Have you checked the settings in the control panel? What does it say under Show Email Address [webmasterworld.com]?

It says 'no'.

Is it a gmail address?

I don't think WebmasterWorld has had any compromised email issues, nothing that's been shared with the admins anyway.

If you get notifications sent from WebmasterWorld to some other inboxe and that inbox was ever compromised they could have harvested your email address there. For instance from Yahoo mail, gmail, etc. I just recently got email directly from a friend's yahoo email address that was spam and I get stuff from names I know on Facebook all the time yet neither my email address nor WebmasterWorld's email address has been compromised as far as I know.

FWIW, if you've ever seen the backend of most email systems it's all stored in plain text so all the transmitting over HTTPS for security is a big joke. Anyone with access to the server, whether authorized or not, can see everything plain as day. The most you can hope for with HTTPS is that the masses of crackers and sniffers aren't getting access to your passwords and such when broadcasted over the internet. However, if the hackers get access to the server itself all bets are off, email addresses get harvested en masse.

It's an address at my own domain. Incoming mail goes to my own server. I searched the mailserver logs and found no other mail for the address, except mail from this board.

But if no one else has received a message about "NEW COURSE: Responsive Web Design - Save $xx", I guess I must have used the address somewhere else.

I would have been very surprised if WebmasterWorld were to blame, as I don't recall any such issue over the past 11 years.

[edited by: RonPK at 4:42 pm (utc) on Aug 31, 2013]

@incrediBILL: true, 'secure' email is only about the connection between the user and the server. There are a few providers who store the messages encrypted. Two such companies in the US shut down last month because of troubles with law enforcement...

Virus and trojans on your own PC can be sending email addresses to their base without you knowing it.

Also, spammers use a guess list @ yourDomain and then run through that list. As most use malware on other people's computers they don't care if the success rate is only 1%.

I/We never once shared or loaned out the email list while I had the keys. The only thing we ever did in 15 years I ran it was two emailings to the membership - ONE to let WebmasterWorld members know we had updated the software in 2005, and one to let them know we'd moved to a new domain(webmasterworld.com 1999). I know IMN shares exactly the same philosophy.

As no one else seems to have received the email, I obviously must have made a mistake in thinking that the company used WebmasterWorld's email list. My bad, apologies for that.

It is amazing the number of ways that scammers can find your email addresses. Sell addresses they find is one of the ways that ISP's can make a 'dark buck'.

I can assure you that we NEVER gave out or sold anyones email address. I'd / We'd never do that. You have my word.

One more possible reason. The email address at your domain, was it a generic name like admin, webmaster, info etc etc. If a domain is live the sender may just be sending to a list of common email addresses.

You should also check you don't have a wildcard entry. This would make "anything" at domain be sent to your email address.

Another thing to think about now is the content of the email, did it contain remote content such as imaged. Images are often used for email tracking. If you allow an image to be displayed, the server will record a "hit" for your address. This confirms that the email address is live and may result in more spam being sent.

Mack.

The address is [the three letters this forum converts] @ mydomain.tld.

The sender is a legit publisher, not a company that would use viruses or hack into my server to steal addresses. Mail server logs show no traces of them trying addresses.

So I guess I must have broken my own policy: used the address somewhere else. It's just that I don't recall ever signing up with them or receiving mail from them.