Skip to main content

Please, Do Not Publicise Your Email Address

We've seen a few reports, recently, about stolen blogs, in Blogger Help Forum: Something Is Broken.
Why is my blog not on my dashboard - and why is somebody else publishing, and using my name?
There are so many reports from people who are not using Google "One Account" login properly, that the significance of this problem report was initially overlooked.

More than a few such reports started with the blog owner email address being openly disclosed - generally on the blog, or in comments. Too many blog owners want to be contacted - and they innocently provide their email addresses as a contact point.

We've known, for years, about disclosed email addresses, and brute force password guessing. That is not the only way your email address can be used, to gain access to your Blogger account, however.

Google recently had to deal with a very carefully executed hacking project, where Blogger and Google account owners received some well phrased advice, in their email.
Google treats policy violations and invalid activity very seriously in order to protect the users, publishers, and advertisers who make up our advertising ecosystem. While we usually notify publishers and take action for policy and invalid activity at the site level, there may be times when we will need to suspend or disable accounts due to policy violations or invalid activity.

Our hope is that you will be able to resolve your policy issues during the suspension period using This Link
I'm betting that the above message was written, very carefully, by hackers who studied the phrasing and wording of the many abuse / spam / TOS violation notices, sent out by Blogger Support constantly.

Many of the recipients of the email are the same crowd that I encountered, several years ago, when we saw similar numbers of reports about the same type of stolen blogs. The owners typically

  • Post their email address, or provide it for contact, visibly.
  • Participate in comment based networking, on their blog, and openly state their email address.
  • Participate in comment based networking, on similar blogs, and openly state their email address.

Each of these activities can be used, by the bad guys, to build lists of email addresses, of people who can be easily persuaded by an email message, to resolve their policy issues using the link provided. And this led to a number of reports, in the forums, about stolen blogs - and mentioning email, offering to sell the stolen blogs back, to the rightful owners.

If you want contact from your readers, there are more safe ways to allow this.

All of the above contact options give you a possibility of hearing from and / or networking with, your readers - and none of these options require you to disclose your ownership email address.

Just don't disclose your email address, to the world at large. Your email address is one half of the security measure, as designed by Google - that prevents unknown individuals, from taking control of your Blogger account and your blogs.

Finally, if you are not yet using Google 2-Step Verification, this is the time. If you were one of the victims of the recent attack, you know the despair. If not, you truly don't want to be. In either case, you should really want to protect your account, and your blogs.


Popular posts from this blog

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.

Help! I Can't See My Blog!

I just posted to my blog, so I know that it's there. I can tell others are looking at it. But I can't see it.

Well, the good news is you don't have a blog hijack or other calamity. Your blog is not gone.

Apparently, some ISPs are blocking *, or maybe have network configuration or infrastructure problems. You can access or you can access, but you can't access, or

You can't access them directly, that is. If you can access any free, anonymous proxy servers, though, you may be able to access your blog.

Note: You can use PKBlogs with the URL pre packaged. Here is the address of this post (with gratuitous line breaks to prevent the old post sidebar alignment problem):

And an additional URL, to provide to those suffering from this problem, would be the WordPress version of this post: