Who is sinan at yahoo.com?

The perils of others using my email address …

How it all began

A couple of years ago, I received a strange looking email from Yahoo. The subject line read Unlock your Yahoo! Account. I was perplexed. As far as I knew, my Yahoo! account was not locked. In fact, I had just used it to send a message to my high school alumni group. At first, I thought it was a phishing attempt. Everything looked in order, however, and I felt comfortable that the message really was sent by Yahoo! Then, I clicked on the provided link.

To make a long story short, I found out I had another Yahoo! account. Now, I had been using the internet and the web before Yahoo even came on the scene and I still remember the excitement we all felt when Yahoo started classifiying web sites. Every day, I would check the new sites in a couple of categories (yup, it was that easy back then). Apparently, about the time Yahoo first started offering accounts, I had grabbed sinan at yahoo dot com and forgotten about it.

When I logged on to this account following the directions in the email, I got the surprise of my life: Apparently, people had been using this email address to sign up for a whole bunch of things, including dating sites in Malaysia. I was quite taken aback. There were companies like Real sending messages to people who had supposedly signed up for their services. There were women who thought they were responding to people whose profiles they had seen online. There were online discussion web sites sending updates to their members. It was pathetic. I deleted all the messages.

Within 30 seconds, I had a whole bunch more. I decided to classify every single piece of mail that came into that mailbox as spam, with exceptions made for address confirmation messages (as I continue to do to this day). There was no legitimate reason for any company to be sending email to that account. It does not matter that some person had claimed that sinan at yahoo dot com was their email address: In such cases, no online vendor, discussion site etc should assume the email is correct. They ought to verify that the person who signed up using the address actually has access to the account.

See, the reason my account ended up being locked was because some idiot had given this email address to activate something and he/she were desperate to get into the account. In the process, he/she tried too many times to guess the password and caused the account to be locked. This kind of thing still happens.

For example, there was this guy, hussain ali, who used the email address sinan at yahoo dot com when using some kind of payment service. Yusuf, the accountant tried to send him some kind of document at that address. The day after that, someone (whom I can only presume was hussain ali) tried to break into my account several times. I guess he was scared: Well, I would have been too, as the SWIFT transaction record showed a transfer of about 20,000 USD to a U.S. bank with all sorts of information. Here is a screenshot. This makes me wonder: Why would you use a fake email address in this case?

Another example is some Turkish guy, also called Sinan, who seems to like to travel in various parts of Africa and send photos and articles to a travel related mailing list. Well, apparently, he uses the email address (yes, you guessed correctly) sinan at yahoo dot com in his messages to the list. Charming. I end up with messages sent by female list members (I am not kidding, no men). They send gushing messages about his courage and deep insight.

I got annoyed by the messages and told some of the list members that they had the wrong person: This guy they liked was using a fake email address. I asked them to tell the list about this. In response, one of them told me that I should have complained to him. How? Would he be able to read it if I sent email to sinan at yahoo dot com?


I am quite miffed about companies which send unsolicited email to this address. These are companies who do not ever check that the person who signs up for their services has access to the account he gives them on the signup form. People! It is quite possible to reduce the spam you send out and avoid generating ill will: Just do not activate memberships without having received a confirmation that the person has access to the account used to sign up. I mean, this is nothing new. If you cannot be bothered to do this, I have no problem contacting your upstream ISPs or even law enforcement, depending on the volume of messages.

Real, about a year ago, told me that it was no problem that they had allowed an account to be set up using my email address because there had not been any charges. I fail to see this reasoning.


Now, let me be very clear: I do not chat with strangers online. In fact, I chat with very few people online these days (thanks to Vonage, contact me for referral code for a month's free service). The very few people I chat with are people I know from real life, a few family members and a couple of friends. No virtual friends and the like. I am old-fashioned like that.

The other night, however, as I was looking for something to watch, I decided to log on to this account. Now, every time I log on, I see this notification that there are five voicemail messages waiting for me. Hmmmm ... I was bored. I decided to download Yahoo! messenger and check out what was going on. Installation went fine. Then, I was greeted with a request to add me to someone's messenger list. I said no, then checked ignore this person and clicked finish. Done, right? Nope. There were 97 more of these requests. Done, right? Nope, after I logged off, I logged back in and there were another 98 of these requests. Interestingly, I had already seen requests from a lot of these accounts and added them to my ignore list. I went throught the clickety-clack again, logged off and logged back in. Wot?! Another 98 requests.

This was getting might tedious. I called it a night.

Fast forward a few days. I am bored again. I log in to Yahoo messenger and another 98 requests pop up on my screen. Seriously. Here is a screenshot sequence to make it fun:

11:40 AM: A bunch of messenger windows at 11:40 AM
11:44 AM: Only one left at 11:44 AM
11:45 AM: Exiting messenger at 11:45 AM
11:51 AM: 98 messenger windows tiled after logging back in at 11:51 AM

Kill Friend Requests

Well, to be honest, this wasn't that much fun anymore. So, I wrote a short Perl script to kill the friend request windows by automating the process of pressing ALT-D ALT-N ALT-I ALT-F for each dialog box that popped up. I used the CPAN module Win32::GuiTest module for this purpose.

It worked reasonably well so I decided to see if I could animate it. I used IrfanView's timed screen capture feature and made those captures into a movie using VirtualDub at 10 frames per second.

The original version of the script was too fast, so I inserted some sleep statements between sending the keys. If you look at the video closely, you'll see occasional requests being confirmed. That is a bug I had introduced to this 10 line script by inserting the sleep statements between sending the keys. Oh well.

So, without further ado, here is killmsngr.pl in action (thanks YouTube!).

Why am I writing this? Well, first, I would have liked to hear about it if this had happened to someone else. By that token, I am assuming there will be some people who'll enjoy the story. Second, if someone you don't know has given you sinan at yahoo dot com as his email address, he is lying. Third, if you are contemplating using it as your email address, don't.