Official email response from the Poker Players Alliance
We have received your message regarding unsolicited emails and we appreciate you notifying us of the situation.
We understand your concern about receiving spam and take reports of spam possibility originating from the PPA very seriously. Please note that the privacy of PPA member information is of the highest importance to us. We do not sell, trade, or disclose to third parties any personal information obtained without your consent.
To investigate this matter we hired a leading web security firm, ScanAlert, to rigorously test and audit the security and integrity of the PPA server environment. The results showed the PPA site and its servers achieved ScanAlert's HackerSafe certification, as it has since the launch of the current site at this time last year. This means that there are no security holes for spammers and ensures that your privacy has not been compromised.
While creating unique email addresses at a custom domain is an effective strategy to minimize spam, it does not guarantee protection against spam. Spammers use extraordinary methods to acquire and guess potential email addresses. Even email addresses never published on the web can be subject to spam. This is true for email addresses hosted at the largest registrars as well as the smallest.
With regards to the specific spam you received about "Golden Gate Casino", it seems that it was sent to blanket at least the entire gaming community, if not the entire internet. There have been many online reports of this spam from non-PPA groups and sites.
For more information about spam and how to minimize it, please visit the following resources:
We are sorry that you have received spam at an email address registered with the PPA. While we cannot determine the method used by the spammer to reach you, we can assure you that they did not acquire your information from our servers or through the PPA. If you would like to change your registered email address with the PPA, please contact us and we can do that for you immediately.
We will continue to monitor the situation and post any further findings.
Thank you again for your concern and message.
Bryan Spadaro Membership Relation, Manager Poker Players Alliance
So this is actually not a horrible response, although it does seem to be a bit of a form letter. Obviously, you should change your address with PPA, and throw out the new one.
What are you looking for here? I assume PPA, despite being financed by whomever, is really still a mickey-mouse operation, and there's only so much they can do. They're not going to find the rogue employee with root on their mail server who scammed your address. They're not going to look.
In their defense, it is _possible_ that there was a dictionary or sequential attack against your mail server, and they found the address that way, although this is unlikely.
Nope. Anything @mydomain will get through to my inbox if it doesn't get blocked by greylisting and IP-based blocklists. I also look at a daily report of all the addresses that were tried and blocked. If there had been a dictionary attack on my domain, I would know about it.
As for what I'm looking for, I'm not sure. I think I'd just like to see a bit more professionalism on their part. "Mickey Mouse" is about right.