After not hearing anything from eMusic, I decided to give them another call. I left a message on Monday but did not receive a return call. On Wednesday, I called again and got a quick response from Nathan, one of their customer service folks. He advised that he had not heard back from the engineering team and promised to give it another shot.
About half an hour later, I received a call from “Chris,” one of the directors at the company. (Interactive marketing? I didn’t quite catch it.) He advised that they had received a few other reports similar to mine, and that upon further investigation, they found nothing out of the ordinary. No security breach, that’s for sure.
Though I honestly didn’t expect a different response, even if it were true (“Oh, yeah, one of our servers *was* broken in to”), I’ll rest on the hope that I got *someone’s* attention there. In the meantime, I’ll update my address at eMusic with something quite impossible to guess (perhaps eMusic followed by 16 random digits, followed by @chrisgagne.com). That should make things pretty easy to figure out should it happen again in the future.
Edit: Oops, scratch that. Their site won’t let me change my email address unless I subscribe (e.g. pay) again. I’m now forwarding the original email address to a black hole. Moving on…
[…] A search for eMusic spam turned up several people who have had unique addresses given only to eMusic become targets for spam. I complained to eMusic support about about this and actually got a response from a human asking me to forward complete copies of some example spam along with message headers. I sent them twenty samples and a week or two later got the same response others have received: it’s a dictionary attack. […]
Well seems like they are still doing this, I just noticed one this morning, I registered almost a year ago with them, unique email address.