I just did a signup on a brand new email address and was not able to recreate. No random spam emails reported.
It's likely that the email the author received is pure coincidence. Especially if they are using a client that downloads emails in batches.
FWIW it looks like their validation email is sent by Customer.IO via Mailgun. Both have squeaky clean service agreements so it's unlikely they are shooting off the data to spammers.
Strange to see this in an apparent real product. And also I don't see how this does much to 'validate' it... It could be a valid email that belongs to a random stranger, like, tcook@apple.com for instance.
Part of me wonders if someone has added something nefarious into their backend which just collects and exfiltrates new emails as people sign up.
The idea that they really send spam to validate an email address sounds to insane to be believable.
Is it possible that they are somehow leaking the address to actual spammers?
For example, they (or the hypothetical email validation SaaS) use an infected email validation library that ex-fills every email supplied to it, or something like this.
the actual base64 email itself is an HTML document, with a bunch of filler text about metal magnets!
> Hi there, A magnetic domain is a region within a magnetic material in which the magnetization is in a uniform direction. This means that the individual magnetic moments of the atoms are aligned with one another and they point in the same direction [...]
they sign off the email with a zero-width space set to "font-size: 0" for some reason
Can it be that Pangram doesn't send any spam itself but instead (intentionally or not) leaks your email address to some spammer who then does the sending?
It's likely that the email the author received is pure coincidence. Especially if they are using a client that downloads emails in batches.
FWIW it looks like their validation email is sent by Customer.IO via Mailgun. Both have squeaky clean service agreements so it's unlikely they are shooting off the data to spammers.
Part of me wonders if someone has added something nefarious into their backend which just collects and exfiltrates new emails as people sign up.
Is it possible that they are somehow leaking the address to actual spammers?
For example, they (or the hypothetical email validation SaaS) use an infected email validation library that ex-fills every email supplied to it, or something like this.
> Hi there, A magnetic domain is a region within a magnetic material in which the magnetization is in a uniform direction. This means that the individual magnetic moments of the atoms are aligned with one another and they point in the same direction [...]
they sign off the email with a zero-width space set to "font-size: 0" for some reason
style="position: absolute; left: -9999px; top:-9999px;display: none"
maybe they try to warm up those emails to use them for other "campaigns" later on...