Update: Part of the problem is the “allow people to contact me through this address” flag, which was set on. Hard to believe I’d let that happen, but I’ll assume that part was my failure, although the spam in question came in directly, not through Zoominfo’s servers. It’s probable that there was still a loss of data integrity at Zoominfo.

One of the great things about maintaining your own domain is the ability to put up a good fight when it comes to spam. It’s a real battle. This domain has been registered since the late 90’s, when an open Internet meant that just about anybody could harvest contact information from domain registration databases.

The result is that my main personal mail address has been inundated with spam for nearly 15 years. It’s not just inbound. This domain has been used as a forged mail source more than once. In one incarnation, the home page here maintained a debunking of various bullshit claims that appeared to have come from me, so at the very least those with the wherewithal to visit the site would not get scammed. Like it or not, I’m on the vanguard of the spam fight.

For the past decade or so I’ve created a unique forwarding address for every thing I sign up for. Over the years it’s gone from a simple “name of service at ambit online dot com” to incorporate a random string, to eliminate the “anyone could have guessed that” defence.

This has led to some interesting results. From exposing criminal theft of data at two companies, to partner misbehaviour at Salesforce (see my Don’t Trust Salesforce.com post).

This morning I was met with two pieces of spam from my tracking address for ZoomInfo.com, both personally addressed using my name. One was from audio@execwebtraining.com, one from audio@webcareertraining.net. Clearly both are from the same source, and the body of the message includes the same contact information: Executive Education, P.O. Box 31, Devault, PA 19432, 1-888-669-6067. My opinion: anyone who does business with a spammer using a generic name and running out of a post office box is a complete fool.

This spam not only contained my name, but it was addressed to an address that contained “zoominfo” plus six random alphanumeric characters. Obviously this is came directly from Zoominfo’s databases. The odds of a guess on the random string alone are over one in two billion.

When this sort of thing happens, I normally contact the source and try to find out what the issue is. It’s either theft of data or unethical behaviour from a partner. Both are serious, and possibly criminal, bad behaviour. So I went to the zoominfo.com site, started down the “support” path. Zoominfo is structured to deflect support away from anything that requires them to expend staff time. That’s an early indicator of a poor customer service philosophy. Honestly I just don’t have the patience to eventually get to some form buried five levels deep, only to get an auto-response suggesting I consult the crap I just waded through. It’s just easier to go public.

So here’s the simple bottom line: Either Zoominfo has been hacked and has a big problem, or they have lousy partner selection criteria, which is possibly a bigger problem. Either way, they need to come clean in a public way, and fast. Their credibility with me has just taken a huge hit. Not that that makes for much of a change, really.

Meanwhile, I’m off to update a tracking address. If the spam follows the address, I’ll know it’s a partner problem. Unless Zoominfo is completely asleep at the switch, there are likely to be updates to this coming soon.

Mastodon