• Dangers of mentioning email addresses here

    From Sean Rima@2:263/1 to All on Thu Jul 9 21:41:04 2026
    Some time ago, I posted my public ket here and someone posted back the email addresses that were linked to the key. Since then, I have been getting emails from Google Personal search, all mentioning BBS sites

    example:

    We found new results about you

    2 new search results match your name and personal info. You can make a request to have them removed from Google Search.


    Synchronet https://smtp.sestar.synchro.net/msgs/msg.ssjs?msg_sub=fido-pkeydrop&message=69 Message: Re: My New GPGP Key - The SouthEast Star - Synchronet Found 9 Jul 2026


    So if someone posts a key here, don't mention the email address. I get these emails once or twice a day, every day

    Sean


    ... TCOB1: binkd.rima.ie or bbbs.rima-iot.eu
    -+- blueMail/Linux 1.4

    --- BBBS/LiR v4.10 Toy-7
    * Origin: TCOB1 https://binkd.rima.ie (2:263/1)
  • From August Abolins@2:221/1.58 to Sean Rima on Fri Jul 10 19:02:00 2026
    Hello Sean Rima!

    ** On Thursday 09.07.26 - 21:41, Sean Rima wrote to All:

    Some time ago, I posted my public ket here and someone posted back the email addresses that were linked to the key. Since then, I have been getting emails from Google Personal search, all mentioning BBS sites

    It's not "here" that's the problem. The problem is echos that are in general open to the non-fido public, courtesy of bbses that allow unrestricted access.


    Synchronet https://smtp.sestar.synchro.net/msgs/msg.ssjs?msg_sub=fido-pkeydrop&messa ge=69 Message: Re: My New GPGP Key - The SouthEast Star - Synchronet
    Found 9 Jul 2026

    Yes.. Synchronet bbses make that easy.


    So if someone posts a key here, don't mention the email address. I get these emails once or twice a day, every day

    But note, that the public key will contain the emails (or names) in the block. So anyone can just run gpg -d <file> against it and see the same content.

    --
    ../|ug

    --- OpenXP 5.0.64
    * Origin: 0D0EB2A295204F3167EB2503CEF0E89655789589B (2:221/1.58)
  • From Sean Rima@2:263/1 to August Abolins on Sat Jul 11 12:17:44 2026
    August Abolins wrote to Sean Rima <=-

    Hello Sean Rima!

    ** On Thursday 09.07.26 - 21:41, Sean Rima wrote to All:

    Some time ago, I posted my public ket here and someone posted back
    the
    email addresses that were linked to the key. Since then, I have been
    getting emails from Google Personal search, all mentioning BBS sites

    It's not "here" that's the problem. The problem is echos that are in general open to the non-fido public, courtesy of bbses that allow unrestricted access.


    That is part of my point. We should be able to share stuff here but it seems that guest logins are undoing the safety of echomail.

    Synchronet

    https://smtp.sestar.synchro.net/msgs/msg.ssjs?msg_sub=fido-pkeydrop&messa
    ge=69 Message: Re: My New GPGP Key - The SouthEast Star - Synchronet
    Found 9 Jul 2026

    Yes.. Synchronet bbses make that easy.


    Far too easy, wish they would close it

    So if someone posts a key here, don't mention the email address. I
    get
    these emails once or twice a day, every day

    But note, that the public key will contain the emails (or names) in the block. So anyone can just run gpg -d <file> against it and see the same content.

    Not my point, email addresses are mentioned and spam follows, spammers don't have the time to go to that lenght

    Sean

    ... TCOB1: binkd.rima.ie or bbbs.rima-iot.eu

    --- BBBS/LiR v4.10 Toy-7
    * Origin: TCOB1 https://binkd.rima.ie (2:263/1)
  • From mark lewis@1:3634/12.73 to August Abolins on Sat Jul 11 07:06:28 2026

    On 2026 Jul 10 19:02:00, you wrote to Sean Rima:

    Some time ago, I posted my public ket here and someone posted back the
    email addresses that were linked to the key. Since then, I have been
    getting emails from Google Personal search, all mentioning BBS sites

    It's not "here" that's the problem. The problem is echos that are in general open to the non-fido public, courtesy of bbses that allow unrestricted access.

    "[...] that allow unrestricted _read_ access _to public echos_."
    FTFY ;)


    Synchronet
    https://smtp.sestar.synchro.net/msgs/msg.ssjs?msg_sub=fido-pkeydrop&me
    ssa ge=69 Message: Re: My New GPGP Key - The SouthEast Star -
    Synchronet Found 9 Jul 2026

    Yes.. Synchronet bbses make that easy.

    pretty much... mainly one only need to have a Guest account and enable the web server... from there it is a matter of making sure which echos (and file areas) the Guest account has read access to... one should ensure that the Guest account does not have write access, though...


    So if someone posts a key here, don't mention the email address. I get
    these emails once or twice a day, every day

    But note, that the public key will contain the emails (or names) in the block. So anyone can just run gpg -d <file> against it and see the same content.

    very true and easily done in a "scraper script"...


    )\/(ark

    "The soul of a small kitten in the body of a mighty dragon. Look on my majesty, ye mighty, and despair! Or bring me catnip. Your choice. Oooh, a shiny thing!"
    ... The US has great variety in postage stamps but they all taste the same!
    ---
    * Origin: (1:3634/12.73)
  • From mark lewis@1:3634/12.73 to Sean Rima on Sat Jul 11 08:33:02 2026

    On 2026 Jul 11 12:17:44, you wrote to August Abolins:

    But note, that the public key will contain the emails (or names) in
    the block. So anyone can just run gpg -d <file> against it and see
    the same content.

    Not my point, email addresses are mentioned and spam follows, spammers don't have the time to go to that lenght

    you might be surprised... AFAIK spammers/bot hearders operate very much like sysops... they script everything... they can easily add an additiona section to their scripts to look at the public keys, harvest the email addresses, ans store them in their lists for later use in a spamming run... it is basically no harder than writing assistance/helper macros for a terminal to do automated things like mapping the Tradewars 2000 universe...

    )\/(ark

    "The soul of a small kitten in the body of a mighty dragon. Look on my majesty, ye mighty, and despair! Or bring me catnip. Your choice. Oooh, a shiny thing!"
    ... That's what aliens are, they do alien things that are alien!
    ---
    * Origin: (1:3634/12.73)
  • From Sean Rima@2:263/1 to Mark Lewis on Sat Jul 11 14:14:02 2026
    mark lewis wrote to Sean Rima <=-

    On 2026 Jul 11 12:17:44, you wrote to August Abolins:

    But note, that the public key will contain the emails (or names) in
    the block. So anyone can just run gpg -d <file> against it and see
    the same content.

    Not my point, email addresses are mentioned and spam follows,
    spammers
    don't have the time to go to that lenght

    you might be surprised... AFAIK spammers/bot hearders operate very much like sysops... they script everything... they can easily add an
    additiona section to their scripts to look at the public keys, harvest
    the email addresses, ans store them in their lists for later use in a spamming run... it is basically no harder than writing assistance/helper macros for a terminal to do automated things like mapping the Tradewars 2000 universe...

    One of the emails that I track, was only ever used in a key that was posted here and it keeps getting emails from the Google watch thingy. I did try a remove on one email to see what would happen, nothing, Google said impossible to remove.

    I have a GPG key that I uploaded to the various servers that uses an email that is an alias, I know if I get emails to it, it will be spam :)

    Sean

    ... TCOB1: binkd.rima.ie or bbbs.rima-iot.eu

    --- BBBS/LiR v4.10 Toy-7
    * Origin: TCOB1 https://binkd.rima.ie (2:263/1)
  • From August Abolins@2:221/1.58 to Sean Rima on Sat Jul 11 22:05:00 2026
    Hello Sean!

    ** On Saturday 11.07.26 - 14:14, Sean Rima wrote to Mark Lewis:

    One of the emails that I track, was only ever used in a key that was posted here and it keeps getting emails from the Google watch thingy. I did try a remove on one email to see what would happen, nothing, Google said impossible to remove.

    I have a GPG key that I uploaded to the various servers that uses an
    email that is an alias, I know if I get emails to it, it will be spam :)

    The rima-iot one?
    --
    ../|ug

    --- OpenXP 5.0.64
    * Origin: 0D0EB2A295204F3167EB2503CEF0E89655789589B (2:221/1.58)
  • From Sean Rima@2:263/1 to August Abolins on Sun Jul 12 11:48:36 2026
    August Abolins wrote to Sean Rima <=-

    Hello Sean!

    ** On Saturday 11.07.26 - 14:14, Sean Rima wrote to Mark Lewis:

    One of the emails that I track, was only ever used in a key that was
    posted here and it keeps getting emails from the Google watch
    thingy. I
    did try a remove on one email to see what would happen, nothing,
    Google
    said impossible to remove.

    I have a GPG key that I uploaded to the various servers that uses an
    email that is an alias, I know if I get emails to it, it will be
    spam :)

    The rima-iot one?

    no, I have a lot of domains, after my main started to get these, I created a key on an account I would never use gpg and uploaded it to see. Also added it to my google search thingy

    Sean

    ... TCOB1: binkd.rima.ie or bbbs.rima-iot.eu

    --- BBBS/LiR v4.10 Toy-7
    * Origin: TCOB1 https://binkd.rima.ie (2:263/1)
  • From August Abolins@2:221/1.58 to Sean Rima on Sun Jul 12 10:33:00 2026
    Hello Sean!

    ** On Sunday 12.07.26 - 11:48, you wrote to me:

    The rima-iot one?

    no, I have a lot of domains, after my main started to get these, I
    created a key on an account I would never use gpg and uploaded it to see. Also added it to my google search thingy

    Was it this one then?..

    MID: 2:221/1.58@fidonet 28755133


    It was a message where the following email addresses were "exposed": (but this time I'll just highlight the TLD)


    2EF0B89984A1C8D0A12242BF2FC21F8603D2A3EB
    uid [ unknown] Sean Rima (Rima) <XXX@rima.XX>

    DA6E3F67013CC1A6DD02AC4A3BE9D61CAFBF9067
    uid [ unknown] seanrima-gpgmail <XXX@gmail.XX>
    uid [ unknown] Rima <XXX@rima.XX>
    uid [ unknown] Sean Rima (CW) <XXX@connemaraweather.XX>

    307CD1D672415D24EE3E65803F8D99D474CC6DDD
    uid [ unknown] Sean Rima (iot) <XXX@rima-iot.XX>
    uid [ unknown] Sean Rima <XXX@connemaraweather.XX>
    uid [ unknown] Sean Rima <XXX@renvyle.XX>
    uid [ unknown] Sean Rima <XXX@icloud.XX>
    uid [ unknown] Sean Rima <XXX@rima.XX>
    sub brainpoolP256r1 2026-01-11 [E] [expires: 2027-01-11]
    705D73EEE207C2C3273ED8FF6E27B2EFC6919E83


    Yes.. it's a sad commentary that email is still probably the most popular way for a spammer/scammer to reach a potential target.

    But the best way to avoid being a victim is to not respond/click to any unsolicted emails that contain links.

    --
    ../|ug

    --- OpenXP 5.0.64
    * Origin: 0D0EB2A295204F3167EB2503CEF0E89655789589B (2:221/1.58)
  • From Sean Rima@2:263/1 to August Abolins on Sun Jul 12 21:21:52 2026
    August Abolins wrote to Sean Rima <=-

    Hello Sean!

    ** On Sunday 12.07.26 - 11:48, you wrote to me:

    The rima-iot one?

    no, I have a lot of domains, after my main started to get these, I
    created a key on an account I would never use gpg and uploaded it
    to see.
    Also added it to my google search thingy

    Was it this one then?..

    MID: 2:221/1.58@fidonet 28755133


    It was a message where the following email addresses were "exposed": (but this time I'll just highlight the TLD)


    2EF0B89984A1C8D0A12242BF2FC21F8603D2A3EB
    uid [ unknown] Sean Rima (Rima) <XXX@rima.XX>

    DA6E3F67013CC1A6DD02AC4A3BE9D61CAFBF9067
    uid [ unknown] seanrima-gpgmail <XXX@gmail.XX>
    uid [ unknown] Rima <XXX@rima.XX>
    uid [ unknown] Sean Rima (CW) <XXX@connemaraweather.XX>

    307CD1D672415D24EE3E65803F8D99D474CC6DDD
    uid [ unknown] Sean Rima (iot) <XXX@rima-iot.XX>
    uid [ unknown] Sean Rima <XXX@connemaraweather.XX>
    uid [ unknown] Sean Rima <XXX@renvyle.XX>
    uid [ unknown] Sean Rima <XXX@icloud.XX>
    uid [ unknown] Sean Rima <XXX@rima.XX>
    sub brainpoolP256r1 2026-01-11 [E] [expires: 2027-01-11]
    705D73EEE207C2C3273ED8FF6E27B2EFC6919E83


    Nope none of those, it is not tied to any of my main accounts as listed above, the gmail account will be dropped once I finish de-googling myself



    Yes.. it's a sad commentary that email is still probably the most
    popular way for a spammer/scammer to reach a potential target.

    But the best way to avoid being a victim is to not respond/click to any unsolicted emails that contain links.


    That is one bit of advice that I always give to others, even if you are expecting an email, never click on links, no matter how easy it appears to be. I did wish companies would stop using links in emails

    Sean


    ... TCOB1: binkd.rima.ie or bbbs.rima-iot.eu

    --- BBBS/LiR v4.10 Toy-7
    * Origin: TCOB1 https://binkd.rima.ie (2:263/1)
  • From Stephen Walsh@3:633/280 to Sean Rima on Mon Jul 13 09:50:30 2026

    Hello Sean!

    12 Jul 26 21:21, you wrote to August Abolins:

    That is one bit of advice that I always give to others, even if you
    are expecting an email, never click on links, no matter how easy it appears to be. I did wish companies would stop using links in emails

    You can blame the numbat that thought putting html into email was a good idea. Hiding the real link in the html is just what causes a lot of the issues.

    The other issue is a email that is 99% the same as a legit one, except for the one link the scammers etc want the user to click on. All the
    others are to the real site/service.


    Stephen


    --- GoldED+/LNX 1.1.5-b20260304
    * Origin: Dragon's Lair ---:- dragon.vk3heg.net -:--- Prt: 6800 (3:633/280)
  • From Sean Rima@2:263/1 to Stephen Walsh on Mon Jul 13 10:57:58 2026
    Stephen Walsh wrote to Sean Rima <=-

    That is one bit of advice that I always give to others, even if you
    are expecting an email, never click on links, no matter how easy it
    appears to be. I did wish companies would stop using links in emails

    You can blame the numbat that thought putting html into email was a good idea. Hiding the real link in the html is just what causes a lot of the issues.

    Companies would have found a way, of course, html is not email and I hate seeing it as it can hide any amount of dangers


    The other issue is a email that is 99% the same as a legit one, except
    for the one link the scammers etc want the user to click on. All the others are to the real site/service.


    One of the ones that I know are dangerous are those purporting to be from booking(.)com. Their system has known to be hacked on multiple occasions and they try to deny it, but I have seen the hacked emails myself, I used to work in the hotel trade

    Sean

    ... TCOB1: binkd.rima.ie or bbbs.rima-iot.eu

    --- BBBS/LiR v4.10 Toy-7
    * Origin: TCOB1 https://binkd.rima.ie (2:263/1)