One of the great things about maintaining your own domain is the ability to put up a good fight when it comes to spam. It’s a real battle. This domain has been registered since the late 90’s, when an open Internet meant that just about anybody could harvest contact information from domain registration databases.
The result is that my main personal mail address has been inundated with spam for nearly 15 years. It’s not just inbound. This domain has been used as a forged mail source more than once. In one incarnation, the home page here maintained a debunking of various bullshit claims that appeared to have come from me, so at the very least those with the wherewithal to visit the site would not get scammed. Like it or not, I’m on the vanguard of the spam fight.
For the past decade or so I’ve created a unique forwarding address for every thing I sign up for. Over the years it’s gone from a simple “name of service at ambit online dot com” to incorporate a random string, to eliminate the “anyone could have guessed that” defence.
This has led to some interesting results. From exposing criminal theft of data at two companies, to partner misbehaviour at Salesforce (see my Don’t Trust Salesforce.com post).
This morning I was met with two pieces of spam from my tracking address for ZoomInfo.com, both personally addressed using my name. One was from email@example.com, one from firstname.lastname@example.org. Clearly both are from the same source, and the body of the message includes the same contact information: Executive Education, P.O. Box 31, Devault, PA 19432, 1-888-669-6067. My opinion: anyone who does business with a spammer using a generic name and running out of a post office box is a complete fool.
This spam not only contained my name, but it was addressed to an address that contained “zoominfo” plus six random alphanumeric characters. Obviously this is came directly from Zoominfo’s databases. The odds of a guess on the random string alone are over one in two billion.
When this sort of thing happens, I normally contact the source and try to find out what the issue is. It’s either theft of data or unethical behaviour from a partner. Both are serious, and possibly criminal, bad behaviour. So I went to the zoominfo.com site, started down the “support” path. Zoominfo is structured to deflect support away from anything that requires them to expend staff time. That’s an early indicator of a poor customer service philosophy. Honestly I just don’t have the patience to eventually get to some form buried five levels deep, only to get an auto-response suggesting I consult the crap I just waded through. It’s just easier to go public.
So here’s the simple bottom line: Either Zoominfo has been hacked and has a big problem, or they have lousy partner selection criteria, which is possibly a bigger problem. Either way, they need to come clean in a public way, and fast. Their credibility with me has just taken a huge hit. Not that that makes for much of a change, really.
Meanwhile, I’m off to update a tracking address. If the spam follows the address, I’ll know it’s a partner problem. Unless Zoominfo is completely asleep at the switch, there are likely to be updates to this coming soon.
I’ve received the same spam from email@example.com but have never registered with Zoominfo. Zoominfo have my e-mail harvested from the web, with a title in the e-mail which matches the Zoominfo entry. What I found interesting that the content appeared legitimate by published authors. It would seem unlikely that someone with access to marketing through Amazon etc would need to risk their reputations by resorting to spam. Perhaps the content is plagiarized?
Maybe someone is correlating the data and passing it off as a “clean” opt-in list. I always find these offers of “100,000 people willing to receive whatever crud someone wants to send” dubious at best.
ZoomInfo has a partner who was actively stalking every person in my company engaged in specific work. Once the research was completed, sometime in August 2014, We believe the Stolen Data was sync’d with a ZoomInfo Subscription. ZoomInfo sold the data through their Subscription Service. Now my co-workers and I are being inundated with spam: email, telephone (work, home, cell), and most terrifying Postal Mail both to our place of employment and at home.
Thanks for going public – your post confirms everything we have suspected – ZoomInfo sells stolen data.
Note to readers: the absence of specific information in this comment led me to do a little research on the poster, just to be sure that it wasn’t someone with a hidden agenda. The fact that you can read it means I’m satisfied the author is a real person. This lends the comment some credibility. Obviously the author has an interest in making sure no additional data gets revealed and I completely understand that.
ZoomInfo has been spamming me for a while. I’ve contacted them to have my company removed from their database, but they said I wasn’t in there. Still, I continue to get spam directly from the the http://www.zoominfo.com/s/ address. Here’s another post regarding ZoomInfo spam: https://spamfightback.wordpress.com/zoominfo-spam-database/
And, I also came across this support # that allegedly you can call to get your info updated: 1 (866) 904-9666