I’ve been wondering why I’m getting a slew of spam to the email I use for Amazon. The various email parts indicate that the email is legitimate and the DKIM-Signature confirms it:
Received: from a13-96.smtp-out.amazonses.com (18.104.22.168) by llc4.com with ESMTP (EIMS X 3.3.9) for <email@example.com>; Wed, 21 Nov 2018 00:54:07 -0800
From: "Amazon.com" <firstname.lastname@example.org>
Subject: Important Information about your Amazon.com Account
We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action.
The “do nothing” advice misses the point: “disclosed” means a slew of spam in my mailbox. Amazon ought to, as goodwill, enter a credit in my account or some such, for goodwill given this unacceptable incompetence. It’s now either put up with spam or eliminate an email I’ve used heavily for 20 years (literally).
It’s a good practice to use temporary emails for many web sites, so that if the email gets picked up by spammers, the email can be changed.