Spymac abusing Google GMail to spam your address book

Read this story about Spymac spamming people through GMail. I was apparently in Reid's GMail contacts and I got hit too. But what really bugs me now is that I got the spam from Spymac not via my GMail address but via my main personal email address on padawan.info, the one I gave to Google when registering to GMail, and one that neither Reid nor Spymac have (or should have). This means that either Spymac has got this address from Google or Google sent the spam on behalf of Spymac. The former looks more probable as the email source shows that the email was sent from a server named http11.spymac.net. They also got my full name. In any case, I didn't give Google the permission to share my name and private email address with a third party. (See post-scriptum below.)

This smells really, really bad.

P.S. the story still unfolds and gets uglier at each episode. Apparently Spymac has found a way to crawl one's entire GMail correspondence and spam whoever you have ever written to. That's how my personal address was hit, as Reid had sent me an email through GMail a long time ago. This is really maddening!

P.S. 2: per Reid's post and Garoo's comment below, I rule Google out as a culprit. But if what Spymac has done isn't against the Terms of Use of GMail, then Google has a problem. If it is against the ToU, as I think it is, then Google lawyers should talk to Spymac.

P.S. 3: Unfortunately, the practice extends.


Yeah, they found a crazy, scary hack that lets them access your Gmail address book: they ask you for your password. (You'd think people wouldn't fall for this nowadays, but you'd be wrong.)

this is messed up.. I am going to try to ask around..


mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...