Why is my subdomain getting an email from a "validator"?
October 22, 2024 10:27 AM Subscribe
I am not a networking expert. At all. Or have any other IT-related expertise. But I do own a domain, let's call it myexample.net. My email provider allows subdomain addressing, which I use extensively to quickly isolate any spam and also see who is leaking it (biggest offender by far - pay to park websites).
Now I've gotten something that isn't quite spam, but what is it???
If you aren't familiar with subdomain addressing, for my email address user@myexample.net, whenever I enter an email on a website, I can create a new prefacing name and use my "user" name as a subdomain. For instance, here I might use mefi@user.myexample.net. Any email sent to that address will still come to my user@myexample.net inbox, with the added bonus that it will auto-sort to my "mefi" folder.
I recently received an email from validator@gryellownode390.top, with the subject "This is a test email subject for validation (2024-10-20T00:14:34+05:30)" and the body "This is a test email for validation, please ignore (2024-10-20T00:14:34+05:30)." It is addressed to "Receiver", with an email address that has my user subdomain, but the preface to the address is a random string, ie something like random133928675548961278543491656@user.myexample.net (it literally does start with the word "random").
I've searched duckduckgo. Looking for the email's originating domain didn't give me anything, and looking to understand what validators are, I get some hits about node validators for crypto (I do not crypto) and some about domain validation which I guess is more relevant, but I still don't understand why I got this email and whether it is safe to actually "please ignore."
What are they validating? Who are "they"? Where did they get my domain/subdomain, and why do they need to validate it? I have not contacted my domain registrar or email provider ... should I?
If you aren't familiar with subdomain addressing, for my email address user@myexample.net, whenever I enter an email on a website, I can create a new prefacing name and use my "user" name as a subdomain. For instance, here I might use mefi@user.myexample.net. Any email sent to that address will still come to my user@myexample.net inbox, with the added bonus that it will auto-sort to my "mefi" folder.
I recently received an email from validator@gryellownode390.top, with the subject "This is a test email subject for validation (2024-10-20T00:14:34+05:30)" and the body "This is a test email for validation, please ignore (2024-10-20T00:14:34+05:30)." It is addressed to "Receiver", with an email address that has my user subdomain, but the preface to the address is a random string, ie something like random133928675548961278543491656@user.myexample.net (it literally does start with the word "random").
I've searched duckduckgo. Looking for the email's originating domain didn't give me anything, and looking to understand what validators are, I get some hits about node validators for crypto (I do not crypto) and some about domain validation which I guess is more relevant, but I still don't understand why I got this email and whether it is safe to actually "please ignore."
What are they validating? Who are "they"? Where did they get my domain/subdomain, and why do they need to validate it? I have not contacted my domain registrar or email provider ... should I?
Another vote here for just ignoring it.
I am a software developer, and my feeling is that what they are validating here is your email address; specifically, whether your mail server will accept messages sent to that address. When you send an email to a mail server, it (usually) gives some sort of response, and the nature of that response can tell the sender whether that address is capable of receiving mail. This is a way that spammers can use to create lists of "known good" emails, that is, addresses that they can either send spam to or else compile into lists and sell them on to other spammers.
posted by number9dream at 10:39 AM on October 22 [1 favorite]
I am a software developer, and my feeling is that what they are validating here is your email address; specifically, whether your mail server will accept messages sent to that address. When you send an email to a mail server, it (usually) gives some sort of response, and the nature of that response can tell the sender whether that address is capable of receiving mail. This is a way that spammers can use to create lists of "known good" emails, that is, addresses that they can either send spam to or else compile into lists and sell them on to other spammers.
posted by number9dream at 10:39 AM on October 22 [1 favorite]
If you're able to block by sub-domain forwarding for your email at the near server side ie *@spamemailuse.myexample.net' that will hopefully stop future spam there.
However, if your system is set up to just forward everything through to your valid email, rather than you manually setting up individual forwarded email addresses as you add new accounts, chances are that once the domain gets on the spam list for any-email-address-at-this-domain-works@myexample.net, then your spam is likey to get worse.
I use unique email forwarders for all new email registrations, ie paytopark@myexample.net and this points through to my current real mailbox, ie mailbox@myexample.net.
Then when the paymypark@ email gets leaked, I can just block it. Set up a new paymyparkOct24@myexample.net and see how long that takes to get leaked.
And then when my mailbox@myexample.net reply address finally gets leaked (ie I've replied to someone, and their computer emails get harvested), I can just reforward all my other forwarders to a newmailbox@myexample.net
I've been doing this for a couple of decades now. It works well for me (generally these days I just need to wait 30 mins for the new email forwarder to become active).
I did get hit by a couple of wildcard spaming to my domains a few years ago, and wafched in realtime as one inbox filled with hundreds of messages escalating in number over 20 minutes.
So it's much easier for me to add each new address manually at the time, than try to find them all to allow each one later.
I understand sevices like protonmail now offer temp unique email addresses to forward through to your real email. And there's certainly more software driven ways too.
Just sharing what works for me.
posted by many-things at 11:36 AM on October 22
However, if your system is set up to just forward everything through to your valid email, rather than you manually setting up individual forwarded email addresses as you add new accounts, chances are that once the domain gets on the spam list for any-email-address-at-this-domain-works@myexample.net, then your spam is likey to get worse.
I use unique email forwarders for all new email registrations, ie paytopark@myexample.net and this points through to my current real mailbox, ie mailbox@myexample.net.
Then when the paymypark@ email gets leaked, I can just block it. Set up a new paymyparkOct24@myexample.net and see how long that takes to get leaked.
And then when my mailbox@myexample.net reply address finally gets leaked (ie I've replied to someone, and their computer emails get harvested), I can just reforward all my other forwarders to a newmailbox@myexample.net
I've been doing this for a couple of decades now. It works well for me (generally these days I just need to wait 30 mins for the new email forwarder to become active).
I did get hit by a couple of wildcard spaming to my domains a few years ago, and wafched in realtime as one inbox filled with hundreds of messages escalating in number over 20 minutes.
So it's much easier for me to add each new address manually at the time, than try to find them all to allow each one later.
I understand sevices like protonmail now offer temp unique email addresses to forward through to your real email. And there's certainly more software driven ways too.
Just sharing what works for me.
posted by many-things at 11:36 AM on October 22
These are spam bots looking for hosts to send mail through and domains to send to. I appreciate the subdomain thing, but it's going to get gross with spammers real fast.
Adding to other's ideas, appending your username in username@example.com with a +paytopark is a thing that should always work - username+paytopark@example.com should still get to you, but spammers don't seem to abuse. It's described in an RFC, should someone want to read up on it.
posted by bensherman at 11:53 AM on October 22
Adding to other's ideas, appending your username in username@example.com with a +paytopark is a thing that should always work - username+paytopark@example.com should still get to you, but spammers don't seem to abuse. It's described in an RFC, should someone want to read up on it.
posted by bensherman at 11:53 AM on October 22
I would guess somebody is validating that your email address works. People who sell address lists guarantee a certain percentage of working addresses, which spammers need because mail forwarding services will shut down if they start getting too many bounces.
posted by Tell Me No Lies at 12:29 PM on October 22 [1 favorite]
posted by Tell Me No Lies at 12:29 PM on October 22 [1 favorite]
Domains are public record; subdomains are available for anybody who knows where to look. I just searched for "whois subdomain" then entered example.com in the first website, which gave me these results. (if that link doesn't work, go to https://subdomains.whoisxmlapi.com and type example.com in the box)
The fact it was sent to a completely random string and not just their attempt at guessing an email is a bit odd, but not at all concerning.
If your email provider has a "bounce" option (where it returns the email to sender as if it bounced), you could do that.
posted by tubedogg at 12:42 PM on October 22
The fact it was sent to a completely random string and not just their attempt at guessing an email is a bit odd, but not at all concerning.
If your email provider has a "bounce" option (where it returns the email to sender as if it bounced), you could do that.
posted by tubedogg at 12:42 PM on October 22
You are not logged in, either login or create an account to post comments
posted by Alensin at 10:32 AM on October 22