Verisign Digital ID-any spamming problem ?

TheMSsForum.com: The Microsoft Software Forum

I was just about to register for a Verisign Digital ID, when I came across
messages in various newsgroups, where it was claimed that enrolling for a
Verisign Digital IDs results in massive amounts of spam, not just from
external spammers, but also from Verisign and it's associated / partner
companies. This is something that I want to avoid like the plague. I
suffered terribly from spamming with my old
e-mail address, and I certainly do not want a repeat of that problem.

Has anyone who has recently enrolled (say in the last 6 months) for a
Verisign Digital ID (Certificate) experienced spamming problems as a result
of the enrollment ?

Thank you

Alan Carr-Brwon
Top

Re: Verisign Digital ID-any spamming problem ? by S

S
Tue Apr 20 05:21:31 CDT 2004

I am receiving substantial amounts of spam and I doubt that Verisign can
make difference. Get a spam filter. And, by the way, Verisign won't
distribute your details - they're obliged to keep your details secret - read
theyr privacy statement.

--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-

"Alan C. Brown" <acbrown@intnet.mu> wrote in message
news:uAkWUZpJEHA.1000@TK2MSFTNGP11.phx.gbl...
> I was just about to register for a Verisign Digital ID, when I came across
> messages in various newsgroups, where it was claimed that enrolling for a
> Verisign Digital IDs results in massive amounts of spam, not just from
> external spammers, but also from Verisign and it's associated / partner
> companies. This is something that I want to avoid like the plague. I
> suffered terribly from spamming with my old
> e-mail address, and I certainly do not want a repeat of that problem.
>
> Has anyone who has recently enrolled (say in the last 6 months) for a
> Verisign Digital ID (Certificate) experienced spamming problems as a
result
> of the enrollment ?
>
> Thank you
>
> Alan Carr-Brwon
>
>
>


Top

Re: Verisign Digital ID-any spamming problem ? by Sandi

Sandi
Tue Apr 20 07:32:06 CDT 2004

I certainly not received spam from the address I used for Verisign (I use
Sneakmail for web site registrations so I always know *exactly* where spam
comes from) ;o)

--
Hyperlinks are used to ensure advice remains current
Do NOT send me an email. I will NOT see it (thank the spammers and viruses)
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://www.mvps.org/inetexplorer


Alan C. Brown wrote:
> I was just about to register for a Verisign Digital ID, when I came
> across messages in various newsgroups, where it was claimed that
> enrolling for a Verisign Digital IDs results in massive amounts of
> spam, not just from external spammers, but also from Verisign and
> it's associated / partner companies. This is something that I want
> to avoid like the plague. I suffered terribly from spamming with my
> old
> e-mail address, and I certainly do not want a repeat of that problem.
>
> Has anyone who has recently enrolled (say in the last 6 months) for a
> Verisign Digital ID (Certificate) experienced spamming problems as a
> result of the enrollment ?
>
> Thank you
>
> Alan Carr-Brwon

Top

Re: Verisign Digital ID-any spamming problem ? by Alan

Alan
Tue Apr 20 07:52:16 CDT 2004

Thanks for your reply.

I was under the impression when you enrol, you have to give Verisign the
e-mail address that you intend to use your Digital ID with.

Are you saying that is incorrect ?

What is Sneakmail ?

Alan C. Brown

------------------

"Sandi - Microsoft MVP" <sandi_hardmeier@mvps.org> wrote in message
news:OcA5BJtJEHA.620@tk2msftngp13.phx.gbl...
> I certainly not received spam from the address I used for Verisign (I use
> Sneakmail for web site registrations so I always know *exactly* where spam
> comes from) ;o)
>
> --
> Hyperlinks are used to ensure advice remains current
> Do NOT send me an email. I will NOT see it (thank the spammers and
viruses)
> _______________________________________
> Sandi - Microsoft MVP since 1999 (IE/OE)
> http://www.mvps.org/inetexplorer
>
>
> Alan C. Brown wrote:
> > I was just about to register for a Verisign Digital ID, when I came
> > across messages in various newsgroups, where it was claimed that
> > enrolling for a Verisign Digital IDs results in massive amounts of
> > spam, not just from external spammers, but also from Verisign and
> > it's associated / partner companies. This is something that I want
> > to avoid like the plague. I suffered terribly from spamming with my
> > old
> > e-mail address, and I certainly do not want a repeat of that problem.
> >
> > Has anyone who has recently enrolled (say in the last 6 months) for a
> > Verisign Digital ID (Certificate) experienced spamming problems as a
> > result of the enrollment ?
> >
> > Thank you
> >
> > Alan Carr-Brwon
>


Top

Re: Verisign Digital ID-any spamming problem ? by Alan

Alan
Tue Apr 20 08:34:40 CDT 2004

Thanks for your reply.

Right now I do not receive any spam (fingers crossed) at my current e-mail
address, which I have had for 18 months, so that any spam caused by Verisign
enrollment would be both noticeable and unwelcome.

Try doing a web search with the keywords "Verisign" & "spam".

I read their privacy statement, and I can't say that I'm entirely
comfortable with their statement regarding the sharing of information, for
example, quote :

"We may also provide the information you have submitted to us to a VeriSign
subsidiary, business partner, or representative so that the subsidiary,
business partner, or representative can contact you on behalf of VeriSign to
facilitate the
support, renewal, and purchase of VeriSign products and services."

Also the following statement makes me a little uncomfortable, quote :

"Please note that all information that you provide us that
forms the content of a Digital ID will be "published." Publication of
Digital IDs in an accessible location (a repository) is an integral part of
enabling the widespread use of Digital IDs. Your Digital ID will be
published in our repository so that a third party may access, review, and
rely upon your Digital ID. You should have no expectation of privacy
regarding the content of your Digital ID".

I hope that are right, and that I'm just being paranoid about spam.

By the way, can you recomend a good, easy-to-use Spam Filter ?

Alan C. Brown
------------------------

"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:uhcpHFsJEHA.2380@TK2MSFTNGP09.phx.gbl...
> I am receiving substantial amounts of spam and I doubt that Verisign can
> make difference. Get a spam filter. And, by the way, Verisign won't
> distribute your details - they're obliged to keep your details secret -
read
> theyr privacy statement.
>
> --
> Svyatoslav Pidgorny, MVP, MCSE
> -= F1 is the key =-
>
> "Alan C. Brown" <acbrown@intnet.mu> wrote in message
> news:uAkWUZpJEHA.1000@TK2MSFTNGP11.phx.gbl...
> > I was just about to register for a Verisign Digital ID, when I came
across
> > messages in various newsgroups, where it was claimed that enrolling for
a
> > Verisign Digital IDs results in massive amounts of spam, not just from
> > external spammers, but also from Verisign and it's associated / partner
> > companies. This is something that I want to avoid like the plague. I
> > suffered terribly from spamming with my old
> > e-mail address, and I certainly do not want a repeat of that problem.
> >
> > Has anyone who has recently enrolled (say in the last 6 months) for a
> > Verisign Digital ID (Certificate) experienced spamming problems as a
> result
> > of the enrollment ?
> >
> > Thank you
> >
> > Alan Carr-Brwon
> >
> >
> >
>
>




Top

Re: Verisign Digital ID-any spamming problem ? by alun

alun
Tue Apr 20 08:55:23 CDT 2004

In article <OHRsaZtJEHA.2844@TK2MSFTNGP10.phx.gbl>, "Alan C. Brown"
<acbrown@intnet.mu> wrote:
>I was under the impression when you enrol, you have to give Verisign the
>e-mail address that you intend to use your Digital ID with.
>
>Are you saying that is incorrect ?

No, that is correct. However, many people have the ability to generate
unique addresses - "fred+fish@example.com", for instance, would (on most
mail servers) go to "fred@example.com".

Sign up with "fred+verisignID@example.com", and you can use that as your
secured ID, and know that anything received back to that same address comes
through responses to your emails, or from people that have been given the
address by Verisign (or anyone else that you've passed that address on to).

Sign up for a Digital ID a few weeks before you send any messages from that
email account, and you quickly find out whether Verisign is sending your
email address to spammers. While Verisign have done some really bad things
in the past (approving certificates without checking the requester's
information, passing failed DNS requests to their own web site for
advertising, sending out mail implying that domain owners have to renew
through them, refusing to return money for services that they aren't
rendering, that kind of thing), I don't think this is the sort of thing
they'd be interested in - it'd bring down too much heat.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | alun@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Top

Re: Verisign Digital ID-any spamming problem ? by S

S
Wed Apr 21 04:41:33 CDT 2004 Deleted
Top

Re: Verisign Digital ID-any spamming problem ? by Sandi

Sandi
Wed Apr 21 08:02:31 CDT 2004

That is true, but where using a 'real' address is unavoidable, I test the
site first ;o)

--
Hyperlinks are used to ensure advice remains current
Do NOT send me an email. I will NOT see it (thank the spammers and viruses)
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://www.mvps.org/inetexplorer


Alan C. Brown wrote:
> Thanks for your reply.
>
> I was under the impression when you enrol, you have to give Verisign
> the e-mail address that you intend to use your Digital ID with.
>
> Are you saying that is incorrect ?
>
> What is Sneakmail ?
>
> Alan C. Brown
>
> ------------------
>
> "Sandi - Microsoft MVP" <sandi_hardmeier@mvps.org> wrote in message
> news:OcA5BJtJEHA.620@tk2msftngp13.phx.gbl...
>> I certainly not received spam from the address I used for Verisign
>> (I use Sneakmail for web site registrations so I always know
>> *exactly* where spam comes from) ;o)
>>
>> --
>> Hyperlinks are used to ensure advice remains current
>> Do NOT send me an email. I will NOT see it (thank the spammers and
>> viruses) _______________________________________
>> Sandi - Microsoft MVP since 1999 (IE/OE)
>> http://www.mvps.org/inetexplorer
>>
>>
>> Alan C. Brown wrote:
>>> I was just about to register for a Verisign Digital ID, when I came
>>> across messages in various newsgroups, where it was claimed that
>>> enrolling for a Verisign Digital IDs results in massive amounts of
>>> spam, not just from external spammers, but also from Verisign and
>>> it's associated / partner companies. This is something that I want
>>> to avoid like the plague. I suffered terribly from spamming with my
>>> old
>>> e-mail address, and I certainly do not want a repeat of that
>>> problem.
>>>
>>> Has anyone who has recently enrolled (say in the last 6 months) for
>>> a Verisign Digital ID (Certificate) experienced spamming problems
>>> as a result of the enrollment ?
>>>
>>> Thank you
>>>
>>> Alan Carr-Brwon

Top

Re: Verisign Digital ID-any spamming problem ? by Alan

Alan
Wed Apr 21 11:41:42 CDT 2004 Deleted
Top

Re: Verisign Digital ID-any spamming problem ? by Alan

Alan
Wed Apr 21 23:15:14 CDT 2004

Alun

Thanks for your reply.

Using your example, are you suggesting that I :

1. Setup an e-mail account in OE6 for fred+verisignID@example.com ?

2. Enrol for a Verisign Digital ID with fred+verisignID@example.com ?

3. Send my public key to my e-mail correspondents using
fred+verisignID@example.com ?

4. Tell my correspondents to use fred+verisignID@example.com only when
sending me encrypted messages ?

5. Use fred+verisignID@example.com only when sending digitally signed and
encrypted e-mail messages ?

Although doing this would detect whether I'm receiving spam as a result of
enrolling with Verisign, nevertheless if spamming does occur, then
presumambly both my fred+verisignID@example.com and normal e-mail address,
fred@example.com , are compromised anyway, and therefore there is really no
advantage to using fred+verisignID@example.com for enrolling with Verisign.

Am I missing something, &/or misunderstanding you ?

Alan C. Brown

-----------
"Alun Jones [MS MVP]" <alun@texis.invalid> wrote in message
news:fZ9hc.11914$Ml3.7373@newssvr23.news.prodigy.com...
> >
>No, that is correct. However, many people have the ability to generate
>unique addresses - "fred+fish@example.com", for instance, would (on most
>mail servers) go to "fred@example.com".

>Sign up with "fred+verisignID@example.com", and you can use that as your
>secured ID, and know that anything received back to that same address comes
>through responses to your emails, or from people that have been given the
>address by Verisign (or anyone else that you've passed that address on to).

>Sign up for a Digital ID a few weeks before you send any messages from that
>email account, and you quickly find out whether Verisign is sending your
>email address to spammers. While Verisign have done some really bad things
>in the past (approving certificates without checking the requester's
>information, passing failed DNS requests to their own web site for
>advertising, sending out mail implying that domain owners have to renew
>through them, refusing to return money for services that they aren't
>rendering, that kind of thing), I don't think this is the sort of thing
>they'd be interested in - it'd bring down too much heat.
>
> Alun.
> ~~~~
>
> [Please don't email posters, if a Usenet response is appropriate.]
> --
> Texas Imperial Software | Find us at http://www.wftpd.com or email
> 1602 Harvest Moon Place | alun@texis.com.
> Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
> Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.








Top

Re: Verisign Digital ID-any spamming problem ? by Alan

Alan
Wed Apr 21 23:49:11 CDT 2004

Sandi

If what you are saying, is that I should test Verisign enrollment for spam
by using a "Sneakmail" address to enroll, then presumambly I, and my e-mail
correspondents, would have to use the "Sneakmail" address to send & receive
digitally signed & encrypted e-mail messages to each other.

I can see that his would have the advantage that I would not compromise my
normal e-mail address should spamming occur as a result of Versign
enrollment, but if spamming does occur, then my "sneakmail" address is
compromised anyway.

Using the "Sneakmail" address to test Verisgn enrollment, means that I would
have to use it for 3 months if do the free trial enrollment, and 1 year if I
pay US$ 14.95 for the normal 1 year enrollment. Presumambly it would only
make sense to use it for the former.

Am I understanding you correctly ?

By the way what is a "Sneakmail address" ? Is it different from what Alun
Jones has suggested ?

Can I set it up as a normal OE6 e-mail account ?

Thanks for you help

Alan C. Brown

------------------------
"Sandi - Microsoft MVP" <sandi_hardmeier@mvps.org> wrote in message
news:uN4ev#5JEHA.228@TK2MSFTNGP10.phx.gbl...
> That is true, but where using a 'real' address is unavoidable, I test the
> site first ;o)
>
> --
> Hyperlinks are used to ensure advice remains current
> Do NOT send me an email. I will NOT see it (thank the spammers and
viruses)
> _______________________________________
> Sandi - Microsoft MVP since 1999 (IE/OE)
> http://www.mvps.org/inetexplorer
>
>
> Alan C. Brown wrote:
> > Thanks for your reply.
> >
> > I was under the impression when you enrol, you have to give Verisign
> > the e-mail address that you intend to use your Digital ID with.
> >
> > Are you saying that is incorrect ?
> >
> > What is Sneakmail ?
> >
> > Alan C. Brown
> >
> > ------------------
> >
> > "Sandi - Microsoft MVP" <sandi_hardmeier@mvps.org> wrote in message
> > news:OcA5BJtJEHA.620@tk2msftngp13.phx.gbl...
> >> I certainly not received spam from the address I used for Verisign
> >> (I use Sneakmail for web site registrations so I always know
> >> *exactly* where spam comes from) ;o)
> >>
> >> --
> >> Hyperlinks are used to ensure advice remains current
> >> Do NOT send me an email. I will NOT see it (thank the spammers and
> >> viruses) _______________________________________
> >> Sandi - Microsoft MVP since 1999 (IE/OE)
> >> http://www.mvps.org/inetexplorer





Top

Re: Verisign Digital ID-any spamming problem ? by alun

alun
Thu Apr 22 12:33:32 CDT 2004

In article <uVpv1CCKEHA.3316@tk2msftngp13.phx.gbl>, "Alan C. Brown"
<acbrown@intnet.mu> wrote:
>Using your example, are you suggesting that I :

I'm not suggesting anything. What I'm doing is passing on some ideas used
by other spamfighters.

>Although doing this would detect whether I'm receiving spam as a result of
>enrolling with Verisign, nevertheless if spamming does occur, then
>presumambly both my fred+verisignID@example.com and normal e-mail address,
>fred@example.com , are compromised anyway, and therefore there is really no
>advantage to using fred+verisignID@example.com for enrolling with Verisign.
>
>Am I missing something, &/or misunderstanding you ?

"Spammers is stupid." I once wrote a news posting about how I receive
everything sent to this domain, and so if you email me at
"something-or-other@" (and then I included my domain name), it would reach
me.

Sure enough, the "something-or-other" mailbox at my domain keeps getting
messages.

So, yes, you'll get spam as a result of giving your address out to pretty
much anyone. That's a risk of doing business. If you really want to
protect yourself, buy a new domain name for each contact, and when it gets
spammed, dump the domain. But that gets just a little expensive after a
while.

If you use plus-tagging, or any other form of providing a unique email
address to people, you will at least be able to tell what route your address
took to that spam, and you can cease doing business with the spammer, and
tell your friends and colleagues to do the same.

Unfortunately, there's no way to ask the question "will my address get
spammed if I give it to you" without actually giving out an address and
seeing if it gets spammed.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place | alun@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Top

Re: Verisign Digital ID-any spamming problem ? by Sandi

Sandi
Fri Apr 23 07:41:08 CDT 2004

Not quite. If a site is going to sell an address, or use it for spamming,
its going to sell *all* of them, not pick and choose, so I assume that if
the sneakemail address doesn't get spam, then other addresses provided also
won't. After waiting for a little while, I use a *real* address if need be
(mind you, Verisign is a unique service so the extra step of using a real
email address later is necessary, something that is not required for other
sites - email sent to a sneakmail address is automatically forwarded by
sneakemail to your 'real' address.

--
Hyperlinks are used to ensure advice remains current
Do NOT send me an email. I will NOT see it (thank the spammers and viruses)
_______________________________________
Sandi - Microsoft MVP since 1999 (IE/OE)
http://www.mvps.org/inetexplorer



Alan C. Brown wrote:
> Sandi
>
> If what you are saying, is that I should test Verisign enrollment for
> spam by using a "Sneakmail" address to enroll, then presumambly I,
> and my e-mail correspondents, would have to use the "Sneakmail"
> address to send & receive digitally signed & encrypted e-mail
> messages to each other.

Top