I just purchased a domain and got it all set up. When I made my email
accounts for it, I instantly started getting spam. This is a brand new domain –
are the spammers in bed with my registrar or is something else going on? How’d
they start spamming me so quickly?
Something else is going on.
While it’s possible that spammers are looking at newly registered domains (I
don’t think that they need any special backdoor access to your registrar for that),
that doesn’t seem like a particularly useful thing for the spammers to be doing.
Newly registered domains aren’t likely to have a lot of email recipients and
they are what the spammers want.
No, I think something significantly more mundane is happening here.
In fact, it’s possible that we might have a hard time calling some of those
emails spam at all.
Everything old is new…
My guess is that while you did just newly register the domain, you might not be the first person to have owned it.
Your domain name – something like “yourveryowndomainname.com” – is kind of like your home, your property, and your house on the internet. People come by for a visit (hopefully), mail gets sent there, and so on.
And like real estate in the real world, property on the internet gets sold, traded, or abandoned all the time.
And someone new moves in.
Perhaps that someone was you.
It’s possible that the domain name that you just purchased was once owned by someone else.
And now, you’re getting their mail.
Email accounts & catch-alls
If there were active email accounts used on your domain by its prior owner and you set up accounts with the same email name, perhaps they had email@example.com and you also happened to set up firstname.lastname@example.org, you’d now be getting any email that’s still trying to reach the prior owner.
Depending on circumstance, that could be unlikely (you have unique email names that don’t overlap with the prior owner) or very likely (you’ve set up all of the standard domain email addresses, such as email@example.com, firstname.lastname@example.org, and so on – and so did the prior owner).
Depending on how your domain is hosted, what’s more likely is that there’s a “catch-all” account that’s been set up. A catch-all is an email account that receives all of the email for which there is no configured email address. For example, if you don’t have email@example.com configured as an email address, and someone sends email to firstname.lastname@example.org, it gets sent to the catch-all account instead.
And, perhaps, as the domain owner, you’re getting all of the mail caught by that catch-all.
You’ll probably want to look at turning that feature off.
It might or might not be spam
So you purchase your domain name, you set up email@example.com as your email address, and you suddenly start getting the weekly pickled herring newsletter for herring lovers.
Why? Because the previous owner of that domain used firstname.lastname@example.org as an email address and they had subscribed to the pickled herring newsletter. They just didn’t bother to unsubscribe when they let the domain go and the pickled herring people either didn’t get any notification that the email address was no longer valid or they ignored it.
Is that spam?
It could go either way, but I’d probably say no. It’s possible that everyone did everything right (except perhaps for the previous owner not unsubscribing, but even there, I can see scenarios where they couldn’t) and that the pickled herring people should not be punished by labeling their email as spam.
It’s possible that you should simply unsubscribe (unless you like pickled herring, that is.)
On the other hand, how do you know that this newsletter is legitimate? For all that you know, the prior owner didn’t subscribe and what you’re getting is spam from the notorious pickled herring cartel.
So, I guess, you could mark it as spam. I’d feel guilty doing that, though, if the mail looked legitimate. Maybe because I have my own newsletter, I’m reluctant to punish newsletter publishers with the Spam button when it’s very possible that they did nothing wrong.
On the other hand, if it’s obviously spam, mark it as such if your email system offers that feature.
What to do?
If you find yourself in this situation, I’d recommend a couple of steps:
Turn off the “catch all” functionality so all email that isn’t sent to an email address that you define is either rejected or simply discarded.
Put another way, configure your mailer to only accept email for email addresses that you’ve defined.
If an email address that you create starts getting the prior owner’s email, either deal with it (unsubscribe, delete, mark as spam, however you choose to proceed), or create a new, different email address and use that instead.