Yes, I agree. I do see generic addressing - accounts, payroll etc but these can easily be derived from a domain list. The compromised addresses I've seen are specific to the site concerned and recently I have seen a massive increase in demands for bitcoin payments to prevent exposure of webcam (I don't have one plugged in) or browsing history / screenshots etc. As I posted 5 years ago, one clear link is vBulletin software, as used by CAG. In these cases I'm getting email to registered addresses plus passwords so it's clear sites using this forum software have been compromised...

I think a number of posters work in IT, and, as commented, we operate our own domains and use the catch-all email function to route messages so we can make up addresses on the fly. As you say, this gives us a unique insight into the techniques spammers use, from random brute-force guesses, which in my experience are relatively rare (I've only seen a couple in 20 years), to compromised databases, which are far more common. It's obvious when a site is compromised, it starts with a trickle of spam and increases as the list is sold on or shared. When this happens, I tend to change my registered email address at the main site and add the compromised address to my blacklist, however most users with a single email address don't have this luxury. As time goes on, it gets harder and harder to work out how your email address came to be shared. In my experience, spoofed email tends to come from the web-based services - Yahoo was particularly bad - and happens when an account is compromised to the extent that the user's contact list is accessed too. That's how emails are sent from a known contact, to trick the user into opening the message. I agree, it is possible for a PC to be infected but with antivirus programs being so common, I think it's rare these days. CAG demonstrated they are one of the more responsible organisations, reporting the breach immediately and responding to the comments we have posted. Others have gone to great lengths to deny any intrusion or refuse to reply/comment... I hope GDPR will put an end to that as they are encouraged to report breaches immediately.

Sorry to hear about the loss of one of your team - condolences. I didn't get notification this thread had been updated today, presume that's connected with the "Find all posts" error : "connection to localhost:3312 failed (errno=111, msg=Connection refused)" I just got another message, sent to my CAG specific email so I can identify each one. Have just forwarded all messages to your admin addy, along with headers. Let me know if I can help - webmaster for 15 odd years, forum moderator and site admin for 13.

Just got another one, as commented they're using jumbomail and the message purports to come from CAG. Might it be an issue with CAG's mailing service?? Return-Path: Delivered-To: ******** Received: ************* Tue, 10 Oct 2017 09:53:31 +0100 Received: ************* Tue, 10 Oct 2017 09:53:31 +0100 Received: from mail.jumbomail.org ([51.255.6.188]) by mx2.xxx.xxx.xxx with esmtp (Exim 4.89) (envelope-from ) id 1e1qI7-0000eX-A4 for *************; Tue, 10 Oct 2017 09:53:31 +0100 Received: by mail.jumbomail.org (Postfix, from userid 0) id 53123171E52; Tue, 10 Oct 2017 08:12:38 +0100 (BST) To: ******************************** Subject: Instant 1000% profit. For REAL! Here is how. X-PHP-Originating-Script: 0:email.php Message-ID: Date: Tue, 10 Oct 2017 07:26:36 +0100 From: "MILLIONAIRES MIND" Reply-To: johnwu143 @ gmail.com MIME-Version: 1.0 X-Mailer-LID: 82,84,85,86,87,77,76,98,99,100,101,102,75,63,51 List-Unsubscribe: X-Mailer-RecptId: 2204429 X-Mailer-SID: 949 X-Mailer-Sent-By: 1 Content-Type: multipart/alternative; charset="UTF-8"; boundary="b1_2c89ca5305b298e640c7bdc6885ce52d" Content-Transfer-Encoding: 8bit X-Spam-Score: 2.1 (++) X-Spam-Report: Action: no action Symbol: HAS_REPLYTO(0.00) Symbol: URIBL_BLOCKED(0.00) Symbol: FROM_NEQ_ENVFROM(0.00) Symbol: HAS_PHPMAILER_SIG(0.00) Symbol: FREEMAIL_FROM(0.00) Symbol: FREEMAIL_REPLYTO(0.00) Symbol: MIME_GOOD(-0.10) Symbol: HAS_X_POS(0.00) Symbol: RCVD_COUNT_ONE(0.00) Symbol: FORGED_SENDER(0.30) Symbol: ARC_NA(0.00) Symbol: R_SPF_ALLOW(-0.20) Symbol: RCVD_NO_TLS_LAST(0.00) Symbol: SUBJECT_HAS_EXCLAIM(0.00) Symbol: R_DKIM_NA(0.00) Symbol: DMARC_POLICY_SOFTFAIL(0.10) Symbol: IP_SCORE(0.00) Symbol: ASN(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_DN_NONE(0.00) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: PHP_SCRIPT_ROOT(1.00) Symbol: HAS_INTERSPIRE_SIG(1.00) Symbol: REPLYTO_DOM_EQ_FROM_DOM(0.00) Symbol: RCPT_COUNT_ONE(0.00) Message: (SPF): spf allow Message-ID: d75e5fb94d5560f39363446f09ab2212 @ em.jumbomail.org X-Antivirus: Avast (VPS 171009-2, 09/10/2017), Inbound message X-Antivirus-Status: Clean From: MILLIONAIRES MIND [mailto:noreply @ gmail.com] Sent: 10 October 2017 07:27 To: ******** Subject: Instant 1000% profit. For REAL! Here is how. Hi Guys.. FapTurbo 3.0 is going to offer an instant 25% deposit bonus and .hold your horses 1000% deposit matches 2x trading with it.. CLICK HERE that`s right.. even before you profit with trading your profit on day 1 ! Here is how: MORE INFORMATION The road to the million is being made available exclusively for FapTurbo 3.0 traders.. those brokerages want you to succeed because they trade alongside you not against you. true ECN brokerages.. not like marketmaker casino brokers.. Another huge advantage Read the full story here about the revolutionary dual Leg ™ system here! DON'T MISS THIS CHANCE! Looks like a fabulous christmas is waiting for us! Sincerly Johm WU To unsubscribe and no longer to receive work from home info & tips, hit link below: Unsubscribe

I've just received a spam message and can guarantee there's no way my unique email address could be derived or guessed...

Me too, email received at an address registered exclusively with CAG. No evidence of my CAG account being accessed or abused and I've changed the email address so I can dump the spam. I'm presuming it's vBulletin (Search BBC for "Firm scrambles to patch vBulletin software flaw") but given the popularity of this software plus you can easily get source code it's understandable.