Misuse of "task specific" email addresses / does anybody know somebody with a brain at Takealot

[Paul Hjul]

Okay so this is a slightly odd situation but I suspect somebody else might find it intriguing.

Tips to optimize your Gmail inbox - Google Workspace Learning Center

Google Workspace productivity guideOn this page Tips for filtering & sorting emails

support.google.com

I don't use the feature extensively but I know about it and have used it in the past. I doubt that the fact that I've used it makes any difference.

So a while back I had a flurry of "welcome to takealot" emails. Looked at them and its clear that an automated script (or really bored human) signed up hundreds of takealot accounts with the takealot system not recognizing that the + symbol does not represent a different user. Sent an email to their customer support but clearly no competent response forthcoming. Anyway have it filtered to delete the messages. Not marking as spam in part because I think that is something the asshole behind it would want. A bit later thousands of welcome to takealot furthered off by thousands of takealot promotional email duplicates. Gmail is actually slogging off with the delete exercise and its a bit of a nuisance. I have no idea if I am being targetted by a moron script kiddie or how widespread it is. But quite simply while its a mild nuisance to me occassionally I suspect if morons are doing mass signups and takealots systems aren't clicking what is going on that a sizable amount of resources that ultimately takealot pays is occuring.

So the question is:
(a) does anybody here work for or know somebody with a brain who works at Takealot
(b) anybody familiar with this sort of nonsense as an abuse vector - I mean apart from spam I am battling to see any actual objective.

 

[Paul Hjul]

 

[satanboy]

a) no, they are idiots of the highest calibre (from responses to my enquiries in the past)
b) no

I have that same email, but only once.

 

[biometrics]

No issue here. I use Outlook/Office 365 though.

 

[biometrics]

But have to say, when a spammer/griefer locks on to you it can be hell to get your email back.

 

[DA-LION-619]

Okay so this is a slightly odd situation but I suspect somebody else might find it intriguing.

Tips to optimize your Gmail inbox - Google Workspace Learning Center

Google Workspace productivity guideOn this page Tips for filtering & sorting emails

support.google.com

I don't use the feature extensively but I know about it and have used it in the past. I doubt that the fact that I've used it makes any difference.

So a while back I had a flurry of "welcome to takealot" emails. Looked at them and its clear that an automated script (or really bored human) signed up hundreds of takealot accounts with the takealot system not recognizing that the + symbol does not represent a different user. Sent an email to their customer support but clearly no competent response forthcoming. Anyway have it filtered to delete the messages. Not marking as spam in part because I think that is something the asshole behind it would want. A bit later thousands of welcome to takealot furthered off by thousands of takealot promotional email duplicates. Gmail is actually slogging off with the delete exercise and its a bit of a nuisance. I have no idea if I am being targetted by a moron script kiddie or how widespread it is. But quite simply while its a mild nuisance to me occassionally I suspect if morons are doing mass signups and takealots systems aren't clicking what is going on that a sizable amount of resources that ultimately takealot pays is occuring.

So the question is:
(a) does anybody here work for or know somebody with a brain who works at Takealot
(b) anybody familiar with this sort of nonsense as an abuse vector - I mean apart from spam I am battling to see any actual objective.

Just create a Google rule that moves the email to the trash.
Someone who dislikes you has your email it seems, Takealot should really confirm email addresses but promo spam so they’re probably meh.

 

[Paul Hjul]

Just create a Google rule that moves the email to the trash.
Someone who dislikes you has your email it seems, Takealot should really confirm email addresses but promo spam so they’re probably meh.

that is what I have done, changing the rule to skip the bin if I can as it clogs the bin. Simply confirming addresses wouldn't actually solve the first leg of the problem namely a script mechanism performing thousands of signups and thereby wasting others resources - the attacker is using probably the same compute resources as takealot to register the account. Then takealot (or their outbound mail provider) incurs the compute resources (bandwidth etc ...) to send the signup email and then gmail has to deal with all the mail well before it gets to the user. In this case the lack of a reverse Turing test at signup is probably what is at issue. Of course the fact that takealot doesn't perform further verification before sending out daily promotional material makes it an ideal signup.

A lot of people don't like me. Many of them have my email address so I don't find the fact that some malcontent gets a hard on from doing this to be odd or unexpected. Script kiddies are gonna script. However the incurred cost here isn't really borne by me - google has to deal with the crap and I don't get charged for the compute, takealot is incurring
On this little pile of shit we are talking about cents or rands but if some moron script kiddie or MyBroadband pissant thinks its cool to fuckaround with thousands of email addresses like this it starts to rack up. Moreover the likelihood of somebody marking takealot comms here as spam in gmail is pretty high.

 

[DA-LION-619]

that is what I have done, changing the rule to skip the bin if I can as it clogs the bin.

Curiously I noticed very little TAL mails on my side so I took a look.
Some time in the middle of July, Takealot switched from Salesforce to Braze, to match the others in the group(Mr D etc).

You can just go ahead and block, newsletters@takealot.com

However the incurred cost here isn't really borne by me - google has to deal with the crap and I don't get charged for the compute, takealot is incurring
On this little pile of shit we are talking about cents or rands but if some moron script kiddie or MyBroadband pissant thinks its cool to fuckaround with thousands of email addresses like this it starts to rack up. Moreover the likelihood of somebody marking takealot comms here as spam in gmail is pretty high.

Google doesn’t care, advertising is their business. Their spam reporting caters specifically for this, rather focusing on the marketing campaign than domain.

Takealot doesn’t care, I get spammed with nonsense from Superbalist since they share marketing lists. It’s not comms, it’s spam. Takealot ‘auto’ opts you in.