A couple of months ago I ordered some DVDs through Amazon.com.
The RFCs for email allow a person to 'tag' their email address by
appending a plus sign '+' followed by a string. The '+' and the string
between it and the '@' is ignored for routing purposes. So
woowdorker+ firstname.lastname@example.org will be delivered to the mailbox
belonging to email@example.com, but the address
in the From: header will read, literally "woowdorker+ firstname.lastname@example.org".
Not all email systems properly impliment tagging, compliance with
the RFCs like everything else on the internet is, after all, voluntary.
But SpamCop does allow it and amazon.com does accept tagged
email addresses on their order page.
So when I ordered, I tagged the address with a unique string, used only
for correspondence with Amazon.com, which being the suspicious sort,
is SOP for me when ordering over the internet.
SInce then I have not only received spam to that uniquely tagged
email address, but also a credit-card phishing attempt, forged to
appear to have been from amazon.com, though actually sent from
(or through) a server registered to Apollo Hositng in Austin, TX.
My emailed notitification to Amazon.com resulted in a form email
reply, what I politely refer to as an "auto ignore". Attempts to
inform Amazon through their webpage interface have been failing
for about the last month or so though, according the error message,
they hope to have that problem fixed 'shortly'.
When I attempt to login into my Amazon.com account I am told
that my account cannot be located and they suggested that I
open a new account. Yet Amazon.com was able to send a spam
to that uniquely tagged address immediately after I attempted to log
in. Do you suppose that was a coincidence?
Yes, that was a spam. I have not subscribed to an Amazon.com
mailing list and yes, it came from an amazon.com server. Oh,
and to 'unsubscribe' from their spamlist I am supposed to log
into my amazon.com account and update my preferences. See
If I take their advice and open a new account it certainly will not
be with amazon.com!
So, if you chose to order from Amazon.com you can expect that
your email address will be passed to spammers and pshishers,
amazon.com will spam you directly, will disable your account so
that you cannot unsubscribe from their spam list, and will not
You've been warned.