paid-up, but eventually killed the actual website, instead redirecting Langa.Com emails and clicks to their own domain and site. After a while, they returned ownership of the Langa.Com domain to me. I continued to keep the registration current, but did not recreate an associated website. Langa.Com was completely dormant.

That was my big mistake, as you’ll soon see.

Last year, I finally did create a new Langa.Com website to go with the long-dormant domain name. And almost the moment the new website went live, the misdirected emails suddenly started arriving in the catch-all webmaster mailbox — by the thousands!

Clearly, there had been some kind of shenanigans going on with Langa.Com email during the many years when there was no live, authorized site or email server to go with the domain name. But now, my new, for-real Langa.Com mail server was up and running, and was intercepting a flood of in-route email that clearly was bound for, what? A fake Langa.Com somewhere else? That’s not supposed to happen!

Eventually, some patterns emerged

After some digging, I found several origin clusters for the bulk of the bogus email; principally in South Africa, Brazil, and Portugal; plus a few other places.

I’ve concluded that the dormant Langa.Com domain was the target of soft hijacking.

It has nothing to do with me personally: All those mail-origin clusters have a “Langa” somewhere in their name. For example, there are unrelated Langa locations in South Africa, Peru , Spain, and in the South Pacific, among others.

My best guess: My unused domain name was too great a temptation for several enterprising but less-than-ethical ISPs in those areas.

I can’t know the exact mechanism (perhaps readers who have ISP-level experience can suggest some), but I suspect these local service providers performed a soft highjacking of my domain using ISP-level filters, or by diddling with local DNS records, or something along those lines, so that “Langa.com” mail would be delivered within their own system; like some kind of alias or subdomain or intranet.

It’d be a kludge, but would have let them work around the unavailable Langa.Com domain name: The ISP could allow local customers to use a pseudo Langa.Com address, and it would appear to work — as long as the real Langa.com site didn’t come back online.

But then, it did: When the real Langa.Com went live, its address propagated through the worldwide domain-name system, and a flood of mail began arriving at my site.

Don’t make my big mistake

Whatever the mechanism, I think the takeaway is clear: Don’t let a domain sit dormant — don’t keep a name registered but with no associated website.

If I had kept even a rudimentary, bare-bones website associated with the otherwise-unused Langa.Com domain, I bet the whole mail-misdirection fiasco never would have happened.

Even a one-page placeholder site on a free webhost — a landing page with a “Sorry, nothing here…” notice, and some strict filters to trash all the catch-all email — would have made it much harder for someone to alias or camp on my domain name.

But instead, by having a domain with no website for several years, I created an opportunity for one or more unscrupulous ISPs to camp on a domain they didn’t own. Grrr.

Today, I still get misdirected emails, but in far less volume than before; and most of the mail that does arrive is caught and automatically processed by the various sorting/filtering/blocking methods I’m using.

But arrive, it does: For example, just in the last few hours, I received a payment confirmation from a bank in Durban, South Africa; an invitation to a gala dinner in Kuala Lumpur given by the Malaysian AIDS Foundation; and a letter to a customer from an online Chinese pharmacy, in Chinese.

But that’s just three bogus emails — a trickle, not a flood.

While it still can be annoying, it’s at least partially offset by the minor amusement of peeking into other people’s lives and projects, all over the world.

And I’ve learned a valuable lesson along the way: I will never, ever again allow a domain name I own to sit idle, without an associated website.

If you own your own domain (say, a .com or .net or .org or something), I strongly urge you to do the same.

Keep the site lights on, at least a little!

 

(P.S. I’d love to hear any alternate theories of why this email flood happened. If you have an alternate explanation, please let me know via the Comment box at the bottom of the page, or click the CONTACT link! Thanks!)

---

Permalink: https://wp.me/paaiox-bx

Reply? Questions? Use the Comment box at the bottom of the page, or click CONTACT.