The Data

Aggregate counts from catch-all inboxes on a portfolio of domains. These are volumes only — no message contents, no sender identities, nothing that could identify a party that's leaking. Everything here comes from the same pipeline behind the talk, and is refreshed periodically.

By the Numbers

As of 2026-07-06 — aggregate counts only, no message contents.

  • 430,611 misdirected emails received since 2020
  • 32,048 of them carried attachments

No exploits. No credentials. Never sent a packet.

What This Means

Nobody mistyped anything. Every one of these arrived because a real system was built to send mail to a domain its authors assumed no one owned. The volume isn't a steady trickle — it comes in floods, one misconfigured sender at a time.

Charts and per-category breakdowns coming.