Something strange is happening on WorthHiding.

Last night, I logged into the WorthHiding admin panel—something I haven't done in an embarrassingly long time—to find that the site had 482 subscribers. That's around four new subscribers every day since August 24th, 2018. To give perspective, when I last checked in early August, the site had only 18 subscribers. (And half of them were my friends, so I really just had 9 real subscribers.)

My first reaction was surprise, delight, and a bit of suspicion. Having 482 subscribers, though meager in comparison to other's blogs, would have been a 2500% increase in my audience. 2500% growth is nothing to laugh about! But something gave me pause. From where are all of these new subscribers coming? Why was there such a drastic increase?

The investigation begins.

I checked CloudFlare's website analytics as a sanity check. Perhaps WorthHiding experienced a massive spike in traffic that I didn't notice. According to their dashboard, WorthHiding averages around 25,000 visits per month. At this traffic level, 464 new subscribers since August would be no surprise at all. "Surely these subscribers are real," I thought.

I looked at the email addresses themselves. They didn't seem to follow any particular pattern, and belonged to a number of different domains. The list looked completely organic.

I then looked at when the emails had been subscribed. I thought that if they were fake, they would have come all at once in some sort of automated batch. But no—they were added gradually, no more than 5 per day, almost every day since August 24, 2018.

(Unfortunately, for privacy reasons I don't track the IP address from which someone subscribes, so I had no way of knowing whether the new subscriptions were coming from all around the world or from a single server.)

Although most signs pointed towards the accounts being genuine, I wasn't fully convinced. After all, why had WorthHiding attracted only 18 subscribers in its first 1.5 years, and 464 in a little over 5 months? Traffic didn't spike. No new articles were posted. (Sorry.) No one new linked to WorthHiding. So what happened? Was someone sending fake emails to my sign-up form?

I emailed one of the new subscribers to find out.

Hi Ross,

This isn't an automated email — you can tell because I used your name above, and you didn't enter your name in the sign-up form!

I'm writing because I noticed that your email showed up as a subscriber on WorthHiding.com today. I just wanted to confirm that you did in fact perform this action yourself.

I'm asking because several months ago, WorthHiding had 18 subscribers. I logged in just a second ago to learn that it had several hundred more than that. I want to make sure that this growth is genuine, and isn't someone sending fake emails to my sign-up form.

In the case that you did in fact subscribe yourself, thank you! I plan to release a new article soon...

All the best,
Miles

Just under five seconds later, a new message appeared in my inbox.

** Address not found **

Your message wasn't delivered to [redacted] because the address couldn't be found, or is unable to receive mail.

Learn more here: https://support.google.com/mail/?p=NoSuchUser

The response was:

The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser [redacted] - gsmtp

Oh. Maybe my earlier suspicion was justified. I decided to email a few other accounts with a nearly identical message, but most of the messages didn't bounce. Confused, I went to an email reputation database and entered a few of the email accounts that were subscribed. And nearly every single one was reported as spam across dozens of sites. Some were real email addresses, others were fake. But none were legitimate subscriptions.

Mystery solved—sort of.

I can now say with confidence that the 464 new subscribers were not organic.

What was going on? Some bot—or bots—is prowling through the Internet, subscribing email addresses to some collection of websites. On August 24th, 2018, WorthHiding.com was added to that collection.

But why? What could someone possibly get by subscribing a few illegitimate email addresses to my blog? The worst case scenario I can imagine is that my email sending reputation decreases on SendGrid from all the bounced emails; in reality, the worst that might happen is that someone receives a few emails they didn't ask for.

This isn't a cyberattack. There aren't enough new subscriptions for this to constitute an (attempted) denial-of-service attack, and the worst-case realistic scenario—someone attempting to decrease my sender reputation—is quite... well, petty. And unlikely.

I would understand if someone was trying to harvest emails to add to their email spam lists. But why would they give me these addresses? Why not hoard the addresses for themselves?Perhaps they are trying to inundate the addresses with spam in order to make them useless. Or maybe they just want to be a nuisance to website owners. But I can't know for sure.

I now understand what happened. I've yet to figure out the why.


Do you know what's happening? Let me know by sending me an email. (I'm paranoid to put my own email on this site, especially after this post. So you can find it at https://rmrm.io.)

Cover image: Email Spam, via MaxPixel. Licensed under CC0.