I would guess that this is not spam, from your story, from the screenshot you shared, and from a few weird things that have happened to me in the past.
Unless your e-mail is unique, with random characters, someone else must have typed your e-mail into the VPN provider’s purchase page. The provider may have saved that e-mail in their database before completing the purchase, without sending any verification code or link to your e-mail, i.e. without checking that the e-mail is valid or that it actually belongs to the person who is going to buy it. So you may now be a registered customer of that service, try resetting your password and if there is indeed an account that someone has created using your email, deactivate it.
I would receive many mails that an e-mail address I used in the past was used by other people on various e-commerce sites. I saw a lot of receipts belonging to other people. I even once saw a person set my e-mail as the recovery e-mail for another account.
The human creature has members who exhibit very bizarre behavior.
You may want to rethink your email and see how you can protect your inbox. Similar to hey.com’s contact access. Email is kind of broken in that anyone can email anyone.
I reached out to Surf Shark, Proton, and my one friend who I know uses Surf Shark. I haven’t heard back from my friend or Proton yet.
I did hear back from Surf Shark. Their customer service is awful, because every time it’s a different agent who replies to my email. IMHO, it’s better if the same agent who is assigned a ticket to stay on that ticket. Only if a significant amount of time passes should it go o someone else.
Anyway, so far Surf Shark has provided no answer.
Each agent kept telling me that I must have subscribed to their service, when my original email and replies specifically clarified that I hadn’t.
There is one thing that I haven’t done, though, and I would appreciate your advice on this. I emailed Surf Shark from an alias and shared the screenshots I shared with you with them. I did not share my Proton email with them, ie the Proton email to which the spam was sent.
Should I?
Right now, I am reluctant to do so for fear of receiving more SPAM from them.
If you never share it, then I still wouldn’t. Unless it is haunting you to the point where it needs to be known thus forcing you to actually send them the email you don’t want them having in the first place.
They technically already have it stored somewhere; you could share it with them, and if you start receiving more spam and haven’t gotten any satisfying answers from either Proton or Surfshark, delete the alias.
Oh god not this article again. If it’s the one I’m thinking of it’s written by a guy that had a conspiracy that the 5$ in monthly donations privacy tools.io received was a bribe from proton.
I’ve only been using Proton Mail for about ~8 months and have not received any spam emails (yet). I have created aliases for this reason. To me, a spam email is a suspicious email from a suspicious address with a suspicious link. Surfshark is a reputable company, and based on your screenshot, it looks like one is a marketing e-mail and the other is a registration email to complete your purchase. Unless payment was made under your name using your bank account, I wouldn’t worry about the email. You can contact Surfshark to remove you from their mailing list and you should not receive any more emails from Surfshark.
I hear you. And it used to be my understanding of SPAM too, but the definition is wider.
In very simple terms, SPAM is any undesirable email. If a friend repeatedly emails you to promote his business products to you, that’s spamming. Especially when you didn’t ask to receive those emails, and you demanded they stop.
I don’t know about that, but reputable companies can SPAM too. Not long ago, I exchanged a product from a very big and reputable store in my city, because the model I bought was faulty. The store I bought it from needed an email address, so I created an alias just for them. After that I got constant promotional emails multiple times a week. That’s SPAM.
Similarly, a while back I had my computer repaired at a very reputable repair store. They needed an email, and I gave them an alias. The staff was super nice and provided good customer service. I was still bombarded with promotional email multiple times a week. That’s SPAM too.
In both cases, I got so much SPAM that I had to disable my aliases for those companies. It was the first time I ever disabled an alias.
I have contacted them, and I am waiting to hear back. In general, I do no trust companies to stop emailing me when I ask them to. Too many times I’ve unsubscribed and still got emails months or years later. One example that comes to mind was with is a very popular European Airline.
lol No. I doubt it would even be effective. That said, it’s interesting to me that he defines his company as a privacy protecting company, meaning that that is their core priority. As I’ve said it before, to me, a company the purports to be primarily about protecting privacy, is seriously invested in privacy rights.
They’re fighting the good fight with other freedom fighters, and are not in it just for the money, i.e. because there is a market for privacy products and services. Based on Surf Shark’s Twitter, page, I am not getting that impression from their company. And to my knowledge, they have never been promoted in the privacy community.
The difference is the amount of control you have over the “undesirable” emails. If you demand your friend to stop sending you spam, but they continue to do so, you can just block their e-mail. If you block e-mails from Surfshark, you shouldn’t receive any more e-mails from them. But if it’s a suspicious e-mail (typically located in your junk folder), then blocking those e-mails is usually pointless because there are plenty of them that are all sending the same spam e-mails.
When I say “reputable”, I mean companies that are well-known and used by many, which is unrelated to privacy. And yes, marketing e-mails are typical. When I ordered a pizza from Dominos, I gave them one of my alias addresses, not knowing they would send me marketing e-mails. Proton will not block those e-mails because they are not considered spam. Maybe you want those e-mails because you voluntarily opted to receive those e-mails. But even if you didn’t, you can always opt out, which is a lot better than Proton filtering out marketing e-mails because the wrong e-mails can be caught in their spam filter. In both of your cases, it sounds like you could have opted out from receiving marketing e-mails instead of disabling your alias. So far, I have not received any further e-mails from Dominos.
True. But it’s very common for people to change their minds about emails the once desired. For example, I remember a marketer saying that when Groupon started out, people were not bothered by the emails. But after a while, maybe a couple of years, it started to feel like SPAM, even though the amount of emails might have not increased.
I understand.
I probably could have, but simply disabling my aliases for those shops was easier and felt more empowering. And like I said before, I have experienced the websites not respecting the fact that I unsubscribed. With aliases, it’s just easier to reject them. I don’t have to explain myself.
Out of curiosity, do you email Big Tech addresses with your Proton emails (Gmail, Yahoo, Hotmail, AOL, etc…)?
Care to elaborate? Which part is FUD? Author provided a lot of evidence but yeah most of it could be paranoia which is still good to read and form your own opinions
I finally got a proper answer from Surf Shark. They confirmed that my Proton email was linked to a recently created account. They don’t know how this happened, and kept insisting that I must have subscribed to their service, when I repeatedly told them from the very beginning that I hadn’t.
They said that they could have my address completely deleted from their system and offered me 2 options:
They do it themselves, but I have to send an email from my Proton address to confirm I am the owner.
I do it myself, but it first requires completing the creation of the account linked to my address by creating a password for it.
I chose the former. I sent 2 emails. I sent a password-protected email from my Proton address to confirm my identity. And I sent an email from the alias I’d been using to correspond with Surf Shark this whole time, with the password.
I insisted in both emails that they do not reply to my Proton address and only to my alias, but guess what? I still got a reply at both addresses, and I also got an additional email to my Proton address asking me to rate their service.
They confirmed my email was deleted from their system, and I hope I never hear from them again.
PROTON:
There is nothing they can do. All they did was confirm Surf Shark’s address is legit, based on the screenshots I sent them. They offered to verify if my Proton address has been compromised, but I declined. I don’t even know how they could do that.
MY FRIEND:
I have yet to hear back from my friend who uses Surf Shark VPN.
Thanks for the update. If someone created an account using your email, shouldn’t you have received a verification email? Or was the verification included in the first email shown in the screenshot from your first post?
