I own a Lexus. I bought it at Lexus Monterey. I take it there for service. Sometimes I schedule service online, at their web site, but I’ve never given them an email address. Lexus does have one email address for me, but it was a throwaway for a sales event, and it’s never been used since.

While cleaning out the folder that SpamSieve tosses obvious spam into, I found a message from Lexus Monterey, containing details of my car and mileage, reminding me to schedule appropriate service.

It was sent to an email address that has never received anything but spam. I don’t even know who I originally gave it to, but it definitely wasn’t Lexus (and, by the way, not Calumet Photo, who also sends things to it…). For years, I had a special blackhole rule for that address, because it was the source of 40% of my spam.

Lexus Monterey didn’t send this mail. idriveonline.com did, and they helpfully set up an “account” for me, including both username and password in the mail.

Now why would Lexus send me to a third-party service-scheduling site, when they have their own? And why would they buy a mailing list from a spammer and cross-reference it with their customer database? Hmmm…