Church of Turing

08/03/2026

The Accidental Honeypot

2013 was a good year for me. Notable highlights included:

Spending 4 bitcoin buying South African brick weed.
Graduating high school.
Registering a 3 letter @outlook.com email address.

Despite the first two highlights being incredibly interesting (and not soul shattering to me at all), the topic of today's post is the accidental honeypot I created when innocuously registering an Outlook email address. I recently logged back into it for the first time in 10 years and what I found was pretty interesting.

Crucial Context

In the time and place I grew up everyone had a @hotmail.co.uk email address. Those who had a @yahoo.com address were ostracised and forced to live underground. Everyone had some variation of funky_monk3y230@hotmail.com. They were simpler times and they made sense.

So imagine my surprise when in February 2013 Microsoft announced that I could sign up for this new Outlook thing and abandon the shameful hotmail handle I created when I was 9. I typed three random letters and it was available. Despite the three letters not actually meaning anything I knew I had struck gold - I immediately registered the email and then promptly forgot about it for 13 years.

Last month I found an old HDD from that time (no Bitcoin though...) which had a textfile containing my old emails and their corresponding passwords. Simpler times indeed. When I logged into my @outlook.com email it had 13000 unread emails from over the last decade, which was more than I expected but probably less than I deserved.

A bulk of the emails were because of one thing I had never accounted for: when lazy people are registering for services and want a throwaway email, they will sometimes put [gibberish]@outlook.com. And the shorter your email is, the more likely someone will use it when signing up for something. And it's not always junk they sign up for too. The result of this over a decade is a very strange inbox indeed.

I'd estimate around 90% of the inbox is spam emails. Myprotein, Adidas, Spotify, Shein, Haaretz. People have created accounts for all of these using my email and I'm the one who gets the spam. It's incredibly uninteresting, but I'm mentioning it for the sake of completeness. Also there's a fuck-tonne of Russian spam.

Saudi Phone Contracts

Saudi Arabia has an incredibly large foreign workforce. From what I've read, foreigners make up over 30% of their overall population and they're typically from other Arab nations or South Asia.

One of the firms responsible for recruiting and managing these foreign workers has decided for some unfathomable reason to use my email when registering their workers for Saudi phone contracts. Lebara, Virgin Mobile, Mobily, Orange - they're all constantly spamming my inbox with the payment receipts or bills of 40+ foreign born Saudi workers. As far as I can tell this started some time in 2020 and has barely slowed down.

Mobily email sample

I can't read Arabic and I'm not trying to doxx anyone, so I've redacted nearly everything - but you get the gist.

I don't particularly mind that this unmonitored inbox gets spammed, but the most egregious thing is that when registering for a SIM they email me a copy of the completed registration form. This includes almost all of the information you would need to steal someone's identity, such as:

Name
Nationality
Address
Identity Numbers
- Sometimes Iqama (long term foreign worker), sometimes National ID etc
Signature

For example:

Registration Form

I've deleted around 50 of these registration emails. It baffles me you can have a company for recruiting foreign workers, but not a dedicated email for this.

E-receipts

One of the funnier types of email the address gets are random e-receipts. Somebody purchases something, they're prompted for an e-receipt address, they mash something random and add @outlook.com and by coincidence it gets sent to me. Here's a selection of some of the most mundane ones.

Buying Crocs

Floral Crocs

Airport Drinking

Airport

What's a 3% "Employee Benefits & Retention surcharge"? Why is that responsibility explicitly passed on to the customer? I'm not American so this confuses me.

Bagels

Is that $4 for a Monster? Criminally expensive.

Hotels

Hotel

When you convert from South African Rand to British Pounds that's around £257. Seems a bit steep for a few days, but what would I know.

Viewbotting

They ordered this three times, and out of curiosity I checked and the account has since been banned. I wonder why.

Lyft

This one really tripped me out. The last 4 digits of the mastercard used were exactly the same as my mastercard. I then realised that my current card was issued 3 years after this journey happened so it was just complete coincidence. Gave me a panic for sure though.

Guest WiFi

State Fair

Whoever you are, you got me.

Tsk Tsk

Xnxx

Haram

Concerning

Below are two emails that are particularly concerning in my opinion.

Banking

Bank

Someone used my email when opening a bank account with BBVA. For the non-security minded folk reading, this is typically considered a terrible idea.

Pension

Pension ID

An Argentinian person sent me all of the information they had around their pension. Including ID, bank details, payment amounts etc. Similar to before, doing something like this is typically considered a terrible idea.

Disclaimer

Firstly, I'm not trying to doxx anyone - if I've failed to redact information correctly please let me know at churchofturing@gmail.com as soon as possible. Secondly, after writing this post I've deleted all of the emails mentioned above.

If there's anything worth taking away from what I've shown, it's that you should seriously consider every email you use - even if you're confident test@example.com isn't monitored or nobody could be using lol@gmail.com.