If you're going to roll your own mail server and set up a mailing list, it really helps to know what you're doing. You know, so that you don't, say, inadvertently expose your entire 5,824-member list to anyone who happens to be a subscriber. They might, you know, download it and sent it to people like, oh, I don't know… Paul Rolly?
Yes, that's right: by virtue of the fact that I've been recently hit by Utah's very own spam king, I was given permission by the system he setup to download an entire list of who he sends e-mail to. A spammer on the list could take that and use it to bombard you with offers for mortgage loans, new "relationships" and cheap Viagra. It's very interesting to see what e-mail addresses have been harvested as well.
Obviously, most major media outlets (including the generic inboxes) are on the list. A fair number of staff from the Salt Lake Tribune, Deseret Morning News and Herald Extra are on it. So are a bunch of state, city and school district employees. It also, however, includes a lot of employees from Zion's Bank, Deseret First Credit Union, American First Credit Union and a few other financial institutions. The best part? He also spams employees of the LDS Church including several folks at the MTC in Provo.
What's most disturbing here is that many of the addresses include names. Let's see… name + company = verifiable identity. Yep, we can tell exactly who he's spamming about 30-40% of the time without having to ask any of them. Scammers could easily use this data to launch phishing attacks (of which Mark is so fond for his list-building) to part you and your money, P.T. Barnum-style.
Given the fuss he made with FeedBlitz for simply showing subscriber numbers, the irony that he pretty much voluntarily exposed the entire list is delicious. I'll be working on a tool y'all can use to check and see if you're on The List. In the meantime, don't be afraid to let Bluehost know that you don't like spam either.