aWeber Compromised?

[PCRoger]

Today I am getting deluged with spam to addresses that are on aWeber lists, including a couple of email addresses that have ONLY been given to aWeber.

Anyone else seeing this?

Can I guess that aWeber was hacked or an employee decided to make some money on the side selling addresses?

Regards,
PCRoger.

[rosetrees]

Maybe the list owners weren't as honest as you'd like?

[Johnathan]

If you believe this is the case -- use a separate e-mail for signing up to lists, something like \"aweber_yourname@wherever.com\"

[Shaun OReilly]

Quote:

Originally Posted by PCRoger

Today I am getting deluged with spam to addresses that are on aWeber lists, including a couple of email addresses that have ONLY been given to aWeber.

Anyone else seeing this?

Can I guess that aWeber was hacked or an employee decided to make some money on the side selling addresses?

Regards,
PCRoger.

I've been having EXACTLY the same issue.

I have some test e-mail addresses that I ONLY use within AWeber
and just today I've started receiving lots of spam to them.

These are e-mail addresses across multiple domains including my
own and others such as GMail, etc.

These e-mails are only housed within AWeber so I know that
the problem is somewhere within their systems.

I contacted support and they've passed it on to an administrator
and of course they've suggested it's my computer but my systems
are robust.

Sadly, it seems that I'm not the only one.

Dedicated to your success,

*Shaun O'Reilly

[KristiDaniels]

Looks the same to me. I'm glad I don't use Aweber anymore.

The staff is awesome. But their deliverability and their options always left a lot to be desired.

Now if they have been hacked, their deliverability will be almost nil. Merry Christmas to all Warriors still stuck on Aweber!

[Paul Schlegel]

Quote:

Originally Posted by Shaun OReilly

I've been having EXACTLY the same issue.

I have some test e-mail addresses that I ONLY use within AWeber
and just today I've started receiving lots of spam to them.

These are e-mail addresses across multiple domains including my
own and others such as GMail, etc.

These e-mails are only housed within AWeber so I know that
the problem is somewhere within their systems.

I contacted support and they've passed it on to an administrator
and of course they've suggested it's my computer but my systems
are robust.

Sadly, it seems that I'm not the only one.

Dedicated to your success,

*Shaun O'Reilly

Sounds like good ol' aweber "support". Awesome service, but I've never been impressed with support.

[KarlWarren]

Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?

[Shaun OReilly]

Quote:

Originally Posted by KarlWarren

Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?

This isn't about blaming AWeber or anyone else.

These are e-mail address that are ONLY housed within my
AWeber account and not used anywhere else. They've been
spamless for over a year and then suddenly today they're
getting spam.

I backtracked from all of the e-mail addresses and found the
one common thing: they're all housed within AWeber.

If it were just me, I'd think again. But others are reporting
the same thing as happening today for them too.

The common link? AWeber.

That's not blame. It's deduction.

I could be wrong but I don't think so.

More importantly, I'm concerned for the e-mail addresses
of my valued subscribers and customers too as I've entrusted
them with AWeber for years.

Dedicated to your success,

*Shaun O'Reilly

[Trader54]

Quote:

Originally Posted by KarlWarren

Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?

I have had the same experience, add hotmail to that list to. I opened a hotmail account
and within a week was receiving spam and had not given out the address or used it in any way.

[KarlWarren]

Quote:

Originally Posted by Shaun OReilly

These are e-mail address that are ONLY housed within my AWeber account and not used anywhere else. They've been spamless for over a year and then suddenly today they're getting spam.

Thanks for the clarification - under the same circumstances, I would come to the same conclusion. I do hope Aweber hasn't been compromised - whether from within, or an outside source.

[52.ct]

Quote:

Originally Posted by PCRoger

Today I am getting deluged with spam to addresses that are on aWeber lists, including a couple of email addresses that have ONLY been given to aWeber.

Anyone else seeing this?

Can I guess that aWeber was hacked or an employee decided to make some money on the side selling addresses?

Regards,
PCRoger.

I to have been getting spammed to death with porn a pharm email. I already use separate emails for everything. Some of those email address were used with Aweber.

[Dan C. Rinnert]

I have an eMail address I have so far used only with Aweber and it is still spam-free.

How hard are the eMail addresses to guess? If you're using something such as nameATdomain.dom or wordATdomain.dom, a dictionary attack may be able to reach those addresses.

I have had eMail addresses that are used only internally (meaning they are not posted on any websites and are not used to send eMail) that have gotten hit by spam in the past.

[KirkMcD]

I'm having the same problem. Emails I've used to test my autoresopnders are getting a lot of spam today. They are totally made up, unique, and posted no where, so they weren't guessed.

[AdvertiseOnMy]

Yeah, same thing happened to me today.

It's kind of a relief that it is happening to other people also. I set up a lot of email forwarders in my cpanel. I was thinking somebody hacked my cpanel and got all of the email account names and email forwarding names, and probably did more damage I hadn't found yet.

I vote for aweber,

Dennis Graves

[oliverwinston]

I just fired off an email to Aweber to see why this is happening.

Should be interesting to see what they say.

[Shaun OReilly]

Quote:

Originally Posted by dnsg

I was thinking somebody hacked my cpanel and got all of the email account names and email forwarding names, and probably did more damage I hadn't found yet.

Initially I thought the same too as a lot of the spam is going to
forwarding e-mail addresses within my cpanel.

But...

The spam is also going to e-mail addresses within GMail etc, -
where none existed before today. And they're unique e-mail
addresses too by using the '+' sign to identify the source.

E.g. name+uniquesource@googlemail.com

Zero spam for a year, and now flooded today.

All housed within AWeber only.

Dedicated to your success,

*Shaun O'Reilly

[PCRoger]

Quote:

Originally Posted by KarlWarren

Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?

This is not automatic blame. This just started today. Every address was created solely for a list signup. One address was given ONLY to aweber for my account there.

20 or so addresses, all starting today, coincidence? I don't think so.

If you create a brand new email address on a domain you own, you will NOT automatically start receiving spam.

Roger.

[PCRoger]

Quote:

Originally Posted by oliverwinston

I just fired off an email to Aweber to see why this is happening.

Should be interesting to see what they say.

They responded to me asking for copies of the emails with headers. I just now sent them a few.

Roger.

[52.ct]

Quote:

Originally Posted by PCRoger

They responded to me asking for copies of the emails with headers. I just now sent them a few.

Roger.

Will you relay Aweber's response on this thread?

[Chris Simpson]

Exactly the same happened to me today. I always use thesitedomain at mydomain.com when I give an email address to anyone and it was those addresses that got spammed. Like others have said in this thread, the only one thing those email addresses all had in common were that they were subscribed to aweber lists.

It's also not just limited to my domain. I also have some gmail addresses that I've mainly used for testing my own lists and those got spammed as well.

[PCRoger]

Sure will.

Roger.

[ExRat]

Hi,

I read this thread yesterday. Then this morning, I got deluged with spam on email addresses that I created specifically for use only with twitter and have only used to create accounts with twitter - although the twitter accounts are not actually active (IE I haven't tweeted.)

Twitter - which was allegedly hacked by Iranians, or someone pretending to be Iranian, the other day.

Anyone else?

[Paul Myers]

Hmmm...

Brute-force password hacking? Using weak passwords can create this problem.

Were the spams sent via Aweber, or to tagged addresses, but through other systems?


Paul

[Shaun OReilly]

Quote:

Originally Posted by Paul Myers

Hmmm...

Brute-force password hacking? Using weak passwords can create this problem.

Were the spams sent via Aweber, or to tagged addresses, but through other systems?


Paul

I use 12 character long passwords generated by RoboForm
that include special characters as well as letters and digits
so they're robust.

In my case, the spams were not sent via AWeber but instead
were sent to e-mail addresses that have been totally spam
free for over a year and were only housed within my AWeber
account. I didn't get this spam to any of my other e-mail
addresses that I use outside of AWeber.

Dedicated to your success,

*Shaun O'Reilly

P.S. Here's the full header for an example spam message I've
received. I've taken out my unique test e-mail address and
replaced it with name@domain.com too:

Quote:

Delivered-To: name@domain.com Received: by 10.86.92.11 with SMTP id p11cs101890fgb; Fri, 18 Dec 2009 10:24:15 -0800 (PST)
Received: by 10.213.103.83 with SMTP id j19mr2048776ebo.30.1261160654637; Fri, 18 Dec 2009 10:24:14 -0800 (PST)Return-Path: <offer@touchshall.com>Received: from NTemporal ([190.254.16.129])
by mx.google.com with SMTP id 5si5567996eyh.24.2009.12.18.10.24.13; Fri, 18 Dec 2009 10:24:14 -0800 (PST)Received-SPF: neutral (google.com: 190.254.16.129 is neither permitted nor denied by domain of offer@touchshall.com) client-ip=190.254.16.129;
Authentication-Results: mx.google.com; spf=neutral (google.com: 190.254.16.129 is neither permitted nor denied by domain of offer@touchshall.com) smtp.mail=offer@touchshall.com
Received: (qmail 20173 by uid 300); Fri, 18 Dec 2009 13:29:01 -0500Message-Id: <20091218062901.20175.qmail@NTemporal>From: <offer@touchshall.com>To: <name@domain.com>
Subject: Pharmacy Offer pack !!!Date: Fri, 18 Dec 2009 13:29:01 -0500Message-Id: 34b201ca800f$4900a8c0@NTemporalMIME-Version: 1.0Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: 7bit
<a href="http://24262135.touchshall.com/index2.html"><img src="http://30482495.touchshall.com/support.jpg?name=name@domain.com"></img></a>

Spam subject lines specific to this include: Pharmacy Offer pack !!! , Amway Best Sex !!!! ,
Best Drug Store !!! , nice love pill best sex !!! , Holidays Specials - Price #Pharmacy !!!

From the following e-mail addresses: offer@touchshall.com, support@pageocean.com,
durg@yulerepeat.com, boss2@serverbestid74s5.com

P.P.S. Here's the reply I got from AWeber support:

Quote:

AWeber takes our security measures very strongly and employee tested technologies and
measures to make sure that our system is not compromised. After receiving your email
our team went through an exhaustive list of checks just to make sure that there are no
indications that connects this spam message you received to an issue with AWeber. All
of our tests have come back secure with no reports of intrusion or compromise.

Also note that after looking at the spam message in question we see that members of our
teams have also received this same message to their personal addresses that have never
been used in conjunction with AWeber.

We'll continue to monitor our system. And of course if you have any further questions,
please feel free to let me know.

The words 'sand' and 'bury' immediately spring to mind.

[Stephen Root]

Hmm... sounds really suspicious and we use Aweber for multiple businesses. I wonder if it's time to change. Can somebody post the spam message they got so I can check if we got those too. Nowadays there's just so much spam that it all gets filtered.

[Paul Myers]

Shaun,

Not YOUR password. The password of the Aweber account you subscribed to. If a spammer guessed/hacked/brute-forced that, they'd have those addresses.

Yes, it could possibly be a security issue. It could also be as simple as a few account holders with lame passwords.


Paul

[Shaun OReilly]

Quote:

Originally Posted by Paul Myers

Shaun,

Not YOUR password. The password of the Aweber account you subscribed to. If a spammer guessed/hacked/brute-forced that, they'd have those addresses.

Yes, it could possibly be a security issue. It could also be as simple as a few account holders with lame passwords.


Paul

Hi Paul,

These are unique test e-mail addresses that I only use within my
own AWeber account that has the ultra secure password. I use
them for testing my own web forms and sales processes etc.

Some are forwarders created within my own cpanel and other
test e-mail addresses are created on the fly with GMail, etc.
And my cpanel and GMail passwords are robust too.

They are not used anywhere else except within my own AWeber
account with the robust password. That's the worrying part.

Dedicated to your success,

*Shaun O'Reilly

[Paul Myers]

Shaun,

I promise... I understand the concept of a tagged address. I think we may be talking across each other.

Yes, it's possible there's a security leak at Aweber. I find that very unlikely, though, compared to the chance of account passwords being guessed because they're too simple. By that, I don't mean the passwords of the recipients. All you need to send mail to someone is the right address.

Picture: You subscribe to a list at account abcmmf [@] aweber [.] com, using a unique email address. If someone manages to get the username and password for that account, they can get access to every email address on any lists in that account. They don't need your password to mail them.

That's only one way this could happen, though. There are other potential vectors for this kind of attack, including hijacking the subscription forms, bot-infected systems, a server hack that reads /etc/aliases, and probably a bunch more.

Mind you, I am neither assuming nor ruling out anything. Just looking at various possibilities.


Paul

[Paul Myers]

(Note to self: Don't discuss technical issues when half asleep.)

My apologies, Shaun. I see the miscommunication, and it's my fault. I have similar internal-use addresses on several of my lists. It seems unlikely that a simple brute-force hack would get those.

All the other possible explanations are still in play, but my first (and most likely) idea is ... less likely than I thought ... given solid passwords.


Paul

PS: No spam to any of my control addresses, yet. So, it's not universal.

[Shaun OReilly]

Quote:

Originally Posted by Paul Myers

Shaun,

I promise... I understand the concept of a tagged address. I think we may be talking across each other.

Yes, it's possible there's a security leak at Aweber. I find that very unlikely, though, compared to the chance of account passwords being guessed because they're too simple. By that, I don't mean the passwords of the recipients. All you need to send mail to someone is the right address.

Picture: You subscribe to a list at account abcmmf [@] aweber [.] com, using a unique email address. If someone manages to get the username and password for that account, they can get access to every email address on any lists in that account. They don't need your password to mail them.

That's only one way this could happen, though. There are other potential vectors for this kind of attack, including hijacking the subscription forms, bot-infected systems, a server hack that reads /etc/aliases, and probably a bunch more.

Mind you, I am neither assuming nor ruling out anything. Just looking at various possibilities.


Paul

Update: I was posting the reply below and saw your latest post.

As a former engineer, I have a supra-logical way of rooting
out problems, finding causes as well as looking for solutions.
I'm not always right and am open to being wrong.

Here was my thinking process on this, and do let me know if
you find any flaws in the approach or conclusions...

I have some e-mail addresses that have been spam-free for
over a year. Suddenly, yesterday, many of them begin to
receive spam.

Hmm... I wonder... what could be the cause of that?

Has my computer been compromised? Has something got
access to my cookies? Has my cpanel been hacked? Has
my GMail been hacked? etc.

I write down all of the e-mail addresses that have just started
receiving spam and look for commonalities.

Because there are a number of unique e-mail addresses in
there I take a closer look. Suddenly it dawns on me. Many
of these are e-mails I've used to test my own web forms
only.

Could my AWeber or Infusionsoft accounts have been hacked?
Could my cpanel or GMail accounts have been hacked?

They all have robust 12-character passwords via RoboForm.

None of my unique e-mail addresses within Infusionsoft are
receiving spam - so I rule them out.

The only unique e-mails that are receiving spam are housed
within my own AWeber account and are used nowhere else.
I haven't given out these unique e-mails to anyone else -
including other AWeber users. They're only used to test my
own web forms within my AWeber account.

Has my AWeber account been hacked? It's got a 12-character
long password that's robust.

Maybe my computer has been compromised?

Then I pop on the Warrior Forum and sure enough, some other
AWeber users have just experienced the same thing (yesterday).

That may rule out my computer.

My AWeber password is robust - that rules out my account
being hacked via my robust password - I hope.

Q.E.D. Somehow, somewhere, someone has accessed my e-mail
data within AWeber so they then go on and send out spam via
their own methods.

Like I say, I could be wrong and am open to that. If anyone has
other possibilities, I'm all ears.

The most important thing is identifying the right cause of the
problem. Only then we can look at solving it.

Dedicated to your success,

*Shaun O'Reilly

[Paul Myers]

Shaun,

Assuming all your data is accurate and complete, that leaves Aweber's servers, or an Aweber-specific attack through your own servers, as the vectors I see.

I'm not prepared to rule anything out or to assume anything as the cause. Especially given the amount of technology that could be involved, and the various potential personal issues that could be acting as motivators.


Paul

[Shaun OReilly]

Quote:

Originally Posted by Paul Myers

Shaun,

Assuming all your data is accurate and complete, that leaves Aweber's servers, or an Aweber-specific attack through your own servers, as the vectors I see.

I'm not prepared to rule anything out or to assume anything as the cause. Especially given the amount of technology that could be involved, and the various potential personal issues that could be acting as motivators.


Paul

Hi Paul,

Some of the unique e-mail addresses I used for the
web forms are with GMail etc so I guess that rules
out my own servers.

For example, I often test a web form with on-the-fly
GMail addresses by using the '+' sign, as in:
name+formname@googlemail.com

These haven't been used anywere else, and are
only housed on AWeber and GMail servers and not
my own.

Let me also make it clear I've got no axe to grind with
AWeber and have found them a thoroughly decent
company who provide an excellent autoresponder and
typically great customer service.

If the source of the problem is identified conclusively,
and that's yet to be done, only then can the right
corrective action be taken.

Dedicated to your success,

*Shaun O'Reilly

[Paul Myers]

Shaun,

The Gmail issue is indicative, but not conclusive. See the latter part of my last post for my thinking on that. And, given that I have similar control addresses that haven't ever received any spam at all, there's some variable that hasn't yet been considered.

Given your past comments here about Aweber, I hadn't assumed any ill intent on your part, I assure you. No need to explain or justify an honest look for the truth, sir.


Paul

[tknoppe]

Sadly, spam is a part of our lives and something we have to deal with. I have spam filters in place that catch most of it. While I've not always used unique email addresses for every Aweber list I've signed up for, I do have some email addresses that have been setup within my cpanel, never used anywhere and eventually they too receive spam.

I don't believe that my cpanel was compromised, but more likely that there are spam software/bots (whatever) that sequence through randomly created email addresses and eventually that automated process will actually deliver a valid email address somewhere and the spam mail gets through.

While it's certainly possible that Aweber was compromised, it could be equally as plausible that spammers are using some random email generator script.

[PCRoger]

Quote:

Originally Posted by tknoppe

While it's certainly possible that Aweber was compromised, it could be equally as plausible that spammers are using some random email generator script.

I thought about that, but ruled it out immediately. I have 1 domain in the pack that is a catchall. anything @ thatdomain.com will come through to me. Only the aweber address did.

Also, hacking someone who had a list at aweber (mentioned somewhere above) would not do it (completely).

Not only are there 20 addresses I have on 20 different lists (ie, 20 hacks), my unique address that I gave ONLY to aweber to use for my account with aweber and not on any lists also received the same spam message.

Roger.

[DaveDaveDave]

Shaun, I am with you, I have (Friday) received bursts of spam email to approx 15 out of several hundred unique email addresses I have registered with various companies.
The common factor seems to be aweber (I gave up checking them all as was out of time), also I can't say whether I have other emails handled by aweber that aren't being spammed. I am not an aweber user.
I have submitted a support request at aweber and suggested I will require compensation for the inconvenience (changing each email).

I've seen this happen before too, both to me and reported on the web (I can't post links, so search..) "SpamCop Discussion > How do I sue an identifiable Texan spammer illegally using traceable email addresses?"
[if this is a duplicate post, apologies, but it seems to have disappeared]

[Damien Roche]

So strange. This didn't make any sense as I'd only used aweber once until Shaun detailed some of the addresses these were sent from.

Happened to my gmail address from exactly the same email addresses. I received about 5 in one day and my account has never received spam in over 2 years.

Could be aweber as I have had an account with them, but not any more...think they still keep my email on file?

These psychopathic spammers are relentless.

[KristiDaniels]

I show deliverability drops already from Aweber hosted lists. They were at 81.18% deliverability across all test lists. They have dropped to 74.93% deliverability in the last two days since the spam started.

If the spam isn't due to an Aweber compromise, then why has the trust level of major email ISPs toward Aweber dropped so much?

The ISPs aren't buying the "we aren't compromised" bury their head in the sand position of Aweber.

[DaveDaveDave]

re "I show deliverability drops already from Aweber hosted lists."
Maybe there's something I'm missing here, but the spam I'm referring to is not coming from/via aweber, it is simply spam (from dsls generally so botnets presumably) that is addressed to email names that have previously been delivered to by aweber. Thus I don't see how this would affect aweber's normal delivery stats.

[Sir Dancelot]

I am not a customer of aWeber.

I've signed up for several aWeber lists and unsubscribed many of them.

I give a unique email address to each list I subscribe to. I have hundreds of these unique addresses, as I give a unique address to any web site that asks for one. I have a unique one here at warriorforum.

Since yesterday, I've received five spams to five unique email addresses I've only given to aweber users. These spam are all similar to each other.

I have hundreds of other email addresses that I've given to non-aweber lists and sites and I've not received any spam to those addresses.

QED

I also contacted aweber, sent them complete headers and got the same boilerplate response that Shaun reported. I then wrote them to check out this forum.

[kyleb]

I just started receiving those as well to a couple of email addresses I have used to sign up on Aweber lists, but also on some other mailing lists...

I hope Aweber wasn't hacked! I use them for all my subscribers.

Kyle

[RobJones]

Yes, Aweber got compromised and I can prove it without any doubt.
See my post here:
Thank you Aweber for exposing all my email addresses to SPAMMERS. Thank you so much!


.

[52.ct]

If Aweber was hacked and they (Aweber) are burring it; then allot of people int he IM world are going to be f*cked

Maybe it is a good ideal, for anyone using Aweber, to send a test message to their list. Explain the situation... maybe even reference this thread. That way your list will know that it was not you who sent the spam.

Also, ask if anyone from your list, if they received spam from an unique email address used specifically for your newsletter,then enter a new and unique email into Aweber.

If they still receive spam on this new email address then we will know Aweber was compromised.

I personally have roughly 220-230 different email addresses. About 35 on those have received spam thus far. One third of those email addresses are still active. The rest have been unsubscribed from their respective list.

[RobJones]

Yes, Aweber was hacked and I can prove it with 100% certainty.
(Everyone can contact me via PM)

Of course, the spammers aren't sending emails via Aweber's servers. (they, the spammers, are sure not that dumb)
The spammers have just hacked Aweber's servers, extracted the email addresses from Aweber's data base(s) and are now happily sending tons of spams using their own untraceable spam bots.

That means:
From now on ALL the compromised email addresses will ALWAYS receive tons of spam.
The only way to stop those spam floods would be to stop using those email addresses.
And that in turn would also mean to stop receiving emails from all those marketers who are using Aweber...

[mattlaclear]

Quote:

Originally Posted by rosetrees

Maybe the list owners weren't as honest as you'd like?

I agree with Rose on this one. aWeber runs a tight ship. But even if they didn't you would still have to end up trusting some other autorsponder service provider with your info.

[RobJones]

Quote:

Originally Posted by mattlaclear

I agree with Rose on this one. aWeber runs a tight ship.

BULL SH*T!
Because of the unique anti-spam system I use I can prove with 100% certainty that Aweber's servers must have been hacked.
Check my thread here:
Thank you Aweber for exposing all my email addresses to SPAMMERS. Thank you so much!

Quote:

Originally Posted by mattlaclear

But even if they didn't you would still have to end up trusting some other autorsponder service provider with your info.

This is like saying:
"My auto mechanic has seriously damaged my car but never mind; after all, if wouldn't have used this auto mechanic then I would have to use another one."

Is there any logic in that sentence?

[Paul Myers]

Rob,

Quote:

Because of the unique anti-spam system I use I can prove with 100% certainty that Aweber's servers must have been hacked.

It's possible they were. It's possible some other vector was involved. At this point, we don't know anything except that some addresses which previously never received spam have started to, and it looks like a compromise of Aweber's systems, personnel, or transit.

Barring a lot more details about your unique anti-spam system, we don't have anything from you that even looks like proof. And there are things that could happen that could have the same result without their having been hacked.

Quote:

This is like saying: "My auto mechanic has seriously damaged my car but never mind; after all, if wouldn't have used this auto mechanic then I would have to use another one."

Actually, it's not. It's more like saying, "My car was vandalized while in the parking lot at this mechanic's shop. That could happen at another shop, too."

There is one possibility that concerns me a lot. If it turns out to be that, you can forget security at any list host, because it would happen outside their area of control.


Paul

[jasondinner]

WOW!!

I just checked in my spam folder and found the same "pharmacy" emails Shaun
said he was getting to his previously "spam free use for aweber only email address"
and I have the same emails in my spam folder too!!

Now before I completely made my mind up that Aweber was compromised I looked
at the email address these D-Bags (spammers) sent their crap to which led me
to believe that Aweber indeed was compromised.

You see, when i test opt-in forms, i use my gmail account, but put dots in betweeen the
user name.

For example if my gmail address was jasoniscool[a]gmail dot com , i would use

j.asoniscool , then ja.soniscool, jason.is.cool, etc.

Aweber forms are the only places I submit those variations of my email addresses to.

Guess what!!?!?!?!?!?!?!

The email addresses these spammers sent their spam to was to those email address variations.

If they did indeed get hacked, hopefully they are working towards correcting the
situation and preventing it from ever happening again.

Maybe they will come in here and clear things up for us, or admit it.(doubtful - lol)

Cheers
Jason

P.S. - Other than that, I have found Aweber to be the best provider of these types of
services in their price range.

Obviously they are not the end-all-be-all, but they are good for most marketers.

When I am making $3K per day or before that, I will definitely be looking for other
providers.

[blkfin]

No Doubt something has happened at aweber. I am getting the same messages as everyone else from my mailing list email addresses. i.e. newslettername@MYDOMAIN.com.

[johnng]

Quote:

Originally Posted by KarlWarren

Experiment...

Set up a brand new email address and give it to NOBODY... I guarantee you get spam.
Without a doubt. Especially if it is @gmail, @yahoo or @yoursite.com

Why automatically point blame?

Hi KarlWarren,
I don't have an answer, but I do not agree with your statement. I have several Gmail accounts which I do give out, except one that I hold for reserve. I have not received a single Emails to that address except the one I sent to it myself. I have that account for over 1 year and it has not been compromised yet. So your statement about Gmail account is not 100% accurate.