I was wary of this thread showing up on HN because I felt I was a bit unkind when posting in that thread, but Chris' comment towards me seemed completely unjustified. And he deleted a prior post along the same lines, hence why I quoted him on my next post.
I also use unique addresses for every site, and while my Dropbox email wasn't compromised, I've occasionally gotten that response from tech support elsewhere.
You mean that tim-somespecificsite@mydomain.com was randomly compromised, but NO OTHER random email was mailed to me? No, that's not how spammers work. If they'd decided to spam tim-*, I would have gotten hundreds of emails...sigh...
Looks like Chris is battening down the hatches. His linked site[1] was up about an hour ago, but it redirects to a placeholder now. Also, he's deleted all but his first comment, wish I'd taken a screenshot of his other comments.
Tangentially related: It drives me nuts to deal with people whose default answers are "no," "you must be doing it wrong" and so on. Particularly the moderators who insisted someone must have guessed a ten digit random email address -- because Dropbox and its vendors couldn't POSSIBLY have ever done anything wrong, and it's MUCH more likely that a spammer magically brute-forced a 10 billion combination address! Grrr. I'm not sure what the right word is to describe that sort of personality, but such people should never have contact with customers. Or with me.
It's not just a 10-character address. It's a 10-character address on a non-standard domain (or so the conversation led me to believe). All without getting another email on that domain's catch-all address. If it was a spammer, who randomly-generated addresses on this domain, I would imagine that they would have been shotgunned across the whole domain. Not just hit that one single address.
