[koolba]

$175M could have easily paid for a bunch of domains to run MX servers. You don’t even have to keep the email. Just accept it and send it to /dev/null.

Maybe a fancier scam would be parsing for links and randomly fetching them with headless chrome. But I doubt that’d be required.

[gruez]

> $175M could have easily paid for a bunch of domains to run MX servers. You don’t even have to keep the email. Just accept it and send it to /dev/null.

You don't think it would be at all suspicious that most of the emails in the customer list are using weird custom domains rather than the popular ones like gmail.com or outlook.com?

[wongarsu]

The first vendor I found via Google offers 500 phone-verified gmail accounts for $150, so about $1.2M to fake all 4M users. At that volume you can probably get a discount and have them generate gmail addresses according to your specifications (to make them plausible matches for the rest of your fake data). Mix in some bought outlook accounts and some obscure domains you run yourself for extra plausibility.

Actually opening the emails without triggering Google is a bit more difficult, but I imagine a good residential proxy service (either legitimate or botnet) and a bit of scripting can solve that for another couple thousand USD.

Of course doing all of this makes you look more criminal and JPM look less dumb, so I'm not sure if this is actually a good idea even if you start off with the idea of defrauding the buyer.

[tommek4077]

Just create a big email provider with that kind of money. You might even get a legimate business out of this ;)

[lordnacho]

That's it, you create an email provider that purports to be the place where young people go to get email, lining up your next sale.

[koolba]

Could even end up like that movie plot where the bank robbers setup a bake shop next door to drill into the vault, but the front ends up being profitable.

[duxup]

That seems like a better choice than crime.