Plusnet Usergroup

All Users - The Open Forum => Plusnet Network and Technical Issues => Topic started by: Tam on May 13, 2007, 06:04:01 pm



Title: Spam being recieved on Private e-mail addy
Post by: Tam on May 13, 2007, 06:04:01 pm
Hi all,

I run my own domain(s), suddenly (within the last 30 mins) I've received a spam e-mail on each and everyone of the domains where the to address is only known within the PN database.

Sure, now they could of guessed the address of 1 domain, perhaps 2 but all three???? Seems to me that they have been able to get e-mail addresses somehow.

Not to mention i've also had the same e-mail at postmaster@xxx.plus.com and also username@username.plus.com

Seems to me that a spammer has spent a lot of time working on every account and is now spamming them.


Just a heads up if you see a sudden increase in mail to the PN servers. :)


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 13, 2007, 06:35:46 pm
I have also noticed a sudden jump in spam to username@username.plus.com


Title: Re: Spam being recieved on Private e-mail addy
Post by: dtomlinson on May 13, 2007, 06:39:02 pm
Hi Tam,

Could you let us have the mail headers?



Title: Re: Spam being recieved on Private e-mail addy
Post by: dtomlinson on May 13, 2007, 07:03:43 pm
I've had a couple of spams to a couple of my email addresses that I don't normally get spam to. The spams in question all start

"Cheapest ED pills on the net !!"

Is this the same as you're seeing?


Title: Re: Spam being recieved on Private e-mail addy
Post by: BR_pnug on May 13, 2007, 07:19:48 pm
Ditto
I've recently received the same spam starting "Cheapest ED pills on the net !!"
about 12 times in under 10m mins spread over 4 previously spam-free private mailboxes. 1 of these is for a second Plus Net account. I've reported all to Spamcop & Knujon.  Rather concerning - these addresses have never been used for other than private emails with trusted sources, including PN. 


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 13, 2007, 07:56:36 pm
Ditto
I've recently received the same spam starting "Cheapest ED pills on the net !!"
about 12 times in under 10m mins spread over 4 previously spam-free private mailboxes. 1 of these is for a second Plus Net account. I've reported all to Spamcop & Knujon.  Rather concerning - these addresses have never been used for other than private emails with trusted sources, including PN. 

Yep, thats the one.

I seriously think that there are two issues here.
1) Spam from username@username.plus.com which appears to have been the entire customer directory of PlusNet.
2) Addresses only used "within" pn have been spammed too, showing (IMHO) that the addresses have come from somewhere within PN held data (either via the forum or customer database).


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 13, 2007, 08:16:21 pm
Same one arrived for postmaster@username.plus.com - and that isn't my catchall
And the spam filter isn't picking it up


Title: Re: Spam being recieved on Private e-mail addy
Post by: Mark Kelly on May 13, 2007, 08:39:14 pm
Hi all.

Our network engineers are currently investigating the spam reports which we are receiving.

We are currently raising this as a P1 problem and a service status message will go out very shortly.

We'll keep you up to date with developments as and when we get them.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Chemical Brother on May 13, 2007, 08:45:12 pm
Mark,

You're too quick off the mark - I was about to email you asking that this be looking into and raised as a P1..

You're just too good ;)


Title: Re: Spam being recieved on Private e-mail addy
Post by: chillypenguin on May 13, 2007, 08:48:27 pm
If anyone has missed this offer, I have a few copies of the e-mail that I can forward one  :wink:

Chilly


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 13, 2007, 08:55:06 pm
This report on tbb may be of interest linky (http://bbs.adslguide.org.uk/showflat.php?Cat=&Board=plusnet&Number=2999948&page=0&view=collapsed&sb=5&o=2&vc=1)
Quote
Hi,

When I was a PN customer I setup 2 mailboxes. They were created on the 8th June 2005 and deleted on the 20th June 2005.

Neither address got used, and I was the only one that knew about them. Around the same time a redirect got setup from another domain PN were hosting to a hotmail.com box.
This also went unused until I left PN in July 2005.

Today, for the first time ever all three addresses have been spammed in the space of half an hour, the 2 mailboxes twice and the redirect 5 times.

Any idea's how on earth this is even possible????


Title: Re: Spam being recieved on Private e-mail addy
Post by: chillypenguin on May 13, 2007, 09:10:56 pm
The address that I received the "ED" spam on does not have a mailbox set up for it.

Chilly


Title: Re: Spam being recieved on Private e-mail addy
Post by: dtomlinson on May 13, 2007, 09:27:40 pm
The address that I received the "ED" spam on does not have a mailbox set up for it.

Chilly

Has it ever been a mailbox, redirect or alias (or was it either postmaster@... or username@username...).


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 13, 2007, 09:32:47 pm
I've just come here because of the same problem to see if anything was being reported. For example I've received spam on an email address which was created specifically for testing email and is known only to me and Bob Pullen. It hasn't been outside of Plusnet. I've also received some to prefixes which have not been used for at least a year.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 13, 2007, 09:38:23 pm
The address that I received the "ED" spam on does not have a mailbox set up for it.

Chilly

Has it ever been a mailbox, redirect or alias (or was it either postmaster@... or username@username...).

All mine have been used as a re-direct before...... but not in the last year or two.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 13, 2007, 09:45:30 pm
Looking at the range of addresses that I'm seeing spam on, some which have been used for testing just by myself, I am 110% certain that the source of the email addresses being used is Plusnet towers.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 13, 2007, 09:51:51 pm
Looking at the range of addresses that I'm seeing spam on, some which have been used for testing just by myself, I am 110% certain that the source of the email addresses being used is Plusnet towers.

I'll raise to you 200% its a PN towers list that has been taken.

PlusNet - You did delete the logs off the old mail server kit before you threw it out didnt ya ;)



Title: Re: Spam being recieved on Private e-mail addy
Post by: billbow on May 13, 2007, 09:56:39 pm
Me too....

I have a PN email address the default username@username etc which has never been use other than to send myself a test email to/from another account and to receive PN mail shots - got two "ED" emails one at 18.04 the next at 18.11


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 13, 2007, 10:01:08 pm
All mine have been used as a re-direct before...... but not in the last year or two.

I have received spam to a mailbox created 9:45am, Friday 22nd December 2006 (I viewed all tickets, then did a search on the source code of that page).

Looking more closely at the addresses they are all to xxx@username.plus.com, including some where the xxx has only been used with @domainname.yyy.uk (yyy.uk is org.uk  or me.uk).

I have a suspicion that all of them at some stage have been used in webmail - does what everyone else is seeing match that? Email prefixes that haven't been spammed have never been used in webmail.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 13, 2007, 10:02:30 pm
I've had a couple of spams to a couple of my email addresses that I don't normally get spam to. The spams in question all start

"Cheapest ED pills on the net !!"

Is this the same as you're seeing?

Snap !!!!! Grrrrrrrr  :x  The very FIRST and the ONLY spam that I have ever received on my main e-mail address since I started using the PN rather than the F9 one sometime in early 2000 :(

Something rather more than a bit suspicious here esp if other users are also getting spammed on previously clean or largely unused (or at least not public) addresses.  Who's done what or harvested addresses from where ?

... with extra Grrrrrrrrrrr's just for good measure  :x  :x

Edited to add: Don't think that I've used webmail other than perhaps once or twice many years ago and that was only just to look to see if any mail was in my inbox.  Must have been >5 years ago anyway and I've never sent mail via webmail I'm fairly certain of that.  I always use dial-up either via landline or mobile to access my A/C in the normal way with mr.laptop when I need to check or send mail away from home.

Further edited to add: The one I have appears to have come directly to PN from here:

inetnum:      124.80.80.0 - 124.80.95.255 (Actual IP = 124.80.85.115)
netname:      GINAMHANVITNET-INFRA-KR
descr:        Tbroad Ginam Broadcating Co., Ltd.
country:      KR

but with spoofed text details (helo = ukentertainers.com) and a seemingly appropriate from: field for that domain.  Not an organisation that I have knowingly dealt with in the past ... but then again, on looking, it's just one of those bl**dy free email spamalot sites isn't it !!!! More Grrrrrrrrrrr's  :roll:


Title: Re: Spam being recieved on Private e-mail addy
Post by: dtomlinson on May 13, 2007, 10:14:33 pm
I have a suspicion that all of them at some stage have been used in webmail - does what everyone else is seeing match that? Email prefixes that haven't been spammed have never been used in webmail.

I had a couple of spams sent to my broadband account, which looking at the last logged in time in webmail I've only ever logged into webmail once in February this year with that username before I received the spams today (that was a username@username... spam). Spoke to someone else who's received a spam to an address that was set up for Fax2Email (faxes@username...) and isn't a seperate mailbox (just uses the catch-all) but hasn't logged into webmail with it.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 13, 2007, 10:18:33 pm
I havent used mine (AFAIK) on web-mail.


Title: Re: Spam being recieved on Private e-mail addy
Post by: dtomlinson on May 13, 2007, 10:19:37 pm
If you login in advanced mode on the right hand side it will tell you the last time you logged in if you want to check.


Title: Re: Spam being recieved on Private e-mail addy
Post by: scarymonkey on May 13, 2007, 10:40:56 pm
Dave

Is someone from PN looking into the possibility of a leak/hack?

Also Jelv, though very funny (to me at least), lets not send this thread into a helicopter/tin foil hat loop please.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 13, 2007, 10:47:51 pm
I wasn't joking - it is obvious there has been a serious security breach.


Title: Re: Spam being recieved on Private e-mail addy
Post by: dtomlinson on May 13, 2007, 11:01:13 pm
No possibility is being discounted at this point. It's understandable that people are concerned because of the pattern of the spams that has been seen but at the same time it's difficult to put together a pattern because there are examples that don't fit what you would expect.

For example, not every account has logged into webmail and some of the spam has been sent to addresses other than mailboxes/redirects/aliases/postmaster@/username@ and some to domains rather than plus.com/f9.co.uk addresses.

By all means look for patterns in the spams and as I say we're looking/going to be looking into every possibility our side to ensure we can do everything we can.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Matt_2k34 on May 14, 2007, 12:59:34 am
yep i got two Spam mails

One "ED pills" and i didnt bother with the other, was clearly spam.

not sure about the other accounts on my username, but mines not a catchall, nor is it the 'main' mailbox, we do have Fax2email set up (I THINK!) but that doesnt go to my mailbox.

slightly concerned as to who has been looking at this many emails...

 :evil: -- im a @plus.net user,  -- lets just hope the new kit can handle a Spam attack on a grand scale, if it's a mole it looks like they could be heading for the headlights of PN's car (hopefully!) :-D


Title: Re: Spam being recieved on Private e-mail addy
Post by: Graham W on May 14, 2007, 02:11:03 am
...

One "ED pills" and i didnt bother with the other, was clearly spam.

...

Is this "ED pills" in the subject line or the body of the email?


Title: Re: Spam being recieved on Private e-mail addy
Post by: kitz on May 14, 2007, 02:36:24 am
Also got some of these this eve to username@username. I dont really use webmail so doubt if its that, forums is a possibility. 

It does however seem that this may have had an impact on general mail services too, causing delays for genuine mail 
I raised a ticket this evening (bleeding stuck bRAS again!!!) and Ive only just received mail notification - 6 hours later! :/

Quote
Delivery-date: Mon, 14 May 2007 00:15:17  +0000
Received: from pih-relay05.plus.net ([212.159.14.132])
          by pih-sunmxcore16.plus.net with esmtp (PlusNet MXCore v2.00) id 1HnHtw-0001KZ-Vl
          for me@me.plus.com; Sun, 13 May 2007 17:30:34 +0000
Received: from [192.168.230.20] (helo=portal10.plus.net)
         by pih-relay05.plus.net with esmtp (Exim) id 1HnHoA-0001UX-L0
        for me@me.plus.com; Sun, 13 May 2007 18:24:34 +0100
Received: from www-data by portal10.plus.net with local (Exim 4.63)
        (envelope-from <support@plus.net>)
        id 1HnHoA-00024H-JL
        for me@me.plus.com; Sun, 13 May 2007 18:24:34 +0100
To: me@me.plus.com
Subject: PlusNet - Thank you for your Question!



Title: Re: Spam being recieved on Private e-mail addy
Post by: dtomlinson on May 14, 2007, 03:39:43 am
Is this "ED pills" in the subject line or the body of the email?


In the body of the mail, screenshot of one of the ones I've received attached. Subject and sender address are different every time as is the random text.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 14, 2007, 04:01:11 am
That's definitely exactly the same as the one I got - well at least the attached .gif image is - the rest, as you say, is obviously a fairly random lump of text with a random subject: field, random file name (I guess, seeing that mine seems to be based on the from address) and a bogus from: field.  Does the sending IP match on other spams ? Mine apparently came from 124.80.85.115 but as it was delivered direct to PN that could quite easily be bogus as well I suppose.  That IP appears to be listed as an open relay (spamcop) although it isn't responding at the mo.

Although I use the particular address all over the place and have done for years, the only PN related things I can think of that I've used it on are the portal forums and here plus I tend to also use for ticket e-mail advice.  As I said earlier, I don't use webmail and my Fax2email is always sent to something_else@my_account.plus.com  I only received the one spam to this one specific PN address none of the others I regularly use or any mailboxes received anything. Unfortunately, I had already de-spammed my F9 account before I noticed it so I don't know whether any turned up on there.


Title: Re: Spam being recieved on Private e-mail addy
Post by: dusty_bin on May 14, 2007, 10:09:40 am
I haven't check my main account properly, but from my PAYG dial-up account each mailbox has received the spam, but not the redirects to a mailbox.
One of the mailboxes: pop3@myusername.plus.com, is not used for sending or receiving email directly, just for collecting all the email from the redirected addresses - and this mailbox also received spam directly addressed to it.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Ultra on May 14, 2007, 10:12:44 am
@Graham - re the "ED pills" - in the mail I had today, it was a graphic image. 

@mikeb - the four I have seen were each from different IP addresses.

Received: from dyn-91-163-131-134.ppp.tiscali.fr ([91.163.131.134]) by
 pih-sunmxcore16.plus.net with smtp (PlusNet MXCore v2.00) id
 1HnHrP-0002eJ-2O for username@username.plus.com; Sun, 13 May 2007
 17:27:55 +0000
Message-Id: <001101c79594$e5f49ba0$001af094@famille>
From: Damon Hancock <qoutsharp@anyarizonahomes.com>
To: username@username.plus.com
Subject: shipping rates qualitative Damon
Date: Sun, 13 May 2007 19:28:34 +0200

In my case it is a 'catch all' mail address.  This PN ('Essential') account was created on 2005-05-28 and used while I was connected on another ISP.  It has mail checked at regular intervals (*) from a commercial mail service (10 GB storage, plus 1 GB FTP space) which pulls in mail from a number of different accounts for me.

On checking much later I did find three more messages (in the spam folder, because the Spamhaus blacklist included the sender IP addresses for those three, just not this one, of the ones sent to 2 PN accounts I check).  In all cases I have seen, the "Subject" line ends with the first name of the "Sender".

I have rarely used webmail for any PN account, and don't believe either account name has ever been given on Usenet.


Of course, any person can connect to the PN Forum (guest/guest) and find postings which would show many still-valid user account names, though I don't know if guest/guest would easily allow large scale extraction.  I assume it might, if one put together a script to go from some fairly high member number and work backwards to find early account holders.

However this does seem quite strange insofar as the dates mentioned on TBB were also May 2005 - it might just be that an ex-customer with time on their hands used their own profile as a starting point and worked up and down from it...  Well, just checked and you can get the login prompt (http://portal.plus.net/central/forums/index.php?membermenu=forums) then onto the PN Forum (http://portal.plus.net/central/forums/index.php?memberheader=forums) and with a bit of scripting (perhaps even using good old Firefox) it may be possible to capture (from viewing a profile (http://portal.plus.net/central/forums/profile.php?mode=viewprofile&u=74973)) (+) (a) username and (b) mail address.  If none is shown  username@username.plus.com  is an easy default target.

Now, increment or decrement the number in that profile and you get to view details of hundreds and thousands of users.  Pick some specific starting point and you will find users who first used the forum at a specific point in time (not necessarily when they opened their PN account of course).  I'm no PHP/etc scripting genius but anyone who ever had a ZX81 or Spectrum can make a loop to add a number, and with 'web scrape' tools available to capture web content, it may be possible to gather large quantities of data.

Shame, but guest/guest seems to be a security hole just waiting to be exploited.  Some other ISPs I used 10 years ago each had a "user directory" which listed account users alphabetically (pointing to user web pages, as a "feature") but you can see it is a goldmine for spammers to have account names on a plate.  OK, the PN Forum isn't exactly laid out alphabetically and needs some work, (also it is perhaps possible to spot a sequential search if one needed to) but shows there's a 'free' way to get lots of details without necessarily needing anyone "on the inside" to copy user info, or a set of data on an old drive to get into the wrong hands.

(*) anything from minutes to hours - don't remember off-hand - I think most of the accounts (a tiny portion are on PN) are on the 10 minute setting.

(+) member of PN staff chosen at random, from list of recent posts on the PN Forum.  Just Liam's luck his post was spotted.  Happy to alter link if anyone wishes to volunteer to have their details highlighted.  Not sure if there's a 'random user' option, and hope that Liam doesn't mind too much.  If there's an example profile that PN suggest, then feel free to alter this post, someone, or I will do so later...


Title: Re: Spam being recieved on Private e-mail addy
Post by: Ultra on May 14, 2007, 10:17:58 am
@Pod I can see where you're coming from, but if someone has made claims anywhere on the internet about having a mole, or having obtained the mail addresses (from some leaked list) a while back, then one cannot ignore that they (by proclaiming to anyone who sees it) could later use the materials they have (or potential access to a disaffected [ex-?] employee) to do something malicious.

It's definitely not in one's interest to brag about having information (such as a load of e-mail addresses) and expect *not* to be viewed with some suspicion later on.  I don't have any links to specific posts, nor do I routinely feel the need to archive gossip or (possibly idle) boasts, but am sure some others have seen such comments posted freely elsewhere, or can correct my mistaken memory if I have misunderstood/ misremembered/ misquoted what was posted months or more back in time.


Title: Re: Spam being recieved on Private e-mail addy
Post by: ianwild on May 14, 2007, 10:51:32 am
Guys - I'm not a forum mod, but can I ask that you please drop this particular line of discussion in this forum with immediate affect please.

Ian


Title: Re: Spam being recieved on Private e-mail addy
Post by: Chemical Brother on May 14, 2007, 10:56:50 am
Gentlemen,

This thread is starting to get a little out of hand now, and we do not want or need a flame war here.

Yes, granted there have been allegations of someone having a list of email addresses, and naturally the fingers of blame are being pointed in a certain direction, however, it is not our place to do this, and it is down to those armed with the facts to prove without reasonable doubt who the offender is.

Edited; This thread now appears to be unlocked as offending posts have been removed.


Title: Re: Spam being recieved on Private e-mail addy
Post by: ianwild on May 14, 2007, 11:02:08 am
In fact - I have made the decision to remove 3 posts from this thread. Such accusations are not acceptable and although I'm not a mod I really hope people can understand why I've done this.

I will be discussing this with the forum mods and if they decide to re-instate the posts then that is down to them. Furthermore, if anyone wishes to know the exact reasons why I have taken the decision please do PM me.

In the mean time, I'd like to crack back on with dealing with the problem here, so if someone has more information please do repopen the thread.

Cheers,

Ian


Title: Re: Spam being recieved on Private e-mail addy
Post by: James on May 14, 2007, 11:06:43 am
Unlockinated as requested.

Lets keep the the matter in hand, and leave wild accusations off these boards - pointing fingers without evidence won't help  us get the best from the resource we have here.

(And thats not a request for evidence either)

Nuff said.


Title: Re: Spam being recieved on Private e-mail addy
Post by: bpullen on May 14, 2007, 11:20:25 am
I've just come here because of the same problem to see if anything was being reported. For example I've received spam on an email address which was created specifically for testing email and is known only to me and Bob Pullen. It hasn't been outside of Plusnet. I've also received some to prefixes which have not been used for at least a year.

Hi John,

Can you drop me a PM reminding me what the address was (I think I know but want to be sure). Did it arrive in the catch-all or to a specific mailbox?

Rgds,


Title: Re: Spam being recieved on Private e-mail addy
Post by: Graham W on May 14, 2007, 11:43:32 am
@Graham - re the "ED pills" - in the mail I had today, it was a graphic image. 


@Ultra: Thanks for that. As a matter of my own security I don't open such items where they contain HTML elements since that is a known path to validate the recipient's address.

I inspect the contents through OE's Properties->Message source method since that is not active and allows me to see the headers and plain text contents. Thus the sender is not aware that his message is being read. Trouble is I can't see the graphics which is why I asked.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 14, 2007, 11:46:40 am

I am getting these too know, and are known by spamcop. Headers as shown:

Quote
Envelope-to: user@username.plus.com
Delivery-date: Sun, 13 May 2007 17:39:02 +0000
Received: from [81.181.192.251] (helo=lonestarhandyman.com)
by pih-sunmxcore09.plus.net with smtp (PlusNet MXCore v2.00) id 1HnI1m-0005yu-VH
for laj@godsell4.plus.com; Sun, 13 May 2007 17:39:01 +0000
Message-ID: <001101c7954a$6ed28f40$00c59794@home6lhmbd1eri>
From: Shanna Fish <ngexercitorial@lonestarhandyman.com>
To: user@username.plus.com
Subject: [-SPAM-] order good source Shanna
Date: Sun, 13 May 2007 10:35:32 -0700
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_000E_01C7954A.6ED28F40"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.2969
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1158
x-open-relay: 81.181.192.251 is in a black list at bl.spamcop.net
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)
X-ClamSpam: Found

I can not add to the conspiracy theory!

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 14, 2007, 11:55:09 am
I can not add to the conspiracy theory!

Yes I can. :( Just sent PM to ianwild.

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 14, 2007, 01:01:41 pm
Hi

I also received these spams to username@username.plus.com, I've never ever used this format as an email address and these were delivered directly to my own SMTP server.

My IP address doesn't resolve to my user name and hasn't for years so it hasn't been picked up that way.





Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 14, 2007, 01:11:00 pm

I have also got this message to my yahoo.com e-mail address I used to register my PN account and to which my billing messages go to. Of course I get lots of SPAM to that account too.

I also have a coporate e-mail address, I usually get the same type of SPAM to *all* my accounts ... I am not getting this "ED pills" e-mail to my corporate e-mail.

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 14, 2007, 02:32:44 pm
Ok, I too have got these spam's to several interesting addresses.

One in particular, which is very worrying, is sent to an address only ever used internally by my old router's email alert facilty (that router died last summer)! Eg it has never been posted anywhere on the internet ever or even used in communications with F9.

It has a redirect set up on my F9 account for this address. The only ever emails sent to this address are sent directly from my router to the F9 redirect, where is the resolves to my main email address mailbox on my main account.

There are only two places that this address could have been discovered (it certainly couldn't have been guessed!). One is from my house (very unlikely as a run a tight ship here, and others are reporting the same thing), or from some sort of grab of addresses. This could have been within PN towers as others have stated, or from the internet between PN and myself. The only place it will appear in PN towers is in the redirects list.

I can confirm (as above) that it has happened on my main F9 account (not sure if other F9 users had reported the breach, or only PN accounts), but also my PN backup account too. My PN backup account (free dialup), which is never normally used for anything, received spam to username@username.plus.com.
I don't get any emails to that account at all (spam or otherwaise) normally other than internal PN account generated advert emails etc. Again, this is mos likely to have been an internal breach.

I have received some of these same spam emails to my yahoo address too (never EVER had any spam here either before, as it is a non-guessable name, and non published), which follow the same pattern (first name of from address at the end of the subject line). Trying to work out if I have a link between these accounts from PN, or if it is just a weird coincidence.

I hope some of these details help to build a pattern. If anyone wants headers of any of these, then PM me.

Mike



Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 14, 2007, 02:41:28 pm
The only ever emails sent to this address are sent directly from my router to the F9 redirect, where is the resolves to my main email address mailbox on my main account.

Did it send the messages to you PN account via relay.plus.net or some other SMTP relay?

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 14, 2007, 02:44:21 pm

@Ultra: Thanks for that. As a matter of my own security I don't open such items where they contain HTML elements since that is a known path to validate the recipient's address.

I inspect the contents through OE's Properties->Message source method since that is not active and allows me to see the headers and plain text contents. Thus the sender is not aware that his message is being read. Trouble is I can't see the graphics which is why I asked.


I don't use Outhouse I use good old Agent so the html/attachment viewing is a pretty safe thing.

The address I received the spam on was My_Name@My_PN_Account.plus.com which is my 'main' e-mail address and always has been so it's fairly common knowledge although not generally speaking totally public. It certainly hasn't ever been used on USENET or visibly in very public places other than those mentioned previously. I have never received any spam on my PN account before (*) although my previous F9 account is spammed silly - initially to My_Name@My_F9_Account.force9.net which I used for years but still don't know how it got out as I was also reasonably careful with disclosing it and especially because the spam started ages after I actually stopped using the force9.net form and changed to force9.co.uk form and then subsequently to using the PN account.  More recently, the spam has been to/from Random_Chars@My_F9_account... of course like most other peeps have had.

Mail to the spammed PN address goes into the 'catch all' rather than a separate mbox.  Although I do occasionally use mboxes, generally speaking everything goes into the 'catch all' and I sort it out in Agent when I DL as I've always done since the year dot ! I only have mboxes set up for 1 or 2 other people so that any occasional mail they receive is sort of private. Nothing was received on these mboxes or to  Anything_Else@My_PN_Account.plus.com  I don't use redirects or similar either. In fact, my account is set up virtually the same as it defaulted to when I first opened it donkey's years ago.  Virtually everything comes in and gets DL'd in a single hit and is then sorted locally.

(*) The only thing that I have received in the past is ebay/paypal phishing e-mails occasionally which mysteriously arrive almost immediately after I have just used ebay or paypal.  These are also sent to my 'main' email address as it is used for ebay/paypal of course. Very suspicious to say the least and I always bang in a snot-a-gram suggesting that they perhaps have security issues that need looking into but needless to say I have never received any response from them !


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 14, 2007, 02:48:25 pm
Probably via... relay.force9.net (I think that is the one I normally use).

Not sure if I can check now, as the poor router died last summer. Will wade back and see if I have any old email headers anywhere.

Mike



Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 14, 2007, 03:32:41 pm
I'm 99% certain that the only place one of my mail addresses has ever been is as a re-direct (an old unused and since deleted re-direct!) . its existence was all of about 2 months I'd guess.


Title: Re: Spam being recieved on Private e-mail addy
Post by: kitz on May 14, 2007, 03:37:09 pm
The only account that I got it on is username@username.

Forwards and old mailboxes were ok - (they should have now gone to my catchall).
Ive also just checked the email address that I used to signup to PN with, and although that is full of spam - I cant see any that bear a resemblance to these


Title: Re: Spam being recieved on Private e-mail addy
Post by: petervaughan on May 14, 2007, 03:40:05 pm
I received some to force9@ and freeonline@myname which I have never seen before as well as to my 'normal' named mailbox.


Title: Re: Spam being recieved on Private e-mail addy
Post by: James on May 14, 2007, 03:43:36 pm
Hmmm, I only got the message to two of the mailboxes I have set up.

Both of the two are boxes I've accessed using webmail, all the rest have only ever been accessed using Outlook, or Outlook Distress.



Title: Re: Spam being recieved on Private e-mail addy
Post by: petervaughan on May 14, 2007, 06:12:04 pm
Just received 6 more but different spam messages to the 2 mailboxes I detailed earlier which I have never used anywhere. This is not an incident limited to Sunday it appears.  :x :x :x


Title: Re: Spam being recieved on Private e-mail addy
Post by: chillypenguin on May 14, 2007, 06:15:31 pm
Once the spammers have got your address then they going to continue to use it.

Chilly


Title: Re: Spam being recieved on Private e-mail addy
Post by: kinggc on May 14, 2007, 06:17:39 pm
I have just received a second batch of 3  spam emails with different messages from those received yesterday at about the same time.

kinggc


Title: Re: Spam being recieved on Private e-mail addy
Post by: bpullen on May 14, 2007, 06:30:20 pm
Hi guys,

What are the characteristics of the latest emails? I have received a couple and want to know if they are comparable.

Mine were of the following format:-

Code:
-------- Original Message --------
Return-Path: <usredarguing@evokemobile.com>
X-Envelope-To: xxxx@xxxxxxxxx.co.uk, xxxx@xxxxxxxxx.com
X-Spam-Status: No, hits=4.2 required=5.0 tests=BAYES_99: 4.07,FORGED_RCVD_HELO: 0.135,TOTAL_SCORE: 4.205
X-Spam-Level: ****
Received: from evokemobile.com ([74.160.97.68]) by xxxx.xxxxxxxxx.com for xxxx@xxxxxxxxx.co.uk; Mon, 14 May 2007 18:12:33 +0100
Message-ID: <001a01c79629$8cc86f80$002ad3bc@amala84r62mo5t>
From: Margery Holman <usredarguing@evokemobile.com>
To: xxxx@xxxxxxxxx.co.uk
Subject: There are no reported side effects or contraindications to Wondercum usage.
Date: Mon, 14 May 2007 13:12:40 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1250"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2969
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2963

All because I am ejaculating the way I never have.
http://tekls.com

:(



Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 14, 2007, 06:35:13 pm
Only had one today so far to the yahoo address. I guess the others might follow when the spambot gets further through the alphabet!


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 14, 2007, 06:39:40 pm
Two more addressed to postmaster account
Quote
Envelope-to: postmaster@xxxx.plus.com
Delivery-date: Mon, 14 May 2007 17:30:43 +0000
Received: from c-71-195-123-157.hsd1.ca.comcast.net ([71.195.123.157])
     by fhw-sunmxcore04.plus.net with smtp (PlusNet MXCore v2.00) id 1HneNe-0007Z9-SA
     for postmaster@xxxx.plus.com; Mon, 14 May 2007 17:30:43 +0000
Message-ID: <001801c79613$0fd71f50$0140adfc@ANGIE>
From: Pete Mckinney <bbdistanced@adsladsl.com>
To: postmaster@xxxx.plus.com
Subject: You guys are amazing with your delivery and customer service and your product actually DOES work.
Date: Mon, 14 May 2007 10:31:41 -0700
MIME-Version: 1.0
Content-Type: text/plain;
        charset="windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2969
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-PN-VirusFiltered: by PlusNet MXCore (v2.00)

Envelope-to: postmaster@xxxx.plus.com
Delivery-date: Mon, 14 May 2007 17:27:04 +0000
Received: from 201-68-87-235.dsl.telesp.net.br ([201.68.87.235] helo=hellenjapan.com)
     by pih-sunmxcore13.plus.net with smtp (PlusNet MXCore v2.00) id 1HneK4-0001wi-NV
     for postmaster@holtlane.plus.com; Mon, 14 May 2007 17:27:02 +0000
Message-ID: <001b01c79634$1f8abbc0$068dfc84@n16dfd04c9d684>
From: Janis Lucero <ofloneliest@hellenjapan.com>
To: postmaster@xxxxx.plus.com
Subject: We ship Worldwide.
Date: Mon, 14 May 2007 14:28:21 -0300
MIME-Version: 1.0
Content-Type: text/plain;
        charset="windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.181
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.0000
X-PN-VirusFiltered: by PlusNet MXCore (v2.00)



Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 14, 2007, 06:40:39 pm
I have received a couple and want to know if they are comparable.

Yep, the two I have recieved contains a reference to WonderCum as did your example. :(

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: pjmarsh on May 14, 2007, 06:44:44 pm
The only one I've received at all came today at 18:22 and was addressed to username@username
Code:
Envelope-to: xxxx@xxxx.plus.com
Delivery-date: Mon, 14 May 2007 17:28:11 +0000
Received: from 87.97.98.143.pool.invitel.hu ([87.97.98.143])
by pih-sunmxcore15.plus.net with smtp (PlusNet MXCore v2.00) id 1HneLB-0005bE-HZ
for xxxx@xxxx.plus.com; Mon, 14 May 2007 17:28:10 +0000
Message-ID: <001b01c7965d$35a74cb0$06f6791c@home85kd6ynjkh>
From: Guadalupe Bauer <ecxponderable@larrymartincpa.com>
To: xxxxx@xxxx.plus.com
Subject: We do not have any branched or stores located anywhere.
Date: Mon, 14 May 2007 19:22:27 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.181
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.2963
X-PN-VirusFiltered: by PlusNet MXCore (v2.00)



Now, after taking Wondercum for 1 month, WE both are very happy and satisfied with our sexual life.
http://tekls.com

Phil


Title: Re: Spam being recieved on Private e-mail addy
Post by: udhiyana on May 14, 2007, 07:12:25 pm
Hi guys,

What are the characteristics of the latest emails? I have received a couple and want to know if they are comparable.


The 4 I just received are the same, some with European time stamp, some with US time stamp :?

From - Mon May 14 18:36:58 2007
X-Account-Key: account2
X-UIDL: UID713-1063993052
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
X-Daemon-Classification: SPAM
Envelope-to: XX@XXX.plus.com
Delivery-date: Mon, 14 May 2007 17:11:19 +0000
Received: from 183-37-49.ip.adsl.hu ([81.183.37.49])
     by fhw-sunmxcore02.plus.net with smtp (PlusNet MXCore v2.00) id 1Hne4s-0006tY-SM ; Mon, 14 May 2007 17:11:19 +0000
Message-ID: <000e01c7965b$9efc3e70$061c7f84@huba>
From: Edgar Schroeder <jsegregation@101nothing.com>
To: XX@XXX.plus.com
Subject: [-SPAM-] Once you start taking WonderCum, you will notice your sperm, stamina, and pleasure increasing within the first week.
Date: Mon, 14 May 2007 19:11:05 +0200


Title: Re: Spam being recieved on Private e-mail addy
Post by: amp on May 14, 2007, 07:33:57 pm
I have just recieved 3 of these spam emails. 2 using username@username.plus.com and 1 using postmaster@username.plus.name.


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 14, 2007, 07:47:54 pm
The important issue here is how did these addresses get out. Unfortunately, once a spammer has the address lists, we will only see more and more spam to these address (most likely).

Are the people reporting spam today new people who are just getting this for the first time today, or are they the same people who received some spam yesterday too? I would guess that this info will help to establish how big the problem is and whether it is an ever expanding problem, or a fixed number of addresses that are going to be continually exploited from now on.

I'm not sure what F9/PN can do about this. If it is a security breach, then it really is a blow. I was starting to feel that things at PN had improved a lot since the mess-ups of last year. Of course, as has been suggested, these breaches of security could have taken place 2 years ago(!), and only now made it onto a spammers active list.

Mike


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 14, 2007, 08:31:23 pm
Just downloaded my latest digest of spam.

I'd just like to congratulate PlusNet on allowing all of our addresses to be got at by a hacker/spammer.


Yet another mistake by the ever blundering PlusNet.

It wouldn't be so bad if i was still a customer, but I'm an ex-customer why the hell do you still have my addresses logged!

Not good at all.

Anyone feel their credit card details are safe???  :x


Title: Re: Spam being recieved on Private e-mail addy
Post by: kitz on May 14, 2007, 08:36:10 pm
Yeah same here - only now getting them in duplicate

"wondercum", "dont resist just f*** like crazy", " dont be silly enjoy life"


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 14, 2007, 08:43:06 pm
Yeah same here - only now getting them in duplicate

"wondercum", "dont resist just f*** like crazy", " dont be silly enjoy life"

Thats the ones..... thanks PlusNet.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 14, 2007, 08:43:44 pm
Can you drop me a PM reminding me what the address was (I think I know but want to be sure). Did it arrive in the catch-all or to a specific mailbox?

Sorry for the delay - I've been in London all day. PM has been sent. It arrived in my catchall. The mailbox was created 10:08am, Thursday 29th March 2007. It was deleted some time in April when all the mailbox problems had been resolved.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 14, 2007, 08:50:57 pm
I have received another batch tonight, the first at just after 18:00. At a rough count around 50 emails. :-(


Title: Re: Spam being recieved on Private e-mail addy
Post by: scarymonkey on May 14, 2007, 08:56:18 pm
I didn't notice whether I got any yesterday as Spamfighter automatically sorted them for me, but today I made the effort to check the sorted spam before deleting and noticed I got a few to a test mailbox I setup nearly 3 years ago and 1 to username@username.

For me the amount received is minimal as my domain name typically gets 50-100 spam a day anyway.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Penny on May 14, 2007, 09:53:41 pm
Couple of thoughts.  We've been getting an increasing amount of these here, started yesterday where I noticed a spam e-mail to main mail (for which I set up a mailbox around 4 months ago iirc) but now receiving mails for both existing mailboxes on F9 and username (at) username.plus.com addresses (same subject line both in some instances and also same URL inclusion in others)

eg porxxxxxx username @ username (PN) e-h-w-y-c subject line, URL inclusion ourmix.hk
eg mainxxxx  mailbox (F9)             e-h-w-y-c subject line, URL inclusion gssd.hk
eg higxxxxx username @ username (PN)  e-h-w-y-c subject line, URL inclusion gssd.hk

Is there any mileage in tracking down the owner/s of such domains?  Unable to access allwhois just now to check the two quoted above, but looked up a couple of others earlier (along the lines of the multi-appearing teits.com , tekyi.com , tehgn.com - don't recall now, precisely which two) and both were owned by the same people, pumpmaster something-or-other (Brazil I think) - would the original source of this very-large batch of addresses be demand-able from the domain owners? If not by F9/PN, by whichever related UK body governs data protection.

However as per previous threads - just tracked back and located http://usergroup.plus.net/forum/index.php/topic,2646.msg36114.html#msg36114 (via PUGIT 116 at http://usergroup.plus.net/pugit/view.php?id=116 ) , it would be relatively easy for anyone to have created a list of all F9/PN usernames from existing listings available on the internet, as things stand.

That wouldn't explain how specific bloggs (at) username addresses have been discovered, nor mailboxes known only to customers/staff, but it would seem to have been "theoretically possible" for most or all of the username (at) username and postmaster (at) username addresses to have been assembled by anyone with the time to spare to set up the spam list from already-publicly-available information.

I don't have the vaguest idea how the other factors could have become known - but that doesn't mean there isn't some means for it to have done so, without "deliberate leaks".  I just wondered if the people owning the sites to which the spam e-mails direct recipients, might be able to shed some insight, if some mode of persuasion is usable.

Regards,

Penny.


Title: Re: Spam being recieved on Private e-mail addy
Post by: WilliamG on May 14, 2007, 10:16:49 pm
I've been getting the same spam too.

Some to my postmaster account and some to an old mailbox that's never had a real spam problem before.
My second mailbox hasn't received any as yet.

Though I've had lots of spam  to my  postmaster account in the past, I've never had really offensive stuff like this before.

Has someone out there got a grudge against plusnet? :eek:


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 14, 2007, 10:18:46 pm
and another to my postmaster account
Quote
Envelope-to: postmaster@xxxxx.plus.com
Delivery-date: Mon, 14 May 2007 19:32:13 +0000
Received: from arennes-356-1-81-185.w86-220.abo.wanadoo.fr ([86.220.144.185])
     by fhw-sunmxcore07.plus.net with smtp (PlusNet MXCore v2.00) id 1HngHF-0003uF-5F
     for postmaster@xxx.plus.com; Mon, 14 May 2007 19:32:13 +0000
Message-ID: <001601c7966f$55a2d720$066153f4@chambre>
From: Lola Ventura <voretagged@drmelissaedelson.com>
To: postmaster@xxxxx.plus.com
Subject: she will be running away from your dick.
Date: Mon, 14 May 2007 21:32:12 +0200
MIME-Version: 1.0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.2962
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.2869
X-PN-VirusFiltered: by PlusNet MXCore (v2.00)



Title: Re: Spam being recieved on Private e-mail addy
Post by: dtomlinson on May 14, 2007, 10:29:51 pm

Is there any mileage in tracking down the owner/s of such domains?  Unable to access allwhois just now to check the two quoted above, but looked up a couple of others earlier (along the lines of the multi-appearing teits.com , tekyi.com , tehgn.com - don't recall now, precisely which two) and both were owned by the same people, pumpmaster something-or-other (Brazil I think) - would the original source of this very-large batch of addresses be demand-able from the domain owners? If not by F9/PN, by whichever related UK body governs data protection.

Unlikely, chances are the people on the whois are just victims of identity or credit card theft and will know nothing about the domain until they see a strange payment or five on their credit card bill.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 14, 2007, 10:49:47 pm
Quote
That wouldn't explain how specific bloggs (at) username addresses have been discovered, nor mailboxes known only to customers/staff, but it would seem to have been "theoretically possible" for most or all of the username (at) username and postmaster (at) username addresses to have been assembled by anyone with the time to spare to set up the spam list from already-publicly-available information.

Sure, being able to rdns all of PN customers has been known for a while and i'm surprised its not been done before now, thats to be honest, not the issue.

The issue (for me at least) is the release of information about true valid mailboxes (or used to be valid mailboxes). This "leak" can only have come from either a)a PN person b)a hacker who has obtained access to one or more files.




Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 14, 2007, 11:12:42 pm
Just checked my catchall spam@username etc and have received one addressed to it.
This account was set up on the 19th April purely as a catchall and has never been accessed other than by webmail
Quote
Envelope-to: spam@*****.plus.com
Delivery-date: Mon, 14 May 2007 19:42:00 +0000
Received: from 201008098009.user.veloxzone.com.br ([201.8.98.9])
by fhw-sunmxcore06.plus.net with smtp (PlusNet MXCore v2.00) id 1HngQd-0006H6-1f
for spam@holtlane.plus.com; Mon, 14 May 2007 19:42:00 +0000
Message-ID: <001401c79646$c8c52970$000f2d9c@eub39919e885c1>
From: Coy Mccarthy <babhatchers@guanajuatorealty.com>
To: spam@*****.plus.com
Subject: blondes will **** like crazy
Date: Mon, 14 May 2007 16:41:56 -0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="windows-1250"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2462.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.3000
x-open-relay: 201.8.98.9 is in a black list at bl.spamcop.net
X-PN-VirusFiltered: by PlusNet MXCore (v2.00)


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 14, 2007, 11:54:27 pm
Hmmmmmmmmmmmm, OK, so I'm now officially annoyed :x

A whole bunch of spam received today much as described in earlier posts (i.e. all related to 'performance' enhancement various) so obviously from the same [Censored]. Grrrrrrrrr. This time I got some to my main e-mail address My_Name@My_PN_Account.plus.com as the first one was but some also to My_PN_Account@My_PN_Account.plus.com  What an absolute b*gger that 7+ years of spam free e-mail has clearly come to a rather abrupt end :(

There doesn't seem to be any real correlation between them at all. They apparently come from all over the place. France, USA, Far East etc.  I have to say this is pretty much what happened to my F9 account years ago unfortunately - suddenly started getting spam galore to specific addresses for no apparent reason after a long period of none at all.  That account became pretty much totally unusable in a very short space of time as the spam increased exponentially.

Whoever is (hopefully) found responsible for providing my details to the spammers is defo going to need something a whole lot stronger than 'performance' enhancing drugs to cure their problems if I ever get my hands on them ... they'd need to find an organ donor for starters in order to have something to enhance the performance of !!!

Given the fact that this all started using my 'main' named e-mail address and so many other PN users are seeing the same kinda thing, this just has to have been obtained somehow directly via PN - either from the portal forums or even worse still internally.  I just can't see any other possible explanation except perhaps getting it from here somehow.  I can fully understand getting hold of the My_Account bit from any one of various places and then using the Random_Chars or Good_Guess prefix (as has happened to some users before) but to target specific named addresses and virtually no others is highly suspicious of something way more than a bit of good guesswork. 


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 15, 2007, 01:02:56 am

Given the fact that this all started using my 'main' named e-mail address and so many other PN users are seeing the same kinda thing, this just has to have been obtained somehow directly via PN - either from the portal forums or even worse still internally.  I just can't see any other possible explanation except perhaps getting it from here somehow.  I can fully understand getting hold of the My_Account bit from any one of various places and then using the Random_Chars or Good_Guess prefix (as has happened to some users before) but to target specific named addresses and virtually no others is highly suspicious of something way more than a bit of good guesswork. 

My router log reporting email address was clearly not guessed, as it was too specific. This info can only have come from F9 redirects database, or someone sniffing specific email traffic on it's way in/out of F9. I have never personally sent mail from it or to it. Only my router has sent mail from that address and TO that address, for F9 to redirect on to main account so I receive the router logs & alerts. It has never been listed anywhere or used anywhere or even know about by any other being apart from me... and I ain't told no-one. The router in question is now dead, although it is still in possession, so the email address hasn't been used since last June/July.

The username@username.f9.co.uk emails could have been generated by a scouring forums etc, but clearly my case shows that other tactics were used in this instance (for at least some of the email addresses, and therefore I guess ALL of the others!). This is FAR more serious that that.

There has been a serious breach of security somewhere and I hope F9 get to the bottom of it and quick.

Until I know the hole is closed, then I am losing confidence in F9 to be trusted in the future.





Title: Re: Spam being recieved on Private e-mail addy
Post by: BR_pnug on May 15, 2007, 01:14:50 am
Between 7 & 9 ish pm Monday 14th I received another batch of spam delivered to my previously spam-free  (before 13th May that is) mail boxes. Each included a link to http://tekyi.com or http://ourmix.hk. I cannot help thinking that PN data source has been compromised.  I'm not sure what to make of the comment in the PN Service Update "Reports of Spam Email (42837)" at 14/05/2007 @ 19:33 that "We ... are confident that we have resolved this issue and will monitor the situation closely to ensure that the effect is minimised and the issue does not reoccur."   


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 15, 2007, 01:28:10 am
I just read that report too. The fact that they are planning to contact all affected users suggests that they know exactly which accounts were compromised! I will wait with interest to see who they contact, and if they get it right!

Clearly they are staying tight-lipped about it until they get further to the bottom of it, but we now have to wait for the next update (they say Friday!)...

I'm not really happy that they aren't saying any more until then, but equally, I understand that they need to sort out the immediate problem first, which obviously means contacting a lot of users to explain the implications!

I just wish they could give us more info, so we can make up our minds whether to trust F9 any further. To me this is a very serious matter, and I need re-assuring or I will be looking for a new provider. A blackout on further news until Friday will only let minds worry and ideas spiral further!

Please give us more of an update before then... to the best of your abilities. I can wait for the full detailed report, I just need the gist of it. (Oh and without SPIN please, just the facts!)

Thanks


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 15, 2007, 03:38:00 am
Oh b*gger, just read the service.status reports :(  and not liking the sound of it one little bit either.

Also, just received another batch of spam to My_Name@My_PN_Account.plus.net like the very first one with the attached .gif image for meds :(  All came into PN at around the same time, just after 02:00

Quote
We are in the process of contacting all affected customers in order to inform them of the incident and of any steps they need to take to ensure that their Internet connections and computers are safe.

Although I welcome the contact (if/when it happens) I particularly don't like the bit in bold because, unless that is just a little @rse protect and/or supposed to be 'comforting' words, it implies to me there is something rather more serious than just e-mail addresses being acquired by a third party. 

I appreciate that the problem is being worked on and it's probably not a simple one but need more info and need it real soon Mr.PN because several more days to find out just how deep the poo is isn't really on - especially if there might be other implications such as passwd or other sensitive data involved or trojan/virus issues.

I've also been having a few other very 'strange' and highly unusual problems just recently and whilst that might be simply co-incidence it's a bit odd that after a good few years of everything hunky-dory it all seems to go t*ts up around the same time.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 15, 2007, 04:15:47 am
Oh great, the one and only mbox on my PN Account is now apparently getting the d@mn stuff as well :x 

A whole bunch arrived around 18:00 Monday 14th May although none at all on Sunday 13th when I got the first one on my address. I'm *really* sure that my 80 year old mum is going to be well interested in getting lots of this performance enhancement [Censored] ... NOT.  Grrrrrrrrrrrrr.

Also, my F9 account is now getting the stuff along with all the random [Censored] that it gets in any case. So, that means the following addresses have been recently targeted so far:

My_Name@My_PN_Account.plus.com
My_Account@My_PN_Account.plus.com
My_Only_Mailbox@My_PN_Account.plus.com
My_Account@My_F9_Account.force9.co.uk
postmaster@My_F9_Account.force9.co.uk

Interestingly, My_Mailboxes@My_F9_Account.force9.co.uk haven't as yet.

Other specific named addresses  @My_F9_Account.force9.net have been getting spammed silly for years and I would put a quite large sum of money on that being almost exclusively down to much the same reason as for this recent apparent fiasco rather than being down to me being a bit careless with who I gave them to.

Suffice it to say that I'm so not a happy bunny.


Title: Re: Spam being recieved on Private e-mail addy
Post by: wildmind on May 15, 2007, 07:59:33 am
Great,

My account has started to receive spam as well :(

P.S. - Can someone from PUG please remove my wildmind@usergroup address as that is now also being spammed :(

I look forward to reading what has happened and why!


Title: Re: Spam being recieved on Private e-mail addy
Post by: James on May 15, 2007, 08:14:26 am
I've added a note to that effect in a thread discussing @usergroup addy's in case it gets missed here Mike.

I'm sure one of the admins will oblige when they are next about.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 15, 2007, 08:25:37 am
please remove my wildmind@usergroup address as that is now also being spammed :(

My theory, based on the patterns of messages I have, is that somebody has sent a message to wildmind@usergroup to you from Webmail, and so it is a valid To: field in a message in the Sent Items folder.

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 15, 2007, 08:33:56 am

I just can not describe how annoyed I am at this.

We spend good money on domain names and usernames that are far from guessable, it has taken time to get friends/family aware of the need to use certain e-mail adresses for specific tasks, like an addresss that is only ever used for registering for websites and an address for private e-mail.


Of course now, that planning and expense are nullfied because I have sent them all e-mail via Webmail.

If this list has been sold on and we continue to get these messages I am pretty sure my OH will be demanding we leave PN. This time I can only agree with her, the previous problems with lack of bandwidth and the 'email deletion' were not such an issue as this as the ramifications are likely to remain forever if this list was sold/copied.

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: wildmind on May 15, 2007, 08:35:06 am
Cheers James!

Must admit that I have used the wildmind@usergroup from webmail as it was the only way to send emails when I used to be working at my old place ;)


Title: Re: Spam being recieved on Private e-mail addy
Post by: The Flying Gribble on May 15, 2007, 08:47:18 am
Had about 30 spam emails this morning when I logged in, mostly of the carnal nature.  I use mailwasher to check 4 different PN and free-online mailboxes. All of them have been spammed, going directly to the mailbox address.  I never distribute my PN addresses, since I use my own domain which then gets forwarded to PN.  Definitely come internally from PN.


Title: Re: Spam being recieved on Private e-mail addy
Post by: BR_pnug on May 15, 2007, 08:54:28 am
At about 4am 15 May received the last of my 6 PN mailboxes recieved the "ED" spam.  This mailbox has not been used since 2005, possibly longer.  I am now convinced that the PN database HAS been compromised.  I don't mind setting up replacement addresses but what guarantee is there that this will remain secure????


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 15, 2007, 09:12:11 am

I just can not describe how annoyed I am at this.

We spend good money on domain names and usernames that are far from guessable, it has taken time to get friends/family aware of the need to use certain e-mail adresses for specific tasks, like an addresss that is only ever used for registering for websites and an address for private e-mail.


Totally agree with that!

Fortunately, it would appear I may have only used web-mail once, therefore only 1 of my addresses have been compromised from my own personal domain (used for PN to contact me).

Therefore - this is now black holed meaning the spam and PlusNet cannot use it any more... (I can only see that as a good thing TBH!). :-D


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 15, 2007, 09:23:58 am
Question on the extent of the leak.
Just checked with my daughter and not only is she receiving these to both her PlusNet addresses but also her works address starting at the same time.. The only connection between the two is that mails have been sent to it from PlusNet possibly by webmail.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 15, 2007, 10:00:36 am

Yes Jim, see 6 posts higher, I have very strong evidence that points to the same conclusion. :(

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jabns on May 15, 2007, 10:03:32 am
I think Plus Net just needed a new central so sold all of its 220,000+ customers emails. Watch out for the letters through the post next :wink: . <--- Just a joke not a conspiracy --->

On a serious note the way i have found the best is to make a mailbox using a formula like this:
f9-mbox-001-james     <--- Obviously not my real mail box and is just an example --->

and then a redirect as followed:
james @xxx-xxxxxxx.co.uk

I find this better way of doing things because then if SPAM starts to hit you badly you just change the forward.

I am also setting up a parimeter gateway spam checker so that they get bounced before i even start to download them. I would highly recommend this because the modem just forwards PPP to the gateway you do not use any bandwidth downloading crap!  :-D


Title: Re: Spam being recieved on Private e-mail addy
Post by: RogN on May 15, 2007, 10:17:58 am
Remind me, wasn't there a couple of other instances of PN having their data compromised?

Perhaps they should have a new nickname "sieve"

I only use my email from PN for their contacts, well until now when the world uses it for porn type contact.

No good taking emails out of the public eye, once got they never leave them alone and each week the spam level goes up exponentially.

Trouble with using filters is that I have not found one that does not miss one sometimes. The last contact from PN one got through on one address and the other got labelled "spam".

If its PN's fault they will just have to pay for all the changes for customers emails to be renewed and also any fines from breach of data protection. You would think an ISP company would have enough computer power to work seriously on preventing this, especially with their past track record. Guess its about how much you are bothered about customer details.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 15, 2007, 10:22:04 am
Remind me, wasn't there a couple of other instances of PN having their data compromised?


Yep.


Title: Re: Spam being recieved on Private e-mail addy
Post by: The Flying Gribble on May 15, 2007, 10:23:35 am
The only connection between the two is that mails have been sent to it from PlusNet possibly by webmail.

Were they just sent from WebMail, or were the addresses in the WebMail Address Book? The former implies access to the messages themselves I guess.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 15, 2007, 10:30:50 am
Just sent from webmail I think


Title: Re: Spam being recieved on Private e-mail addy
Post by: The Flying Gribble on May 15, 2007, 10:54:33 am
Just saw this on the front page of TBB

Quote
We have checked with Plusnet and they can confirm that no credit card details or personal information has been obtained by the third party.



Title: Re: Spam being recieved on Private e-mail addy
Post by: wildmind on May 15, 2007, 10:57:54 am
Would have been nice for them to confirm it when asked in numerous places rather than giving vague non-commital answers :@


Title: Re: Spam being recieved on Private e-mail addy
Post by: James on May 15, 2007, 10:58:48 am
I accept they are busy right now, and yes, I've read the SS's but its a shame that a similar statement wasn't made to help allay fears a little here (and on the portal boards)

I'll add note to the thread on the PN portal (http://portal.plus.net/central/forums/viewtopic.php?t=55912&postdays=0&postorder=asc&start=0).


Title: Re: Spam being recieved on Private e-mail addy
Post by: RogN on May 15, 2007, 11:11:15 am
Quite ironic, my PUG notices are being labelled as "Spam"

If they know what has not been breache, they must know what has, both pieces of information sadly missing in an easy to see way. Many forums are now debating this and members have to go chase the information. Not as though what has happened to our details is much of interest to us, is it?


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 15, 2007, 11:22:11 am

Yes Jim, see 6 posts higher, I have very strong evidence that points to the same conclusion. :(

SW.
Just seen this reply by Ian over at TBB
Quote
As Bob was saying yesterday, if anyone knows of an address that they don't believe has ever touched webmail then they should send him a PM with the details so we can check. From all of those yesterday, we didn't find any without a Webmail based explanation - The one I looked at personally had been sent an email by a Comms member of staff from Webmail (Presumably someone working from home and following up a forum thread). I'm presuming Bob is coming back to people who enquire about specific addresses with more detail, but if he hasn't yet please do bear with us - As you can imagine we are working to a tight plan today...

Ian
To me this reads that any email sent from webmail has had all the addresses harvested - I hope I am wrong


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 15, 2007, 11:25:14 am
Oh yes indeedy, yet more and more of that luverly spam.  yum.yum.yum. I am now completely spoiled for choice as to how to enhance the size and performance my c**k so that I can c*m loads and ej*****te well when I f**k  :x  I'm so pleased that I don't have to worry about that any more.

It would appear that whilst I can be very careful for around 10 years and protect myself totally from this kinda [Censored] and other disasters whilst openly using my e-mail address and other personal data, PN can't be careful for more than 10 minutes at a time :(  As mentioned by someone else above, it aint anywhere close to the first occasion that this or something vaguely similar has happened either. 

People seem to be saying earlier that this is a 'webmail' thing - it can't be, or at least not solely. I have never used webmail in most cases and the only time I did was probably >5 years ago and then only to check the contents of my inbox not send stuff etc. It simply has to be a far more serious breach than someone hacking webmail or suchlike.  Am I p*$$ed off right now or am I p*$$ed off right now.

Every single e-mail address/mailbox that I have ever used over the past 10 years is now a getting spammed for the first time. Exxxxxcelent stuff. Jolly well done chaps so have one of these right now (http://www.twowheels.force9.co.uk/STUFF/SMILIES/smackbutt1.gif) and seeing that a picture always says a thousand words and all that, I think this sums up my thoughts on whatever the whole sorry tale is quite nicely:

(http://www.twowheels.force9.co.uk/STUFF/camel.gif)


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 15, 2007, 11:39:44 am
I hope I am wrong

I am a frayed knot. :(


Title: Re: Spam being recieved on Private e-mail addy
Post by: Penny on May 15, 2007, 11:44:51 am
Oh yes indeedy, yet more and more of that luverly spam.  yum.yum.yum.

Given that this is a publicly-accessible forum that kids of any age can view, I don't feel it's appropriate to include the sort of detail (starred or not) that appears in Post # 101 above.

Perhaps such references could be modified somewhat?

We're all substantially teed off with this situation (which appears to be getting worse in terms of volume of related spam currently being received) but that doesn't make it necessary to go into graphic detail of the spam content.

Just my thoughts :(

Penny.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 15, 2007, 11:45:45 am
OK, with this issue, if it happens that our e-mails have been compromised and this list has been sold/copied to the WWW then I respectfully ask PN to implement a system similar to postini (www.postini.com) so that we no longer have to download SPAM and virus infected messages.

Lets see if this problem persists. If it does I will start a Poll on the portal forum.

I certainly hope PUG will support this request.

regards,
SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 15, 2007, 12:02:50 pm
Oh yes indeedy, yet more and more of that luverly spam.  yum.yum.yum.

Given that this is a publicly-accessible forum that kids of any age can view, I don't feel it's appropriate to include the sort of detail (starred or not) that appears in Post 101 above.

Perhaps such references could be modified somewhat?

We're all substantially teed off with this situation (which appears to be getting worse in terms of volume of related spam currently being received) but that doesn't make it necessary to go into graphic detail of the spam content.

Just my thoughts :(

Penny.

I sort of agree with you but then again I don't think that PN should have allowed such a breach of data that has resulted in such information AND without any of the ***'s being sent to a huge number of people who most certainly should NOT be subjected to such language.  I'm really looking forward to explaining just WTF is going on to my 80 year old mum and various youngsters who are now being sent this [Censored] through no fault of mine if I can't manage to trap it all before it gets seen. 

This might be a public forum but it is also (generally speaking) a place where people know about this kinda thing and have no doubt seen it all before in any case.  If you are not happy about seeing such things on here even when suitably censored, just consider how unhappy some people are when such inappropriate information is being freely sent in copious quantities and explicit detail directly to VERY inappropriate recipients.

And still no 'official' word from PN and still no contact from PN just lots of poncing about, rumours and half stories all over the place.  Come on PN, get @rse into gear and make a single, consistent formal statement in one place so that everyone knows exactly what the score is and just how bad the situation is or is likely to get. 

I'm sorry but I will not modify the post that is causing 'offence' as I consider it suitably censored already.  If PN or one of the MODS considers it necessary to do so then that's fine by me PROVIDING that they also take it upon themselves to edit and/or delete all the REALLY offensive [Censored] that I am now receiving on all my e-mail accounts as well.


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 15, 2007, 12:35:32 pm
Hi

Quote
Just sent from webmail I think

As others have pointed it can't be.  I haven't used webmail for years and have my own SMTP server, and don't receive email via Webmail from any other PlusNet member.



Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 15, 2007, 12:42:44 pm
Hi

Quote
Just sent from webmail I think

As others have pointed it can't be.  I haven't used webmail for years and have my own SMTP server, and don't receive email via Webmail from any other PlusNet member.



A few posts back there was a quote from another forum where Bob (I think) was asking for details of any addresses NOT linked connected some way with webmail (presumably to check this was the method used). I am guessing that they will run the suspected address against the webmail logs and check if it appears anywhere. If it does, then they know it is webmail, if it doesn't then they know they have to look elsewhere.

I suggest you send all the affected addresses to Bob, for him to check for you. It will help them find the leak definitively and make sre it is fully closed. If they have a different hole too, they will want to know about it ASAP.

<edited to correct "Bon" to "Bob">


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 15, 2007, 12:48:58 pm
A few posts back there was a quote from another forum where Bon (I think) was asking for details of any addresses NOT linked connected some way with webmail (presumably to check this was the method used). I am guessing that they will run the suspected address against the webmail logs and check if it appears anywhere. If it does, then they know it is webmail, if it doesn't then they know they have to look elsewhere.

I suggest you send all the affected addresses to Bon, for him to check for you. It will help them find the leak definitively and make sre it is fully closed. If they have a different hole too, they will want to know about it ASAP.



It was Bob Pullen  - PN staff http://usergroup.plus.net/forum/index.php?action=profile;u=90

Original Post is here http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=3000543


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 15, 2007, 12:54:41 pm
I suggest you send all the affected addresses to Bon, for him to check for you. It will help them find the leak definitively and make sre it is fully closed. If they have a different hole too, they will want to know about it ASAP.

I think you might mean 'Bob' and I would love to BUT the problem is that PN are handling this problem in their usual stupid and spread_about_all_over_place kinda way so I have no idea exactly WHO the info should be sent to or exactly WHERE that person is actually hanging out and so on.  As the quote was from elsewhere I presume they're not hanging out here.

FFS will someone at PN start handling this in one single place so that everyone can follow it and respond with stuff that could be helpful in resolving the problem  :x  I for one have got far better things to do than spend all day trying to find which one of several different places has some relevant info posted on it.  I gather there is a big discussion on the portal forums but I wouldn't go within a 100 yards of them again even using someone else's personal data !!!!!


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 15, 2007, 12:59:15 pm
It was Bob Pullen  - PN staff http://usergroup.plus.net/forum/index.php?action=profile;u=90

Original Post is here http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=3000543

Thank you.  Nice to see that all the action is going on on a non-PN related site and a site that PN had vowed to stay away from isn't it  :roll:  However, I presume I can PM Bob from his profile on here so will do so in a mo.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 15, 2007, 01:05:52 pm
I have to be honest and say i agree with what rsharma says as follows:

The TBB news article states that PN have confirmed that no other details except for emails have been compromised: http://www.thinkbroadband.com/news/i/3083.html

Although deeply frustrating for many people, a loss of an email address (or many) has to be accepted now. Ideally I would suggest that you start changing them where possible because there is little PN will be able to do. You then have to wait for an explanation, but it seems likely to be a webmail issue and probably linked to what happened last week. There were reports of a trojan on the webmail platform and being redirected to unacceptable sites.

What is more concerning, however, is whether the breach of webmail has allowed the third party to access not only PN email accounts but also email addresses of those that have been emailed using the service. If that is confirmed it will be a much bigger problem (not that it isn't serious now) as you might have to explain to your contacts why they too are receiving spam. The other problem might well be even more serious for those that use a personal domain name in that they might well end up on the spam database, that many ISPs/people check against, if the spammers start using the forged email addresses to send out even more spam to others. It will also increase NDR traffic to your domain name and email address.

Although some big names, including financial institutions, have fallen foul of security, PN seem to be more prone to this kind of thing. This will be the fourth serious incident in the last year associated with their (lack of) security.


linky - http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=3001530


Basically, put up with the spam for a few days while you let everyone know about a new address you will be using. Then  trash your current e-mail address as there is no way to stop the spam you will now get (it will only get worse as the person with the list sells it on to others). Looks like PN will need the additional servers now what with this increase in spam.





Title: Re: Spam being received on Private e-mail addy
Post by: Penny on May 15, 2007, 01:38:45 pm
FFS will someone at PN start handling this in one single place so that everyone can follow it and respond with stuff that could be helpful in resolving the problem  :x 

Agreed.

Given that the PUG forums are ideal for this (and that all affected parties can post here as well as read) and that much of the related data is already collected here, could this not be initiated immediately?

Basically, put up with the spam for a few days while you let everyone know about a new address you will be using. Then  trash your current e-mail address as there is no way to stop the spam you will now get (it will only get worse as the person with the list sells it on to others). Looks like PN will need the additional servers now what with this increase in spam.

Might this perhaps be the right time to implement the already-scheduled-for-some-time-in-the-future blackholing of default mail, with all affected customers advised that the blackhole will come into effect on xxxx date and that they need to set up new mailboxes and new mailbox re-directs with immediate effect and advise all their contacts of the changed addresses?

An unbelievable inconvenience for customers  :roll: but given that the horse seems to have already left the stable, I don't currently see many alternatives.

It might also be time for PN to get around to dealing with PUGIT 116 (http://usergroup.plus.net/pugit/view.php?id=116), with some urgency.

Regards,

Penny.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 15, 2007, 01:44:52 pm
Basically, put up with the spam for a few days while you let everyone know about a new address you will be using.

... and I'm rapidly coming to the conclusion that it's going to be of the form My_Name@My_Account.At_Another_ISP.com    Changing e-mail addresses that have been in very frequent use world-wide for around 10 years is such a complete PITA but it does present the ideal opportunity to change the whole d@mn thing rather than just the bit before the '@' doesn't it and without anything much in the way of added pain.


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 15, 2007, 02:01:13 pm
A few posts back there was a quote from another forum where Bon (I think) was asking for details of any addresses NOT linked connected some way with webmail (presumably to check this was the method used). I am guessing that they will run the suspected address against the webmail logs and check if it appears anywhere. If it does, then they know it is webmail, if it doesn't then they know they have to look elsewhere.

I suggest you send all the affected addresses to Bon, for him to check for you. It will help them find the leak definitively and make sre it is fully closed. If they have a different hole too, they will want to know about it ASAP.



It was Bob Pullen  - PN staff http://usergroup.plus.net/forum/index.php?action=profile;u=90

Original Post is here http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=3000543

It was Bob I was thinking, but my fingers are clearly typing funny this afternoon! I really don't know how I typed it wrong twice, but the "N" is right next to the "B"!

I have PM'd him my email addresses that I think have not been in the webmail system... no doubt I am wrong though, and I will find that I tested these addresses from webmail at some time or other... but I don't remember it! Unless, they managed to scrape up the emails themselves from webmail, as the router one must have featured in my webmail account as it gets redirected to my main mailbox, which would probably have been seen in my webmail on a few occasions I use it.


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 15, 2007, 02:41:40 pm
FYI, The following email is in the process of being sent to all customers identified as potentially affected by the mentioned trojan vulnerability.

Service Status will be updated shortly with further information on the email address issue.

Quote
Username: {username}

Dear Customer,

This email contains important information about a recent problem with our Webmail system which may have affected you.

PlusNet takes its customers' security very seriously.

It has come to our attention that a number of customer email addresses have been obtained illegally by a third party. No other personal information, including credit card details, has been disclosed. As a result, some of our customers have experienced increased levels of spam to their email addresses. We notified customers of this on our website last night  http://usertools.plus.net/status/archive/1179136452.htm

We have also identified that a small number of customers may have been affected by a Trojan virus. There has been no compromise of your personal details or credit card data held by us.

Our records and network monitoring indicate that there is a small chance that your PC may have become infected with a Trojan virus. While we would stress that the threat is minimal, we would ask you to take the following steps in order to ensure that any potential risk to your system is mitigated:

1. Ensure that your system is fully up to date by running a Windows Update. Do this by selecting Windows Update; from the Tools menu at the top of an Internet Explorer window. You should ensure that you have all critical updates installed as a minimum.

2. Run an online virus checker such as the Trend Micro tool at: http://housecall.trendmicro.com/ This free checker will identify if the malware discussed in this email has affected your PC, and allows for its removal.

3. If you do not currently use an Anti-Virus program, we strongly recommend the use of an up-to-date application such as the free version of AVG Antivirus, available from their website at  http://free.grisoft.com . You can find more information about On-Line security on our support website at:
http://www.plus.net/support/security/viruses/infection.shtml


Customers who are protected by up-to-date Antivirus software, or who have Windows Operating Systems with recent updates installed will be unaffected by this problem, as will users of non-Microsoft operating systems such as Apple Mac OSX; or Linux. More details about the Microsoft vulnerability involved here can be found at http://www.microsoft.com/technet/security/Bulletin/MS06-040.mspx

We would like to reassure you that we take the security and online safety of our customers very seriously. 

Please accept our sincere apologies for any concern this email may cause you. If the steps detailed above are followed then any risk that you may have been affected will be eliminated.

To validate the authenticity of this email, you can find a copy attached as a Service Notice on your account. To view this, please visit the Help and Support section of our website and click on My Questions.

Kind Regards,

Phil Webb
Networks Director
PlusNet

http://portal.plus.net

--
This email has been sent as it contains important information about your service from PlusNet. Please do not reply to this email, as this is an unmonitored address.

PlusNet plc
Registered Office: Internet House, 2 Tenter Street, Sheffield, S1 4BY Registered in England no: 3279013


Title: Re: Spam being recieved on Private e-mail addy
Post by: RogN on May 15, 2007, 02:50:10 pm
"We would like to reassure you that we take the security and online safety of our customers very seriously."

If you say it often enough people do believe anything. There is not a shred of evidence in this email, and plenty over the past 2 days, to suggest something vastly different.


Title: Re: Spam being recieved on Private e-mail addy
Post by: bpullen on May 15, 2007, 03:51:07 pm
Hi all,

The latest Service Status has just been published to the portal. You can see a copy here (http://usertools.plus.net/status/archive/1179240249.htm).

It's a little more detailed and hopefully answers a few questions however there's still certain aspects we're unable to discuss whilst our investigations continue.

Kind Rgds,


Title: Re: Spam being recieved on Private e-mail addy
Post by: wildmind on May 15, 2007, 04:01:03 pm
Hmmmm.....

If the spammer didn't use the database for 6 months would we have been informed of this breach?

Gotta admit that I have completely lost trust in the security of PNs systems with this as it really doesn't leave me with any confidence at all :(


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 15, 2007, 04:07:55 pm
I am confused.
The link provided in the service status says this
Quote
If you change this password you will also need to update the password on your broadband modem or router, or you will not be able to connect to the Internet. This password change does not affect passwords for any mailboxes you have set up.
but the passwords/accounts which have been compromised are from webmail and you need the email password to access that.
So what may have been compromised - account password, email password or both.


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 15, 2007, 04:09:05 pm
Hmmmm.....

If the spammer didn't use the database for 6 months would we have been informed of this breach?

I think you would.  The same investigations would have taken place, it just may have taken longer to find the answers.  The end conclusion should have remained the same though.  The discussion / reports in the forums would have been the same, only 6 months later.


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 15, 2007, 04:11:16 pm
I am confused.
The link provided in the service status says this
Quote
If you change this password you will also need to update the password on your broadband modem or router, or you will not be able to connect to the Internet. This password change does not affect passwords for any mailboxes you have set up.
but the passwords/accounts which have been compromised are from webmail and you need the email password to access that.
So what may have been compromised - account password, email password or both.

Your default mailbox password is the same as your accout password.  Any additional mailboxes that you have setup may be setup with different passwords depending on what you suggest. 

If you are wishing to change your passwords as a precaution, then it would make sense to change the password of any mailboxes that you have logged into webmail with at the time.


Title: Re: Spam being recieved on Private e-mail addy
Post by: RogN on May 15, 2007, 04:14:17 pm
Quote

If the spammer didn't use the database for 6 months would we have been informed of this breach?


If that scenario had been true the raider could have continued to collect further information, because PN only knew of the security breach from the spam emails, not from any checks they have made. Customers were only told because they informed PN of it, otherwise, I reckon it would have gone where the last lot of lost emails went.


Title: Re: Spam being recieved on Private e-mail addy
Post by: dusty_bin on May 15, 2007, 04:21:55 pm
Regarding this:
Quote
We have also identified that a small number of customers may have been affected by a Trojan virus. There has been no compromise of your personal details or credit card data held by us.
Our records and network monitoring indicate that there is a small chance that your PC may have become infected with a Trojan virus. While we would stress that the threat is minimal, we would ask you to take the following steps in order to ensure that any potential risk to your system is mitigated...
So which 'system'? Is this referring to the machines that might have been used to login to webmail?

Quote
One of six @Mail servers was attacked and it is possible that customers connected to this server during the incident, may have had their login details observed.
This is a different issue from the above, right?




Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 15, 2007, 04:23:56 pm
Both points relate to the same compromise.

With regards to following the steps given, it would be the systems on which you accessed Webmail, if they were not patched with the latest Windows Updates or protected by up-to-date AV software.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 15, 2007, 04:28:27 pm
Liam,
It is still not clear.
The service announcement says
Quote
One of six @Mail servers was attacked and it is possible that customers connected to this server during the incident, may have had their login details observed. Purely as a precaution we advise customers to change their account password by visiting our website https://portal.plus.net/my.html?action=change_password&s=0 Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.
So are you saying that the email passwords have or have not been compromised also if one logged into webmail from the portal, having already logged in using the account password is the account password at risk as well as the mail password.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Peak1 on May 15, 2007, 04:36:41 pm
Liam,

If someone has a username and password from the WebMail servers they can then log in to the Member Centre. If this is done they have access to a persons name, address and telephone number as well as the full sort code for their bank/building society if they pay by direct debit. I've just checked and my sort code was displayed in full.

How can we be sure that this information has not been compromised?

Mark


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 15, 2007, 04:52:13 pm
Right.  Let me attempt to clarify.

Only one of our six servers was compromised which resulted in the possible spread of a trojan to people that connected to the affected server and whom werent up-to-date with the latest Windows Updates or without adequate AV protection etc....  Additionally, as part of this, it is possible that customers who connected to the affected server during the incident, may have had their login details observed.   So, as a precaution, we recommend changing any mailbox passwords that you may have accessed (if you accessed webmail around or just before we resolved the actual compromise on Wednesday last week.  If it's the default mailbox you use on webmail, then that would be your accout password.

Webmail is completely isolated from all our Sheffield based services, including the Portal servers and our core databases.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Peak1 on May 15, 2007, 04:59:14 pm
Liam,

If you have your default password observed then this would allow a hacker to login to the Member Centre and therefore access the name, address and sort code!! It doesn't matter that the databases are separate.

Mark


Title: Re: Spam being recieved on Private e-mail addy
Post by: RonSlicker on May 15, 2007, 05:01:16 pm
Right.  Let me attempt to clarify.

Only one of our six servers was compromised which resulted in the possible spread of a trojan to people that connected to the affected server and whom werent up-to-date with the latest Windows Updates or without adequate AV protection etc....  Additionally, as part of this, it is possible that customers who connected to the affected server during the incident, may have had their login details observed.   So, as a precaution, we recommend changing any mailbox passwords that you may have accessed (if you accessed webmail around or just before we resolved the actual compromise on Wednesday last week.  If it's the default mailbox you use on webmail, then that would be your accout password.

Webmail is completely isolated from all our Sheffield based services, including the Portal servers and our core databases.

So...   the way I'm reading this is that there is only a problem if you happened to be using webmail at the time (or logging in to webmail)? Is that correct? If I was only using POP then there's no problem?


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 15, 2007, 05:12:10 pm
it is possible that customers who connected to the affected server during the incident, may have had their login details observed. 

So Liam, if you were using webmail at 'the time of the incident' and logged in as lmartin+privatemail would it be only the password for the 'privatemail' mailbox have been obtained or would they now also have all passwords for lmartin+<anything> including the password for the default account that would allow them access to the PN portal and Member Centre?

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: RogN on May 15, 2007, 05:12:21 pm
"around or just before we resolved the actual compromise on Wednesday last week"

So PN knew about this in the middle of last week but only admitted to it when people started  complaining about spam.


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 15, 2007, 05:24:02 pm
Liam,

If you have your default password observed then this would allow a hacker to login to the Member Centre and therefore access the name, address and sort code!! It doesn't matter that the databases are separate.

Mark

There is little damage they could do, though.  They could update your payment details but not view all your current payment details.  They could raise a ticket on your account?  We have all sorts of protection in place for suspicious portal logins.  We talked about those when there was the suspected phpbb vulnerability that we patched earlier this year.  (e.g. multiple logins / denied logins / suspicious sources etc.. etc..)

Plus, what value is a password to a spammer anyway?  Even if they did manage to overlook any, it's highly unlikely (in my personal opinion) that they'll keep them.  They wanted to harvest email addresses, clearly, and they've done that now.  Damage done - and now we're paying the price.

I'm not trying to play down the seriousness at all.  But, really, the damage they could do on the Portal is, thankfully, fairly limited.


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 15, 2007, 05:24:33 pm
So...   the way I'm reading this is that there is only a problem if you happened to be using webmail at the time (or logging in to webmail)? Is that correct? If I was only using POP then there's no problem?

Correct.


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 15, 2007, 05:27:39 pm
it is possible that customers who connected to the affected server during the incident, may have had their login details observed. 

So Liam, if you were using webmail at 'the time of the incident' and logged in as lmartin+privatemail would it be only the password for the 'privatemail' mailbox have been obtained or would they now also have all passwords for lmartin+<anything> including the password for the default account that would allow them access to the PN portal and Member Centre?

SW.

Nothing has been proven, and we're recommending the change as a precautionary measure only at this stage.  However, if webmail was compromised, there is the remote possibility that the password you are transmitting to the server to login (i.e. the mailbox password) could have been overlooked.  As i say, we've seen no evidence that this has happened, however.

It's up to individual preference though.  If you want to be as sure as you can, you should change all passwords.  And you could take it further by making it a habit to change your passwords every couple of weeks or so.  It's up to you - people have varying techniques to deal with online / PC security as best they can.  This is just our recommendation right now that it wouldn't be a bad idea, as a precaution, to change your password(s).


Title: Re: Spam being recieved on Private e-mail addy
Post by: Peak1 on May 15, 2007, 05:33:49 pm
I'm not trying to play down the seriousness at all.  But, really, the damage they could do on the Portal is, thankfully, fairly limited.

Liam,

They may not be able to do much damage to my PN account but given the name, address and sort code they have a good head start on causing a lot of damage to my finances.

Mark


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 15, 2007, 06:33:20 pm
Hi

One wonders if it is about time PlusNet dropped the PHP/MySQL databases and open source approach to their portals and webmail?

Working in IT doing websites for a living I've seen similar problems with PHP/Perl/MySQL being compromised in one way or the other where newer .NET/ASP/ASP.NET/MS SQL based sites have not succumbed to any problems and shrugged of various attacks. Yes Microsoft products do have security holes and cost money to licence but in my opinion are easier to plug and problems are much better publicised.  Open source of course isn't free as PlusNet will be realising now they are finding the hidden cost of it, problems such as this.  A move away from open source might also help PlusNet fill their developer vacancies.


Title: Re: Spam being recieved on Private e-mail addy
Post by: strokedriver on May 15, 2007, 06:34:29 pm
Another oddity, one of the mailbox addresses now being used was deleted months ago.
How did they get hold of that?


Title: Re: Spam being recieved on Private e-mail addy
Post by: scarymonkey on May 15, 2007, 06:35:24 pm
It existed in the webmail database as a used address.


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 15, 2007, 06:40:48 pm
Hi

Just seen several attempts sending to username@username.plus.com, these weren't stopped by an open relay check but were stopped as running my own SMTP I've got the connection dropping immediately it sees the RCTP, as luckily I don't use username@username.plus.com for anything.

There has been a several fold increase in connection attempts that have been blocked due to being from known open relays which I can only guess were also heading to username@.

Thankfully having my own SMTP server has given me control to cut of completely any attempts to send me the SPAM, not everyone though is that lucky, well they may be of course if they are with a completely different ISP.  :roll:



Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 15, 2007, 06:44:26 pm
Best thing that PlusNet can do now is to monitor e-mail addys hit from the leaked e-mails (where the only e-mail now received is going to be spam) and create an automated script to add it straight to their blacklist of IP's and log with spamcop and the like.


Least this would slow the spammers down because as soon as they are sending, they are being blacklisted.


Title: Re: Spam being recieved on Private e-mail addy
Post by: scarymonkey on May 15, 2007, 07:33:09 pm
Tam, although you might only now get spam to those email addresses, it doesn't mean that will apply to everyone. Not PN related but my domain is heavily spammed (after being compromised years ago), including my main email address. I still use this but with effective anti-spam measures of my own.

A blanket blacklisting would have potentialy worse effects for many than some spam emails.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 15, 2007, 07:52:02 pm
Tam, although you might only now get spam to those email addresses, it doesn't mean that will apply to everyone. Not PN related but my domain is heavily spammed (after being compromised years ago), including my main email address. I still use this but with effective anti-spam measures of my own.

A blanket blacklisting would have potentialy worse effects for many than some spam emails.

Nope .... think about it..

for example ... my  plusnet@account_name.plus.com  has been compromised. Nothing has EVER been delivered to this account until 2 days ago. I will certainly NEVER give that address out. PlusNet might as well monitor it, and as and when a mail is delivered to it, spam it and log it to block others getting through to other accounts.

Multiply it to every other account that has the exactly the same issue/setup as me, and you can see pretty easily block the spammers habits quite effectively.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 15, 2007, 08:04:01 pm
I could give you 8 email addresses in the format something@username.plus.com which are being spammed which should never get any emails. What is being suggested is very similar to the honeypot email addresses that the likes of spamcop use.

We could set up redirects to a specific email address akin the the blackhole@abuse.plus.com - anything received to that add to a blacklist.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 15, 2007, 08:06:47 pm
It appears from a post on the portal forums that the webmail server was attacked on or before Friday 4th May. Linky (http://portal.plus.net/central/forums/viewtopic.php?p=422017#422017)

Would someone from Plusnet care to comment?


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 15, 2007, 08:13:35 pm
Hi

Well I've gone to change my password as a precaution and incredibly I am prevented from entering anything really secure, as it validates to:

The password you entered was not valid. Your password must begin with a letter and contain only lowercase letters and/or numbers. It must be between 5 and 8 characters in length.

Come on PlusNet, your security is absolutely hopeless, we have security leaks left right and center from you and then when told to change a password can't use really secure ones.  Eight characters maximum, must start with a letter and lowercase only is plain stupid, what sort of ISP are you? :x  I can't honestly believe it anymore.



Title: Re: Spam being recieved on Private e-mail addy
Post by: scarymonkey on May 15, 2007, 08:24:26 pm
Tam, although you might only now get spam to those email addresses, it doesn't mean that will apply to everyone. Not PN related but my domain is heavily spammed (after being compromised years ago), including my main email address. I still use this but with effective anti-spam measures of my own.

A blanket blacklisting would have potentialy worse effects for many than some spam emails.

Nope .... think about it..

for example ... my  plusnet@account_name.plus.com  has been compromised. Nothing has EVER been delivered to this account until 2 days ago. I will certainly NEVER give that address out. PlusNet might as well monitor it, and as and when a mail is delivered to it, spam it and log it to block others getting through to other accounts.

Multiply it to every other account that has the exactly the same issue/setup as me, and you can see pretty easily block the spammers habits quite effectively.


I did think about and suggest you do too.

In your case they could monitor it but in the case of my mother they couldn't as she will still be using the email address. The blanket approach you have suggested (unless you mean a customer would need to turn it on for their account) will effectively remove email addresses from people regardless of if they are using them or not.


Title: Re: Spam being recieved on Private e-mail addy
Post by: pjmarsh on May 15, 2007, 08:31:27 pm
Vince, I think what they are suggesting is that only certain accounts are used as the honeypot, with the emails they receive being used as info to blacklist the senders, or to train the spam filters for the entire platform.  So that when the same spam is sent to another mailbox, such as your mothers, the platform will block the spam before it gets to the mailbox.

Tam, Have I understood you right?

Phil

edit: typo


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 15, 2007, 08:34:26 pm
Tam is not suggesting that it is turned on across the board. There are numerous postings about email addresses being spammed that have been used eons ago in webmail and are now no longer used. If those email addresses are monitored it would yield the IP addresses of the compromised PCs sending the spam. These could then be blacklisted which would prevent some of the spam getting to your mother.

It's the best (if not the only) sensible suggestion to combat this problem that I've seen.

Edit: Spelling


Title: Re: Spam being recieved on Private e-mail addy
Post by: Laser on May 15, 2007, 08:41:25 pm
Is it just me, or are the spam mails now starting to NOT get tagged as -SPAM-?

All the early ones were clearly tagged, now I get a mix. Should I forward these to the spam-filter trainer, or will that make matters worse?


BTW, is there any way to have the PN system just delete SPAM-detected mails? The last time I tried it I just got warnings from PN saying stuff had been quarantined.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 15, 2007, 08:43:04 pm

Tam, Have I understood you right?

Spot on mate.... everything delivered to that box will have to be spam sourced from this breach, so lets play the spammers at their own game and try to block their bots as soon as they start sending, should help decrease the ammount of spam that gets through to mailboxes that people still want to use, and will certainly reduce the ammount of available non-spam listed bots a lot smaller :)


Title: Re: Spam being recieved on Private e-mail addy
Post by: kitz on May 15, 2007, 09:07:49 pm
Quote
The password you entered was not valid. Your password must begin with a letter and contain only lowercase letters and/or numbers. It must be between 5 and 8 characters in length.

Not happy about this either - Ive just tried to change my passy and came across the same thing. 
Since when did the password have to have lowercase letters?  Why cant it begin with any character?

8 maximum chars?  /me rolls eyes

So users are supposed to change existing passwords to what could be a far less secure password!! Ridiculous!
Its laughable that my old passy wouldnt now be acceptable because of these silly rules.

/me goes to start a new thread on this topic, so as not to take this one OT.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 15, 2007, 09:11:07 pm
I'm still seeing posts from people who are saying that they've not used webmail. Could this be addressed by extracting from webmail a complete database of the email addresses that could have been harvested and sending each user a list of their compromised addresses? I think on my own account there are 20 addresses affected. I would appreciate confirmation that I've got the list right.


Title: Re: Spam being recieved on Private e-mail addy
Post by: NB on May 15, 2007, 09:37:44 pm
Quote
The password you entered was not valid. Your password must begin with a letter and contain only lowercase letters and/or numbers. It must be between 5 and 8 characters in length.

Not happy about this either - Ive just tried to change my passy and came across the same thing. 
Since when did the password have to have lowercase letters?  Why cant it begin with any character?

8 maximum chars?  /me rolls eyes

So users are supposed to change existing passwords to what could be a far less secure password!! Ridiculous!
Its laughable that my old passy wouldnt now be acceptable because of these silly rules.


Everyone should pop over to PUGIT and vote for better passwords. Linky (http://usergroup.plus.net/pugit/view.php?id=29)


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 15, 2007, 09:45:11 pm

Can a postini type of feature now be added to PUGIT ... we really should NOT have to DOWNLAOD these messages in the first place.

SW/


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 15, 2007, 09:49:56 pm
Could you explain how postini works for people who only use pop3 please.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 15, 2007, 09:53:03 pm

I'll start a new thread for this ... :)

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 15, 2007, 09:56:00 pm
Hi

Quote
Not happy about this either - Ive just tried to change my passy and came across the same thing.
Since when did the password have to have lowercase letters?  Why cant it begin with any character?

In my experience this sort of restriction is normally because the passwords are stored in the  database using a very week scrambling method, i.e. ASCII code shifted, which causes problems when you try and use higher ASCII codes that have no where to be shifted to, hence the use of only a-z and 0-9.

Passwords should be stored using a one way hash so they can't be reversed to reveal the password, this means should the database be compromised the passwords retrieved can not be used to log into the system.

Please tell us PlusNet that you are not using some weak ASCII shifting method of storing passwords in 2007?

Having to start a password with a letter, and with it having to be 5 to 8 characters long makes a dictionary attack easier and as you are not forced to use a number most people will not, so it wouldn't take an impossible amount of time to cycle through the possible combinations of words that are 5 to 8 letters long.  Very insecure and with these basics not even right, it isn't surprising that there are these security problems.  :|

Edit: I see this has already been flagged in the puggit item.



Title: Re: Spam being recieved on Private e-mail addy
Post by: selimap on May 15, 2007, 10:20:21 pm
This is a total nightmare. Having set up many dozens of distinct email addresses (all passed through to my main mailbox) so that I could close down any that are spammed, now ALL of them seem to be receiving spam, I am getting 70-80 per day and I guess it will increase.

I have read the service status announcement and I really despair

I may as well change to another ISP and start again. It will hurt, but can't really be any worse than the saga of one cock up after another. I am really disgusted at this security breach.

I lead a very busy and stressed life and  absolutely don't have time to deal with all the problems PlusNet causes me. :x


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 15, 2007, 10:27:59 pm
Damage done - and now we're paying the price.

NO.NO.NO.NO.NO. What you really mean is that as per bl**dy usual, your customers are paying the price for your inability to run anything close to a tight ship or act in any way responsibly even when you KNOW there is a potential nightmare on the horizon for your customers.  As per usual the attitude stinks.  As per usual I have a certain amount of sympathy because I am not naive enough to believe that things don't sometimes go wrong no matter how much effort is put in avoid potential problems but as per usual, that sympathy will quickly evaporate when it no doubt becomes perfectly clear that no testing, QC or service monitoring was effectively put in place before/during/after changes were implemented.

Plus, what value is a password to a spammer anyway?  Even if they did manage to overlook any, it's highly unlikely (in my personal opinion) that they'll keep them. 

Oh right, of course, an account password is of no benefit to anyone at all which is why we all try to use secure and non-guessable ones then. I mean, it's not like someone could use them to log in to your account and make full use of your account without you necessarily being aware of it is it !  So no problems at all there then. No one would be in any way interested in account passwords and the potential for getting at more personal information or making relatively free use of the PN servers or generally being a right old PITA then.

All the following "quotes" are paraphrased from the current service.status announcement:

"We take your security seriously" Yeah right!, you just *know* whenever that old chestnut gets trotted out by absolutely anyone that it means a really big problem is a'coming.

"We became aware on 9th May"  Oh great, thanks for letting everyone know in a timely manner and thanks for keeping an eye on things immediately after that so you were able to spot the problems starting long before your customers did.

"as a result of the attack we are contacting"  And it took from 9th May until sometime today(ish) to start contacting customers who might be affected ?  Wow! I can tell PN are really taking things seriously and acting swiftly to control the potential damage then.

"A small number of customers" Oh, yes, of course, it's always a small number of customers isn't it.  It's just pure coincidence that more often than not I seem to be one of them.

"your email address may have existed in the Webmail database even if you had not used webmail" WTF is that all about !!!  I have always declined to make any serious use of any webmail system offered by PN for the very reason that it could well result in the kind of problem that has happened. Why could my addresses have been in the database and left me totally exposed to PN's gross stupidity ?  IF I have ever used some or all of my affected addresses to log in to webmail (not necessarily to actually send anything) it would most likely have been several years ago at least yet I am receiving a bucketload of [Censored] on virtually all my private and/or carefully distributed addresses that previously had none at all - including to 'postmaster@' and 'my_account_name@' which are both PN published address forms that I would never actually use myself.  What it sounds like to me is that ALL addresses that either have or could be used have been made available to this mystery third party so nothing is particularly 'safe' whether you have used webmail in anger or not.

So, exactly how long ago would you had to have used webmail in some limited way in order NOT to have had ALL your valid e-mail addresses harvested ?  If I had any confidence that using webmail right now wouldn't compound the problems I am having or about to have, I would log in to find out if/when I last used the system as per someone's comments about logging in 'advanced mode' earlier.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 15, 2007, 11:05:10 pm
"We became aware on 9th May"  Oh great, thanks for letting everyone know in a timely manner and thanks for keeping an eye on things immediately after that so you were able to spot the problems starting long before your customers did.

"We became aware on 9th May" needs clarification. It should be "We were told on 5th May but didn't take any notice until 9th May".


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 15, 2007, 11:11:50 pm
... your customers are paying the price for your inability

Quite. Some of us have to great lengths to set up e-mail that is spam free, and now all that is gone for good.

Was a known exploit of @Mail used to harvest the addresses?

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 15, 2007, 11:18:25 pm
Starting around 21:20 I've started seeing a new batch for Adobe photoshop - anyone else seeing this?

At least it's not the filth of last time!


Title: Re: Spam being recieved on Private e-mail addy
Post by: petervaughan on May 15, 2007, 11:24:32 pm
yep


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 15, 2007, 11:32:51 pm
Yup, I got that to everywhere around the same time and another batch of the more explicit stuff between 16:00 and 17:00.


Title: Re: Spam being received on Private e-mail addy
Post by: Penny on May 15, 2007, 11:44:08 pm
Starting around 21:20 I've started seeing a new batch for Adobe photoshop - anyone else seeing this?
yep

Likewise.

Variety of subject lines, but all those looked at have a link to
mnsoftch.com or mnsoftpa.com in the message body.

Regards,

Penny.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 12:07:43 am
Re Tam's suggestion of monitoring honeypots to identify IP addresses which should be blacklisted. I have identified 10 email addresses of the format xxx@<username>.plus.com which are being spammed which are no longer used by me. I have just created a new mailbox called honeypot on my account and aliases for all these addresses - if someone from plusnet wants to look in there to check for common factors feel free - I'll be letting the spam build up in there.

I also have some other addresses which I have been sending to the blackhole for a while, but I'm keeping them separate at present.


Title: Re: Spam being recieved on Private e-mail addy
Post by: br1anstorm on May 16, 2007, 12:32:43 am
Re Tam's suggestion of monitoring honeypots to identify IP addresses which should be blacklisted. I have identified 10 email addresses of the format xxx@<username>.plus.com which are being spammed which are no longer used by me. I have just created a new mailbox called honeypot on my account and aliases for all these addresses - if someone from plusnet wants to look in there to check for common factors feel free - I'll be letting the spam build up in there.

I also have some other addresses which I have been sending to the blackhole for a while, but I'm keeping them separate at present.

First post on this forum... I'm one of the many suffering the spam problem, and after spending time looking at and posting on the main PlusNet forum, I came over here in search of wisdom and advice on what we, the customers and victims, could do immediately to protect ourselves. (Now, incidentally, the PlusNet Member centre and forum and the whole portal seems to be closed for maintenance - or has it overloaded and crashed?).

Back to the point.  As a non-expert home-user-with-laptop, I'm looking for expert advice on how to limit the damage to my accounts and system.  Both Tam and Jelv1 seem to have some ideas on know what steps to take to fend off the spam.  Could they or someone give a step-by-step idiot's guide on how to - for example - set up honeypot, create aliases, and/or blackhole addresses.  I don't know what half these terms mean, but given the present dire circs, I'd really like to limit the damage in any way I can.

I had hoped that PlusNet tech people would put out such advice, but requests from me and others on the Members forum seem to have been ignored.  Any sensible advice would be appreciated...

br1anstorm


Title: Re: Spam being recieved on Private e-mail addy
Post by: Moggy on May 16, 2007, 12:40:37 am
I realise that we (F9 Lot) are the poor relations in this company but I thought I'd just say we are being targeted as well. Our thread has not been answered for a while and now the site is down for 'essential maintenance'. Does this mean that I will now need to change my e-mail address to something I have not used before and let everyone I know what the new one is? If so, time to move as I'm fed up to the teeth with all the bloody e-mail problems we have been having. I have been with F9 for 10 years through thick and thin, I'm no Techie, just an honest Joe who wants a reliable service. Looks like Sky may get a look in.

Moggy.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 12:44:04 am
The portal non-availability was planned and announced:

http://usertools.plus.net/status/archive/1179251610.htm


Title: Re: Spam being recieved on Private e-mail addy
Post by: Moggy on May 16, 2007, 12:54:53 am
Jelv1,
Oh, Thanks mate, trouble is I don't monitor the service status, and when I went to look 'No Portal access'.
And for 6 Hours, best go to sleep then.


Title: Re: Spam being recieved on Private e-mail addy
Post by: RogN on May 16, 2007, 01:06:35 am
"I had hoped that PlusNet tech people would put out such advice, but requests from me and others on the Members forum seem to have been ignored.  Any sensible advice would be appreciated..."

Try this
http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=3001934&page=0&view=expanded&sb=5&o=0&fpart=


Title: Re: Spam being recieved on Private e-mail addy
Post by: WilliamG on May 16, 2007, 03:31:43 am
Just to echo what some others have been saying, I've never used webmail yet I'm also receiving this spam - mostly to my postmaster account.

I get a bit lost with some of the technical aspects of this discussion, but if it's any help, I only have two (pop3) mailboxes.

One was set up at the beginning of 2003, and has been receiving the same spam that others have reported.
I've sent many thousands of emails on this particular mailbox to hundreds of different people over the last four years, yet this is the first time it's ever been attacked by spammers.

The second mailbox was set up at the beginning of 2006, and has not [yet] received any spam.
This address has been used to send messages no more than two or three times.

So I wonder - could this spam attack only be affecting mailboxes created after a certain date?


Title: Re: Spam being recieved on Private e-mail addy
Post by: poppy on May 16, 2007, 07:11:39 am
With reference to Br1anstorm, I am no expert but I have taken three precautions. Firstly, I did a thorough scan of my computer for viruses and spyware - my security software and patches are up to date and there wasn't a problem. Next,my e-mail address is not essential so I have deleted the mailbox and set up an account with gmail so I now don't need Plusnet/F9 for this service. Thirdly, I have changed the password to my account.  This necessitated changing the router settings too and as I had forgotten how to do it I had to telephone Linksys.  I don't want to change ISP because I have had good service in the past and trust that the staff are working flat out to deal with the problem. 


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 16, 2007, 07:30:13 am
Hi

Is it not possible for PlusNet to block all emails coming from know open relays?  This has stopped around 95% of all SPAM from this latest security breach in it's tracks for me, the other 5% is dropped immediately as I never use username@username.plus.com so have blocked that, of course I can only do this as I have my own SMTP server.

I think the addresses from the WebMail break-in don't have to be where you have used WebMail, but where someone else may have emailed you from there, perhaps PlusNet could clarify?

The last time I used WebMail was a good couple of years ago and the last time I would have received email from someone else using the system was also a couple of years ago, so why hasn't there been on going maintenance to clear out old data?


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 07:58:04 am
AFAIK it includes addresses which have received emails from webmail as well.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 08:01:15 am
Re Tam's suggestion of monitoring honeypots to identify IP addresses which should be blacklisted. I have identified 10 email addresses of the format xxx@<username>.plus.com which are being spammed which are no longer used by me. I have just created a new mailbox called honeypot on my account and aliases for all these addresses - if someone from plusnet wants to look in there to check for common factors feel free - I'll be letting the spam build up in there.

As a result of the spam received overnight that is now 12 email addresses which could be monitored. My honeypot has picked up 23 emails since I set it up around midnight.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 08:04:49 am
Is it not possible for PlusNet to block all emails coming from know open relays?  This has stopped around 95% of all SPAM from this latest security breach in it's tracks for me, the other 5% is dropped immediately as I never use username@username.plus.com so have blocked that, of course I can only do this as I have my own SMTP server.

Plusnet do use some blacklists to totally reject emails. However other blacklists are less reliable and should only be used as part of a scoring system - this is why the identified spam is marked and not deleted. For example relay.plus.net is sometimes blacklisted as a result of being reported.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 08:51:13 am
We have to receive emails to postmaster. I'm getting a number of spams on this now. Could something be put in place to block emails to postmaster@... from external to Plusnet?


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 16, 2007, 09:21:13 am
Now that is a really good idea.
Perhaps the same could be done for username@username


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 16, 2007, 09:26:01 am
We have to receive emails to postmaster. I'm getting a number of spams on this now. Could something be put in place to block emails to postmaster@... from external to Plusnet?
Now that is a really good idea.
Perhaps the same could be done for username@username

Problem with both the above is ..... you just know someone, somewhere, will use them as their proper e-mail address.

Either PlusNet will have to do an analysis of each users mailbox/history .. or... it would have to be done as an "opt-in" method.



Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 09:35:00 am
I like that too. There is room for another "Options" tab in Manage My Mail where we could choose to turn things like this on and off.

I'd like another item in there, Tagged spam delivery, with the following options:

  • Deliver to normal mailboxes (default)
  • Deliver to this mailbox (with a dropdown to select the mailbox)
  • Deliver to IMAP Spam folder
  • Do not deliver (automatically delete)


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 09:35:55 am
.. or... it would have to be done as an "opt-in" method.

I was already composing my Options suggestion when you posted!


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 16, 2007, 11:11:24 am
I like that too. There is room for another "Options" tab in Manage My Mail where we could choose to turn things like this on and off.

I'd like another item in there, Tagged spam delivery, with the following options:

  • Deliver to normal mailboxes (default)
  • Deliver to this mailbox (with a dropdown to select the mailbox)
  • Deliver to IMAP Spam folder
  • Do not deliver (automatically delete)

This has been running through my mind for while too! Brilliant set of spam tagging options those.

I also like the other idea of having postmaster@ and username@ being able to reject mail from outside PN/F9 etc.

Problem with having it user operated from the portal is that it will take development time which means it might not be available for a long time to come. We kind of need that option immediately. Could they have an opt-in time of a week or so, and add everyone who opts in to a script which would make the change to all requested accounts in one go. (this at least might save poor CS staff having to do it manually on loads of accounts). Even better would an automated system that could detect genuine email use of these and leave them out, but run the script as opt out for everyone else.



Title: Re: Spam being recieved on Private e-mail addy
Post by: WilliamG on May 16, 2007, 12:32:57 pm
We have to receive emails to postmaster. I'm getting a number of spams on this now. Could something be put in place to block emails to postmaster@... from external to Plusnet?

Well, I for one still have some important emails addressed to my postmaster account from non-plusnet sources.

Simply blocking them would cause more problems than it solves.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 12:35:11 pm
Which is why I suggested it should be an option that the user chose whether on not to switch on!


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 16, 2007, 12:49:14 pm
Oh come on Mr.PN, explain to me how e-mail addresses that most likely haven't been used in webmail have been harvested.  Simple question requiring a simple answer.  I'm still waiting - as no doubt are more than few other users.  And BTW, don't forget to add "holding data longer than necessary for the intended purpose", "holding data without explicit consent" and "holding data for no good reason whatsoever" to the list of breaches of the DPA :x  What a pity that ICO is such a toothless tiger that the worst that is likely to happen over this fiasco is a very light smacked botty and a plea not to do it again :(

I don't much care about postmaster@ or My_Account@ because these WILL be consigned to the deepest blackest hole I can find REGARDLESS of the apparent requirement to accept mail to postmaster@ etc. but I want to know precisely WHY other named addresses were able to be got at so easily.

If PN expect users to guarantee to accept mail to a certain address then they should have taken a bit more care with it and not released it to everyone and their dog for dubious use.  It is entirely PN's problem as to how they resolve the issue. If I am now forced to change ALL of my e-mail addresses of the form Real_Name@My_Account.plus.com to something else and if absolutely everyone I have ever contacted (both personal and business) in the last ten years is expected to live with that change then so can PN.  They will need to come  up with a new name@ that they wish to use for official PN communications and advise me accordingly before updating all their records etc.

PN: You are hereby advised that postmaster@ and My_Account@ WILL BE BLACKHOLED just as soon as I cease to be interested in monitoring the traffic on these particular addresses - addresses that I personally do not use and have no requirement for. If you formally advise me of a new name@ you wish to use in the future then I will CONSIDER whether I am prepared to accept e-mail on that address and let you know accordingly.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 12:51:37 pm
PN have said that every email they have checked has been found somewhere in webmail.

Have you PM'd ones you suspect (as requested) for checking?


Title: Re: Spam being recieved on Private e-mail addy
Post by: br1anstorm on May 16, 2007, 12:57:48 pm
"I had hoped that PlusNet tech people would put out such advice, but requests from me and others on the Members forum seem to have been ignored.  Any sensible advice would be appreciated..."

Try this
http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=plusnet&Number=3001934&page=0&view=expanded&sb=5&o=0&fpart=

This is just to say a public thankyou to RogN, and obliquely also to rsharma for his useful post on the linked forum.  Two people (and there are others...) who realise that giving practical advice to users on precautionary measures is just as important as investigating the original security breach.  I just wish the staff at PlusNet had grasped this point at the outset.

br1anstorm


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 16, 2007, 01:16:15 pm
PN have said that every email they have checked has been found somewhere in webmail.

Have you PM'd ones you suspect (as requested) for checking?

Not quite what they said:

Quote
It is possible that your email address may have existed in the Webmail database even if you had not used the Webmail service yourself.

but I do know what you mean and yes, I have supplied addresses I believe may not have ever been used and if they have, certainly not in recent years.  postmaster@ and My_Account@ obviously haven't ever been used (by me) at all yet it is perfectly clear that these have been got at.  I only have one (basically unused) mbox that isn't now getting spammed but I can absolutely 100% guarantee that has never been used in webmail in any way at any time.

I logged into my old F9 A/C webmail just out of curiosity and was informed that was my first login yet I am getting this recent stuff there also. If I were to login to my PN webmail then I expect it would also show that was my first login there as well - but primarily because webmail has been changed several times since I last might have used it of course.  I most certainly haven't ever used webmail regularly or in anger just maybe for a quicky looky see nothing much else.  I dislike webmail because I consider it potentially unsafe so always choose to use dialup via landline/mobile and access POP3 in the normal way wherever in the world I might be if I need to check mail.

I can only imagine that PN must have retained addresses used to login to webmail from donkey's years ago despite upgrading the webmail system several times since.  I am also well p*$$ed off that when I did look at my F9 webmail it helpfully quotes my full name (as registered with PN rather than as used as part of my e-mail address) as well as my default e-mail address for all those b*ggers who have potentially accessed it and might find it useful. 


Title: Re: Spam being recieved on Private e-mail addy
Post by: NB on May 16, 2007, 01:30:00 pm
I like that too. There is room for another "Options" tab in Manage My Mail where we could choose to turn things like this on and off.

I'd like another item in there, Tagged spam delivery, with the following options:

  • Deliver to normal mailboxes (default)
  • Deliver to this mailbox (with a dropdown to select the mailbox)
  • Deliver to IMAP Spam folder
  • Do not deliver (automatically delete)


Now if accounts had something like the cPanel admin feature my external hosting uses, this and more would be more than possible.  With it you can activate spam filtering and use whitelists/blacklists and also decide how you want to handle e-mail depending on it's probable spam score.  You can have spam marked and delivered, marked and sent to a different mailbox, or deleted.  There are two rankings so you can deal with e-mail that has a very high probability of being spam by deleting it and medium scored mails by sending to a mailbox for review later and low scored e-mail being delivered.

So there is no reason something similar can't be done at Plusnet.


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 16, 2007, 01:35:38 pm
mikeb

It doesn't have to have been you that used the Webmail system. A PN Customer Services rep replying to you from home might have sent you an email from the Webmail system, which would have put your address in the system, or another F9/PN customer could have done the same. If you think there have been (or are ongoing) further breaches of security beyond the known @Mail breach, then PN will want to know about this urgently.

Please PM your suspected addresses to Bob who will check them against their records, this is important for F9/PN to be able to reassure the customers and confirm they've cracked it. I have done this too as I have two addresses that I don't think have been in Webmail. I am waiting to hear back from Bob.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 16, 2007, 01:45:14 pm
I already have done but I suspect that the 'connection' with webmail is that I might well have logged into webmail years ago and although I almost certainly did nothing else except look around, those records have been retained as part of the current webmail database :(  I'm about as close as it's possible to get to 100% certain that I haven't received mail from another user via webmail because I don't actually know that many other users who could possibly have done so.  It must be PN retaining ye olde data that's the problem for me and that *really* p*$$es me right off !!

Edited to add: The other possibility is that mail from PN (i.e. ticket update advices, mbox creation advices and so on) may be classed as webmail activities  :|


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 02:04:12 pm
I think just poking around will have been enough :-(

Edit: Ticket responses etc. are not webmail. But if a support person sent you a normal email, that could be webmail.


Title: Re: Spam being recieved on Private e-mail addy
Post by: RonSlicker on May 16, 2007, 03:01:21 pm
http://www.spamcop.net/ works a treat for me! Separates the wheat from the chaff very effectively and reports the offender to the relevant abuse@.

Incidentally, someone earlier (jelv1?) was asking about spam containing a reference to Photoshop. Spamcop tracked this down as follows;;

221.217.39.152 not listed in dnsbl.njabl.org
221.217.39.152 not listed in dnsbl.njabl.org
221.217.39.152 not listed in cbl.abuseat.org
221.217.39.152 listed in dnsbl.sorbs.net ( 127.0.0.6 )

..  and reported to cnc-noc.net and sprint.net. (which is CHINA169 BBN CNCGROUP IP network¡ªChina169 Beijing Broadband Network).





Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 16, 2007, 03:33:15 pm
Because the spammers are using botnets, the emails are arriving from a variety of IP addresses. I'm not sure if it has determined how many different IPs are involved in each run.


Title: Re: Spam being recieved on Private e-mail addy
Post by: RonSlicker on May 16, 2007, 03:45:28 pm
Because the spammers are using botnets, the emails are arriving from a variety of IP addresses. I'm not sure if it has determined how many different IPs are involved in each run.

My note regarding spam containing references to Photoshop (previous to John's above), Spamcop shows that they have originated from at least five different sources. China, Romania, Poland, Mexico and Czeckoslovakia.


Title: Re: Spam being recieved on Private e-mail addy
Post by: simonflood on May 16, 2007, 05:07:25 pm
Well firstly thanks PlusNet for undoing the good work I'd done to not receive spam to my PlusNet e-mail addresses!

After the last e-mail fiasco (loss of e-mail) I bought myself a domain and set up e-mail aliases that then pointed at my PlusNet mailboxes.  Now I'm getting spam directly to my PlusNet mailboxes and via the aliases.  Oh and also to the postmaster mailbox.  Embarrassingly my Mother-in-law is also getting spam to all her mailboxes.

Anyway now I'm getting spam I thought I'd better turn the spam protection back on (I'd turned it off after getting deluged with non-spam messages tagged as spam after another "problem").  Trouble is the spam is still getting through.

Since PlusNet have revealed my addresses to the world I at least now expect their spam filter to stop the spam getting through to me.  Perhaps they've been compromised too?

Simon


Title: Re: Spam being recieved on Private e-mail addy
Post by: RonSlicker on May 16, 2007, 06:11:31 pm
Quote
Since PlusNet have revealed my addresses to the world I at least now expect their spam filter to stop the spam getting through to me.  Perhaps they've been compromised too?

Unless I've misunderstood the way it works, the spam checker doesn't function as a filter, just a tagging device so you can easily see what's probably spam.


Title: Re: Spam being recieved on Private e-mail addy
Post by: ccotterill on May 16, 2007, 06:14:54 pm
This is a copy of the email that we have just started sending to our entire customer base:


Username: <username>

Dear <realname>,

This email contains important information about a problem with our Webmail service which may have lead to your email address being exposed to a spammer.

If you are affected by this, you may have noticed an increase in the amount of spam received since Sunday 13th May. This includes spam to email addresses that were previously spam-free. This increase in spam is a result of a security issue on our Webmail service. You can read about this on the Service Status pages of the  PlusNet Usertools website (http://usertools.plus.net/status/archive/1179240249.htm).

I would like to make it clear that the Webmail platform is separate to the systems we use for storing personal information such as credit card numbers and none of this type of information has been exposed as a result of this issue. However, purely as a precaution we would advise you to change your account password by visiting the Member Centre then clicking Account Details then Change Password.
Please note if you change your account password this will need to be updated in your router or modem as well as your browser and email software.

I am extremely sorry that a malicious third party has managed to gain a list of email addresses from one of our Webmail servers. On behalf of PlusNet I would like to sincerely apologise to you for this security breach and the increase in offensive spam emails that may now be affecting your email address. We understand how annoying and upsetting spam email can be and we are treating this with the utmost seriousness. My team and I will continue to work round the clock to reduce the inconvenience caused to you by this problem as much as we can.

When we learned of the attack on our Webmail service, we identified the source of the vulnerability and implemented a fix as quickly as possible. However, following a full audit of our Webmail service we identified a number of additional security vulnerabilities that it has not been possible to patch. While these potential vulnerabilities have not been exploited, we are not prepared to compromise on customer security so we have removed our Webmail service.

We intend to replace our current Webmail system as quickly as we can, and this is one of the next priorities for my team at this time. In the mean time, if you use Webmail to check your PlusNet email from your own PC, you might find it more convenient to use an email program which runs on your PC instead. You can find information about setting up most popular email programs  here (http://www.plus.net/support/email/setup/email_setup_guide.shtml).

If you have been receiving spam email to any of your mailboxes, then you could also reduce this by taking some or all of the actions recommended  here (http://www.plus.net/support/security/spam/spam_problem.shtml).


This incident has highlighted the importance of keeping systems as secure as possible. It is important to ensure that you always have the latest operating system updates and patches installed. Windows users can obtain these by visiting Windows Update, which is linked to from the Tools menu of Internet Explorer. We always recommend the use of fully up-to-date third-party anti-virus, firewall and Internet security software, particularly for Microsoft Windows users.

Again, I would like to be clear that we fully recognise the impact this will have on our customers and indeed the internet community in general. All of us here are taking this week’s security breach extremely seriously and we are doing everything possible to resolve all outstanding issues. We will be publishing a full incident report and plan on what we intend to do next to our website before the weekend. This will explain exactly what has happened and how.

As you might imagine at this time, our Customer Support Team is extremely busy. I would be most grateful if, during the next few days, you could avoid contacting us unless you have an urgent issue that is not answered by any of the FAQs or elsewhere on our website. You can also find more details on our recorded information line 020 7517 8754 (please note that our Customer Support team are not available on this number).

Kind Regards,

Phil Webb
Networks Director
PlusNet

This email has been sent as it contains important information about your service from PlusNet. Please do not reply to this email, as this is an unmonitored address.

PlusNet plc
Registered Office: Internet House, 2 Tenter Street, Sheffield, S1 4BY
Registered in England no: 3279013


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 16, 2007, 06:52:41 pm
I just love the irony when you look at the list of Keywords used to describe Webmail on the PN help pages here (http://www.plus.net/support/email/setup/webmail.shtml).

Quote
Keywords: email | webmail | spam | problem
;)

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 16, 2007, 07:15:39 pm
Hi

Quote
This incident has highlighted the importance of keeping systems as secure as possible. It is important to ensure that you always have the latest operating system updates and patches installed. Windows users can obtain these by visiting Windows Update, which is linked to from the Tools menu of Internet Explorer. We always recommend the use of fully up-to-date third-party anti-virus, firewall and Internet security software, particularly for Microsoft Windows users.

It's a pitty PlusNet did not follow their own advice.

I don't like that paragraph added on to the end, it seems to imply that the customer themselves was somehow responsible for "This incident" due to not having an up to date system.  It could have been worded more honestly I think, such as, "You can help mitigate any future risks when our security is compromised by ensuring your system is fully up to date..."  This problem was not caused by the customer in anyway who would think they are perfectly safe using their own ISP's web pages and web mail, and indeed should have been. 

I also find it incredible that in a few days they have identified several more possible security issues on the WebMail platform but only thought to audit the system after a major leak of data.

PlusNet keep making these big mistakes, just when they start to get back on track and people forget about their last blunder they have another  :x  How ironic that only the day before this latest blunder someone asked me about helping them sort out a broadband connection and I heard myself say PlusNet as an option, well that isn't going to happen now.

Edit:  I think a major problem with PlusNet is this open source cheap as chips approach to their software with the @Mail software licence costing just £1500 for unlimited users! Priority support costs just $200 a year, so this software isn't really enterprise strength sort of stuff is it! http://atmail.com/selectmodules.php  (I've converted $ to £ approximately)




Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 16, 2007, 07:20:55 pm
I also find it incredible that in a few days they have identified several more possible security issues on the WebMail platform but only thought to audit the system after a major leak of data.

I am afraid people are human and mistakes are made, sometimes when you get shown a problem for the 1st time, it leads you to thinking of subtle variations on the same theme that could be exploited too.

Is the perl version of @Mail ineherently less reliable/secure then the newer PHP version? Who knows?

SW.


Title: Re: Spam being received on Private e-mail addy
Post by: scarymonkey on May 16, 2007, 07:23:41 pm
Re Tam's suggestion of monitoring honeypots to identify IP addresses which should be blacklisted. I have identified 10 email addresses of the format xxx@<username>.plus.com which are being spammed which are no longer used by me. I have just created a new mailbox called honeypot on my account and aliases for all these addresses - if someone from plusnet wants to look in there to check for common factors feel free - I'll be letting the spam build up in there.

I also have some other addresses which I have been sending to the blackhole for a while, but I'm keeping them separate at present.

I've added the 'honeypot' suggestion to PUGIT (as added by Jelv) as PUGIT Issue 305

Please vote if you would like this suggestion implementing


Title: Re: Spam being recieved on Private e-mail addy
Post by: wildmind on May 16, 2007, 07:25:12 pm
Personally I think a lot about this situation totally sucks....

1) The excuse that this is a legacy of underspending - yet how many times have people commented on this sort of thing to be told that the investment levels are OK
2) The total lack of security testing that seems to have gone on - after recent years and events you'd have thought they'd have been pro-active
3) The lack of disclosure as soon as the flaw was discovered - and the lack of pro-active action straight away.
4) The lack of information given in key forums - and the lack of answers to straightforward questions
5) Confusing information as to who would get what updates and emails - and why they would get them

On top of that - as a user - I find it hard to believe that the situation *will* be resolved and that PN will actually learn lessons from this.


Title: Re: Spam being recieved on Private e-mail addy
Post by: portmoak on May 16, 2007, 07:42:28 pm
On top of that - as a user - I find it hard to believe that the situation *will* be resolved and that PN will actually learn lessons from this.


How exactly do you think it will be 'resolved'?

As a result of Force9's technical incompetence my well-protected email address (to my own personal domain) has been compromised after several years of managing to keep it safe. This can never be undone. Force9 have at a stroke managed to defeat all of the measures I have taken to protect my family from this sort of obscene spam.

It rubs salt in to read a Force9 email missive which makes all sorts of recommendations about virus protection and the like - my own systems are a sight more well-protected than Force9's!


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 16, 2007, 08:29:15 pm
1) The excuse that this is a legacy of underspending - yet how many times have people commented on this sort of thing to be told that the investment levels are OK
2) The total lack of security testing that seems to have gone on - after recent years and events you'd have thought they'd have been pro-active
3) The lack of disclosure as soon as the flaw was discovered - and the lack of pro-active action straight away.
4) The lack of information given in key forums - and the lack of answers to straightforward questions
5) Confusing information as to who would get what updates and emails - and why they would get them

On top of that - as a user - I find it hard to believe that the situation *will* be resolved and that PN will actually learn lessons from this.

I agree on all counts although I would personally substitute "lack of any real testing whatsoever" rather than just singling out a "lack of security testing".  But the thing is the situation can't ever be 'resolved' can it.  PN couldn't even be bothered to shut the stable door whilst the d@mn horse was still in sight or be honest about it either !  I was away most of last week and even if I hadn't been, I wouldn't have read webmail service.status reports BUT where exactly is the mention of a security issue and possibility of a trojan ? VERY conspicuous by it's absence it would appear. Essential maintenance my @rse !! Essential - yes, maintenance - most certainly not.

Sure they can make all the 'right' noises.  Sure they can withdraw webmail and then reinstate something maybe bit more robust in the future. Sure they can promote the use of their SPAM tools (which  I personally wouldn't touch with someone else's barge pole !) and sure they can rant on about keeping systems up-to-date and using anti-virus tools (which is more than a bit bl**dy cheeky considering exactly WHO it was that managed to get infected isn't it !) but it has to be close to 100% certain that all affected e-mail addresses are going to get totally trashed. To all intents and purposes that problem cannot be resolved satisfactorily :(

Just how many major c*ck-ups that seriously affect customers does it take before PN look up and fully understand the concept of reviews, testing and monitoring etc. ?  It is almost beyond belief that they managed to 'find' more vulnerabilities in the atmail product AFTER the event - especially when there are several published references to certain known vulnerabilities going back some time.

I would also be very interested to know EXACTLY which version of atmail was being used in anger at the time(s) of the various incidents.  I wouldn't mind betting that that could be a rather embarrassing confession as well :roll:

~10 years totally spam-free e-mail down the drain due to PN incompetence :x AND, I have to say, not a dissimilar scenario to what happened with my old F9 account.  Although no proof that it was a PN issue that resulted in addresses suddenly getting spammed to death after some years of no problems but highly suspicious at the time - and more so now.


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 16, 2007, 09:18:56 pm
Hi

Quote
As a result of Force9's technical incompetence my well-protected email address (to my own personal domain) has been compromised after several years of managing to keep it safe. This can never be undone. Force9 have at a stroke managed to defeat all of the measures I have taken to protect my family from this sort of obscene spam.

One method perhaps would be for PlusNet to introduce a new domain name, i.e. something@username.plus.co.uk that we can then start using and at some point choose to ditch any email to ...plus.com. 

Although this isn't a fool proof solution as if the list is being sold at a premium (as they are known to be valid email addresses) then to keep that premium they could just change the domain in the list and carry on selling it.

PlusNet could allow us to change our usernames so we get a different email address that wouldn't be possible to bulk change in the list as we would all decide differently what to pick however that means losing myname.plus.com to become my_name.plus.com or myname1.plus.com which isn't ideal.



Title: Re: Spam being recieved on Private e-mail addy
Post by: OldDave on May 16, 2007, 10:07:21 pm
I'm confused I got the Plusnet E-Mail about the security breach (saying I must be more careful to avoid spam!!) sent to my "MyName1@username.plus.com"
I haven't rec'd any spam to this address.
The addresses i have rec'd spam on are "MyName2@username.plus.com" and "username@username.plus.com"

Can someone enlighten will all my "AnythingI've set@username.plus.com be spammed"?


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 16, 2007, 10:08:24 pm
PUGIT item http://usergroup.plus.net/pugit/view.php?id=201 indicates PN could have been looking at or making just thinking about changing Webmail this year. Guess this plan just got accelerated.  :-o

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 16, 2007, 11:16:13 pm
I'm confused I got the Plusnet E-Mail about the security breach (saying I must be more careful to avoid spam!!) sent to my "MyName1@username.plus.com"
I haven't rec'd any spam to this address.
The addresses i have rec'd spam on are "MyName2@username.plus.com" and "username@username.plus.com"

Can someone enlighten will all my "AnythingI've set@username.plus.com be spammed"?

Only PN can really answer that as far as the names@ addresses that you're already using are concerned because only they know (or at least they hopefully do by now) exactly what data was obtained and from where. I would suggest that it's reasonably possible if you haven't already had spam to particular names@ addresses so far then those addresses weren't actually got at.

However, whilst only certain names@ are getting the stuff at the moment, I would also suggest that it's only a matter of time before the Random_Chars@ and Good_Guess@ prefixes are used in any case.  So loads and loads of luverly spam coming to a catch-all mbox near you real soon no matter what. yum.yum.yum :(

And then the fun really begins when the [Censored] start using your address as the 'from' address when sending out their [Censored] so you can expect to get lots of bounced messages from all over the place as well. Oh yeah, and the potential of getting your addresses or domain black-listed into the bargain. Isn't this all good fun ? :(

Thank you PN, can I have another ?  Grrrrrrrrrrr.

I wonder if Mr.PN would like to confirm (or deny if applicable) that this fiasco is just about exactly the same scenario as what happened with the Whatever@My_Account.force9.net addreses several years ago and is perhaps what prompted the 'enforced' change to using the force9.co.uk form at the time ?   Real funny how all my force9.net form addresses started getting spammed silly not that long after the change ... just like all my old force9.co.uk addresses are now in addition to my current PN addresses.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 17, 2007, 03:00:21 am
I would also be very interested to know EXACTLY which version of atmail was being used in anger at the time(s) of the various incidents.  I wouldn't mind betting that that could be a rather embarrassing confession as well :roll:

Well, I guess PN don't want to answer that but it would appear that someone else does ... and Quelle Surprise, the answer (allegedly) is:

Quote
As the vendor of @Mail we'd like to give our feedback

* Plusnet had been using an older unpatched version of @Mail, based on the 4.X branch of the software. Their install was over a 12 months old, and was not kept updated with our latest versions

* @Mail has not been identified as the security breach for their database, this is to be confirmed. We are not aware of any bugs that do so.

* Our company takes security seriously and regularly updates the software, and are working with Plusnet to have their systems running the latest version of @Mail.


Now, I obviously can't be in any way certain that the above quote which was taken from here (http://www.theregister.co.uk/2007/05/16/plusnet_webmail_shut/comments/) is 100% correct and factual in all respects but I'm quite certain that PN will swiftly deny it if this is indeed malicious gossip rather than something rather more than a bit close to the truth ;)

Now what was all that I read in the e-mail about "... the importance of keeping systems as secure as possible. It is important to ensure that you always have the latest operating system updates and patches installed. ..."  :roll:


Title: Re: Spam being recieved on Private e-mail addy
Post by: dan on May 17, 2007, 08:41:25 am
Quote
As the vendor of @Mail we'd like to give our feedback

* Plusnet had been using an older unpatched version of @Mail, based on the 4.X branch of the software. Their install was over a 12 months old, and was not kept updated with our latest versions

* @Mail has not been identified as the security breach for their database, this is to be confirmed. We are not aware of any bugs that do so.

* Our company takes security seriously and regularly updates the software, and are working with Plusnet to have their systems running the latest version of @Mail.



As Software Manager in PlusNet, I can assure you that what is stated here is not true.  However, while a full investigation is being undertaken I really can't release much more information at this stage.  As promised by my colleagues earlier, however, a full incident report will be released shortly.

As much as it will (understandably) be difficult for many of you to even want to understand, PlusNet really do appreciate the scale of this incident and have been working around the clock since the it first came to light last week.   My team, the Networks department and others around the business have literally been working all hours of the day including last weekend since this event occurred.  We have implemented a shift system so that people are working around the clock, ensuring that we are as secure as possible, as well as trying to release a functional and secure webmail solution in as timely a way as possible given the circumstances.

I again apologise personally and on behalf of PlusNet for the disruption this is causing.

Dan Kirkland
Software Platform Manager



Title: Re: Spam being recieved on Private e-mail addy
Post by: neilarmstrong on May 17, 2007, 08:55:55 am
Guys,

We are not going to be able to respond fully to this at present for two reasons.

1) We have reason to believe that the post on El Reg is not actually a genuine post from Calacode as we have not got hold of their PR department and it would be an unusual place for a company to post a rebuttal of this sort.

2) We have proof that someone has been spoofing my email address and contacting Calacode claiming to be me in order to get information. So it's just as likely that someone is pretending to be Calacode.

As Dan has said there are factual inaccuracies in what has been posted and we will respond to those in due course.


Title: Re: Spam being recieved on Private e-mail addy
Post by: dan on May 17, 2007, 08:59:46 am
Hi


In my experience this sort of restriction is normally because the passwords are stored in the  database using a very week scrambling method, i.e. ASCII code shifted, which causes problems when you try and use higher ASCII codes that have no where to be shifted to, hence the use of only a-z and 0-9.

Passwords should be stored using a one way hash so they can't be reversed to reveal the password, this means should the database be compromised the passwords retrieved can not be used to log into the system.

Please tell us PlusNet that you are not using some weak ASCII shifting method of storing passwords in 2007?

Having to start a password with a letter, and with it having to be 5 to 8 characters long makes a dictionary attack easier and as you are not forced to use a number most people will not, so it wouldn't take an impossible amount of time to cycle through the possible combinations of words that are 5 to 8 letters long.  Very insecure and with these basics not even right, it isn't surprising that there are these security problems.  :|

Edit: I see this has already been flagged in the puggit item.



The current limitation on characters is due to legacy systems rather than any particular method of encryption.  This limitation is being worked on but is in fact a fairly significant piece of work, which we have already started.  We hope that this will be resolved in the next few weeks but we're currently looking at the full impact of changing the systems.  Once we understand the impact we'll be able to give details of the release date.

Kind regards,

Dan Kirkland
Software Platform Manager


Title: Re: Spam being recieved on Private e-mail addy
Post by: wildmind on May 17, 2007, 09:51:42 am
Dan,

What really gets my goat on this is that we have been asking for this for at least 4 years or so and been told that there was no risk, the platforms were secure, the password policies were too complex to change, that security was safe....

Now you've got a major security issue and in the middle of dealing with that you are having to deal with all the development involved with this as well - crap planning. If people had listed to the users years ago instead of coming up with platitudes and bs (which we could see through anyway!) you would have more time to spend on securing the platform itself rather than the other areas of the network that should have been nice and secure!


Title: Re: Spam being recieved on Private e-mail addy
Post by: portmoak on May 17, 2007, 12:02:13 pm
As much as it will (understandably) be difficult for many of you to even want to understand...

I think this kind of unpleasant dig at the people who pay your wages is far from justified. Do you have some evidence that we don't want to understand the problems and PN's attitude? Lets' be clear here about who is blameworthy and who is blameless.

PlusNet really do appreciate the scale of this incident and have been working around the clock since the it first came to light last week.

Do you?
Because I host my own personal, private domain with F9 it has been compromised. There's no way to undo this. Even leaving Force9 won't help now. You wouldn't have to be working round the clock (and I'm reminded here of the so-called working round the clock in the last email disaster) if you'd paid the least attention to the many professional customers who have pointed out time and again that PN's testing and security methodologies are primitive.

I again apologise personally and on behalf of PlusNet for the disruption this is causing.

Fine, and thank you for that.
It would be even better if you would at leat realise that PN do not have the world's best engineers and suggestions made in this forum and elsewhere are frequently from lifetime professionals with more expertise than you have.


Title: Re: Spam being recieved on Private e-mail addy
Post by: rascom on May 17, 2007, 12:12:13 pm
With so many responses, its getting difficult to see whats been said and what hasn't.  For us this represents a massive problem as we have customers who we have bought across to PlusNet who are now calling us cause they're getting loads of spam and are now being recommended to change all of their passwords.

Someone has really foo'ed us up on this and I cannot see we are ever going to recover as once the known email addresses are out in the spammers domains, we will always be getting this junk.  Changing PN's domain names isn't an option as many of our customers use domain names hosted by PlusNet - changing email addresses isn't a realistic option either.

For info - it's not just webmail accounts.  We have Fax2Email setup on our account and have now started receiving spam on that.  We've never (what would the need be?) sent an email to that address using webmail or any other service, it is solely set up in one place on PlusNet's systems to divert incoming faxes to the specific address.

Thanks a lot PN.  Just when things were looking up.


Title: Re: Spam being recieved on Private e-mail addy
Post by: simonflood on May 17, 2007, 12:20:49 pm
One method perhaps would be for PlusNet to introduce a new domain name, i.e. something@username.plus.co.uk that we can then start using and at some point choose to ditch any email to ...plus.com. 

Although this isn't a fool proof solution as if the list is being sold at a premium (as they are known to be valid email addresses) then to keep that premium they could just change the domain in the list and carry on selling it.

PlusNet could allow us to change our usernames so we get a different email address that wouldn't be possible to bulk change in the list as we would all decide differently what to pick however that means losing myname.plus.com to become my_name.plus.com or myname1.plus.com which isn't ideal.

The above is all very well and good if we are only dealing with people who solely use PlusNet's e-mail account (heaven forbid!) for their e-mail.

It doesn't address those, like myself, who have an external domain (which may or not be hosted with PlusNet) to handle their e-mail that behinds the scenes forwards to a PlusNet account.

It also doesn't address the damage caused to family, friends, colleagues, or indeed anyone else who has ever been sent e-mail via the Webmail platform.

This fiasco is not just about damage done to PlusNet's e-mail accounts.  This is much MUCH bigger.

Simon


Title: Re: Spam being recieved on Private e-mail addy
Post by: pjmarsh on May 17, 2007, 12:21:30 pm
As much as it will (understandably) be difficult for many of you to even want to understand...
I think this kind of unpleasant dig at the people who pay your wages is far from justified. Do you have some evidence that we don't want to understand the problems and PN's attitude? Lets' be clear here about who is blameworthy and who is blameless.
I've set up many accounts for people who just want to be able to surf the internet, check email etc... and don't have the slightest interest in how any of it works, or why things have broken.  That's what they have me for.  I'd take Dan's comment you quoted above as just an acknowledgement of those people, and a reassurance that things are being worked on.

Some people, such as myself, would love to have every little detail of everything that is going on, no matter how technical, but I know in situations like this it is not possible, and in many other situations not practical.

Phil


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 17, 2007, 12:47:29 pm

This fiasco is not just about damage done to PlusNet's e-mail accounts.  This is much MUCH bigger.


Simon,

I am in the same situation, I did the same things as you that you mention in an earlier post in this thread as a result of the previous 'e-mail problem'.

Now our time, effort and money is wasted. See my sig below ...

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 17, 2007, 01:01:29 pm
As Software Manager in PlusNet, I can assure you that what is stated here is not true.  However, while a full investigation is being undertaken I really can't release much more information at this stage.

1) We have reason to believe that the post on El Reg is not actually a genuine post from Calacode ...

OK, that's fair enough and I do understand that not much can be said to back this up as it could prejudice ongoing investigations.  But if a report is published where PN apparently point the finger of blame at a third party supplier then it is not exactly surprising that the third party is going to respond to that in some way in order to limit any possible damage to themselves.  However, I am obviously aware that The Reg are often rather fond of adding their own interpretation and/or spin to any 'official' comments used as a basis for an article, of course, so what you read in the article may not be exactly what was actually said or quotes kept in context etc.

If the remarks allegedly made by Calacode are indeed factually incorrect or simply unfounded malicious gossip then perhaps PN should at least make some form of official statement to that effect via The Reg sooner rather than later to avoid things getting any more out of hand than they already are.

This whole sorry saga is beginning to look very much more like a Mr.Disgruntled being a total PITA rather than truly Mr.Spammer isn't it ?


Title: Re: Spam being recieved on Private e-mail addy
Post by: Peak1 on May 17, 2007, 01:18:56 pm
It has to be remembered that the Calacode "quote" on El Reg is in the form of a comment from a user called Calacode. This can easily be faked.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 17, 2007, 01:21:41 pm
Hang on, would a reputable news site like El Reg let a faked comment like that remain on it's site? :roll:


Title: Re: Spam being recieved on Private e-mail addy
Post by: Daved on May 17, 2007, 01:44:15 pm
I left plusnet 6 months ago and don't use webmail. To my knowledge (very careful about this) I do not have my private hosted domain name (hosted with another provider) in ANY address book on plusnet webmail. I have never used a redirect (not even sure how to do one). I suspect that the only place this email address which is listed as my contact address is within my account details. I am receiving this spam through my new provider.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 17, 2007, 02:00:46 pm
Has any other Plusnet user ever in the last two or three years sent you an email to the address that is now being spammed? If that was using webmail you will be affected.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 17, 2007, 02:13:05 pm
Hang on, would a reputable news site like El Reg let a faked comment like that remain on it's site? :roll:

Of course it would unless it knew that it was potentially a faked response which is why I suggested that PN contact The Reg to advise them - if it truly is a fake and/or malicious unfounded comment of course.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Daved on May 17, 2007, 02:19:32 pm
Has any other Plusnet user ever in the last two or three years sent you an email to the address that is now being spammed? If that was using webmail you will be affected.
Fairly sure that was not the case, unless plusnet has. Is there any way to tell from headers?


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 17, 2007, 07:32:08 pm
Evening guys,

I've just published an FAQ on this incident right here : http://usergroup.plus.net/forum/index.php/topic,4787.0.html


Title: Re: Spam being recieved on Private e-mail addy
Post by: wildmind on May 17, 2007, 08:09:37 pm
Nice glossing over of the fact that you were aware of the breach BEFORE the customer reports came in and yet didn't notify customers or take action at that point  :x


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 17, 2007, 09:34:02 pm
Hmmmm, nice FAQ and thanks for posting but I don't see anything particularly new in there.

However, quoted from the most recent service.status report:

Quote
What this is means for now is that less email is being accepted onto our platform and email meeting the following criteria is being rejected.

- Email that is detected as spam by our 'ClamSpam' filter (one of the detection solutions we use)

- Originating IP address of the sender is blacklisted on an RBL (list of known spammers).  For more information on this method of blocking spam, see here: http://en.wikipedia.org/wiki/DNSBL  This particular method of spam blocking has always been implemented on our incoming mail platform.

I've been meaning to make enquiries about the recent changes to mxlast regarding spam detection but haven't quite got around to it !  I realise that now is probably not the best of times to ask but as it's going to be implemented across the board, I'm going to ask anyway.

I have a major dislike of any spam filtering done 'behind my back' where I do not have any control over what's happening and may not even know that it's happening.  So many other ISPs and webmail providers frequently remove what they think is spam but in reality, chopped ham and pork hasn't been within several hundred yards of the messages !

A classic recent example concerns hotmail and others who decided in their 'wisdom' that the Booking Confirmation e-mails for Glastonbury Festival tickets purchased from a very reputable Ticket Agency were automatically classified as spam and silently deleted on receipt REGARDLESS of the users specific account settings and obviously without their knowledge.  It caused way more than a bit of chaos to say the least as many 1000's if not tens of 1000's of people failed to get confirmations and other very important communications from the Agency !

For almost 10 years up until now, I had been completely spam-free on all my used accounts. I had no need for spam filtering and therefore have none implemented despite easily having the ability to do so.  I have Mailwasher Pro on all my machines which I often use to have a quicky look at what's on the PN (and various other) servers as well as using Agent news/mail reader on all machines to DL messages from all over the place as/when required.  Both of these applications have way more than enough facilities to filter spam by various methods including Bayesian techniques should it be necessary although these facilities have always been disabled to date. Having a 'catch all' is very important to me and I do not generally use mboxes but DL everything and filter/sort/distribute locally.

Whilst the spam issue is a right PITA to say the least, it hasn't as yet reached the level where my harvested addresses are totally swamped or Random_Chars@ or Good_Guess@ prefixes are being used. It's only a matter of time before that changes of course IMHO.  Although I appreciate that PN are trying to reduce the impact on customers (and the servers of course) by detecting spam on receipt, like I say, I strongly dislike detection/deletion going on behind my back and completely outside of my control.

I don't even have the optional spam tagging switched on and don't intend to do so anytime soon either.  If spam detection becomes absolutely necessary in the short term then it is something that I will implement myself so that it is totally under my control. If/when the spam problem gets completely out of hand then it's going to be a very appropriate time to move on - simple as that.  If I'm forced into changing e-mail addresses and/or usernames that have been in constant and regular (personal and business) use for ~10 years because of this security breach then I might just as well change them to something that doesn't have plus.com at the end.

So, what exactly is this ClamSpam filtering, what does it do and how does it do it ? And more to the point, how can I be 100% certain that I am not EVER going to have e-mail deleted on receipt or delivery refused just because someone else thinks that it might be spam when in  reality it is a genuine and wanted message ?  I get the impression that both of these systems blackhole rather than 'tag' anything considered as spam which I'm most certainly not liking the sound of. I note that the volume of general spam received on my original F9 A/C addresses has decreased quite significantly over the last few days and I therefore suspect that this is due to these changes and perhaps also because the thresholds have been tweaked to reject more potential spam.  Deleting spam at source is a very good thing of course but only providing that the system is 100% guaranteed not to get it even slightly wrong ... and thereby hangs my problem unfortunately.  I'm very sorry but to be brutally honest, there is no way that I really trust PN to decide what e-mail is and is not delivered to me. 



Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 17, 2007, 09:42:48 pm
There is a simple solution - run your own mail server and switch to SMTP mail delivery. That way you have full control.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 17, 2007, 09:59:51 pm

I strongly agree with mikeb, now if somebody suffers a financial loss because of this it would be interesting to see what happens.

If the system is put into place that [-SPAM-] can go to a folder or specific mailbox, there is no need for this extra step with mxcore now deleting messages silently.

jelv - setting up an smtp server is not trivial and also I do not have the space for the machine or electric sockets available. :(

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 17, 2007, 10:23:12 pm
Remember that even before the change was made to the mxlast servers, Plusnet were dropping large volumes of spam from known bad sources and have been for a considerable time.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Tam on May 17, 2007, 10:49:59 pm
From a PN point of view they are doing it for the majority, sure some wont like it, but thats up to them. If you want to run your mail spam scanning differently than how PN is doing it, move your domains to a hosting provider that offers what you want.

Thats what i did, and i'm happy (ish) as to how it now is.


Title: Re: Spam being recieved on Private e-mail addy
Post by: JohnDavis on May 17, 2007, 11:11:18 pm
Whilst I am happy that spam clearly identified as being sourced from known spammers can be deleted, I would agree with mikeb in being strongly opposed to any filtering that could possibly result in any genuine emails being deleted. 


Title: Re: Spam being recieved on Private e-mail addy
Post by: channel on May 18, 2007, 12:06:21 am
One question which should be added to the FAQ is:

Q Is there a chance that the content of my emails has been obtained by the third party hacker?



Title: Re: Spam being recieved on Private e-mail addy
Post by: NB on May 18, 2007, 12:27:33 am
That's my guess. :x

So any confirmation e-mails you received when joining things like these forums which included usernames & passwords could have been harvested.  It would be just as easy to scan for the words username or password in an e-mail stored on the server as to scan for mail addresses within those e-mails.

Personally I've assumed all correspondence sent by e-mail has been read and made changes accordingly.  But I await Plusnets response to that particular question with anticipation.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 18, 2007, 12:38:24 am
Re: own mailserver - yup, of course I agree totally and it's something I've sort of looked at more than a few times in the past although not that seriously. Not absolutely sure that I want to experience the hassle factor in doing it mind you as I'm quite sure that it's nowhere near as simple as it sounds !  Also perhaps seriously limits choice if it ultimately becomes necessary to move on so could be a whole bunch of problems for no real benefit long-term.

TBH, I know spam checking was apparently added to mxlast recently(ish) and had apparently always been on the main platform but I'm still not sure to what extent.  For instance, some (maybe most) of the recent very explicit spam did in fact have an 'x-open-relay' field added (presumably by PN as I don't think it was me) but it was still delivered rather than blackholed.  From the comments made in the service.status report, surely these messages should have been deleted shouldn't they ?  So why did they get delivered ? What went wrong there ?

I also kinda agree with the comments along the lines of "if you don't like what PN are doing for the masses then go elsewhere and get what you want" of course but my point is that I don't actually know what PN are doing or what they are intending to do in order to make a judgment on whether it's perfectly sensible and just fine or otherwise !  All they have given is some fancy sounding name without any details of what it's all about.  I fully understand checking against blacklists but even that's not in any way foolproof is it ?  How many times do read on here and elsewhere that PN relay servers have been blacklisted by someone somewhere and as a consequence virtually all e-mail from PN to a specific ISP or domain is being dumped ?

What concerns me (and yeah, I know it sounds stupid) is that I've seen a significant decrease in spam over the last few days and none of that really explicit stuff recently either. Now it could just be coincidence or the calm before the storm of course but I'm thinking that it's because of the changes PN are implementing - meaning that more potential spam is now being deleted on receipt. Like I say, just fine if whatever the system is happens to be 100% accurate but then again what system is ever 100% accurate !  When there is a vested interest in reducing spam to an absolute minimum before routing to customers, there just has to be an increased risk of genuine stuff getting clobbered IMHO.  I'd like to somehow try and assess that risk.

So Mr.PN, is it possible to provide more details on exactly what is being done without the risk of providing Mr.Spammer with some helpful advice on how to circumvent the system ?


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 18, 2007, 07:31:38 am
Hi

Quote
Re: own mailserver - yup, of course I agree totally and it's something I've sort of looked at more than a few times in the past although not that seriously. Not absolutely sure that I want to experience the hassle factor in doing it mind you as I'm quite sure that it's nowhere near as simple as it sounds !

I switched to my own SMTP several years back and have none of the ups and downs of the PlusNet email system, it is pretty easy and free software is available, I use Mercury32 which has never crashed or caused any problem.  My email to username.plus.com comes to my own server (as well as my own domain name) however 98% of the email to me from this incident was blocked by Mercury32 open relay check, and I was able to add a rule to drop all mail sent to username@username.plus.com immediately, it just cuts them dead without accepting any data or using any of your bandwidth, makes me feel better! 

There are some drawbacks, with this software it is not easy to virus scan, but I have since built my own service that integrates with Mercury32 and scans emails and also does a look up on any URLs in the email to also identify SPAM.  There is another email server called hMail (http://www.hmailserver.com/) which is open source and free and probably easier to setup, Mercury32 can be found here http://www.pmail.com/



Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 18, 2007, 07:47:47 am
That's my guess. :x

So any confirmation e-mails you received when joining things like these forums which included usernames & passwords could have been harvested.  It would be just as easy to scan for the words username or password in an e-mail stored on the server as to scan for mail addresses within those e-mails.

Personally I've assumed all correspondence sent by e-mail has been read and made changes accordingly.  But I await Plusnets response to that particular question with anticipation.

Somewhere in one of the 4 parts of the long threads on the Plusnet portal forums I've seen a post from one of the comms team (I think it was Mand) confirming that this has not happened. It was a webmail server that was compromised, the mail storage servers were not compromised.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 18, 2007, 08:05:18 am
How many times do read on here and elsewhere that PN relay servers have been blacklisted by someone somewhere and as a consequence virtually all e-mail from PN to a specific ISP or domain is being dumped ?

The thing to remember is there are many different types of blacklist.

Some contain proven spammers, for example things like open relays which have actually sent spam to a honeypot run by one of the listing organisations. I.e. 110% certain that they are a source of spam and nothing real comes from them. This you might call the black blacklists. Plusnet does not accept emails from these and has not for many, many months (years?).

At the other end of the scale some blacklists contain lists of servers which have been reported as being a source of spam (often not confirmed). These blacklists should not be used as hard list but should be used as part of a scoring system (indeed some of the organisations recommend this is how they are used). You could call these grey blacklists. These are the lists that Plusnet's relay servers often pop up in. Unfortunately some peoples mail systems treat these lists as black blacklists and reject the mail out of hand. Plusnet use these as part of the scoring system which results in our mail being tagged.

AIUI, the change Plusnet have made is to treat more of the blacklists at the blacker end of the scale as outright rejections because monitoring has proven that no genuine mail has come from servers on this list.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 18, 2007, 08:11:36 am
This you might call the black blacklists. Plusnet does not accept emails from these and has not for many, many months (years?).


The use of the 'black blacklists' is OK by me, and a vast majority of the SPAM does come via open relays so has this change to mxcore only increased the use of the RBL's? Does ClamSpam do more than using RBL information?

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 18, 2007, 08:23:01 am
Another batch of spam overnight - seems it may still be coming in - and it is now apparent that yesterdays changes have not stopped them.

Sitting in the honeypot mailbox I've created with aliases for all the different long since dead addresses that are now being spammed are four spam emails from the same IP. What I can't tell is how many other Plusnet users have received spam from the same IP.

Tam's honeypot/blacklist suggestion would have blocked all of these after the first one sent to a monitored address.

Think about it. A big list of Plusnet addresses has been obtained, this has been added to a list of emails to be spammed. The list will be cut in to chunks and given to many different botnets to spew out. Unless the spammer has sorted/randomised the list, one botnet PC will probably get a chunk of Plusnet addresses. The honeypots may not catch all the botnet PCs, but every one detected could mean hundreds if not thousands of Plusnet addresses protected from that spam.

This is working exactly like some of the blacklist organisations with the beauty that it is targeted on botnet PCs that are spamming addresses in the stolen list. If anyone submits an email address for inclusion in the honeypot list, Plusnet could verify that it was in the stolen list before adding it.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 18, 2007, 09:06:38 am

I only got 2 into an address that is long since defunct, and are known as coming through an open relay. The email header contained x-open-relay: 58.142.232.81 is in a black list at bl.spamcop.net

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 18, 2007, 09:26:10 am
If the system is put into place that [-SPAM-] can go to a folder or specific mailbox, there is no need for this extra step with mxcore now deleting messages silently.

That was the plan.  Having said that, feedback so far has actually been very positive.  I expect we will revisit this next week and make a decision then.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 18, 2007, 10:38:41 am
... feedback so far has actually been very positive.  I expect we will revisit this next week and make a decision then.

Well Yes, people are always going to be thankful for something that 'means I have to download fewer messages tagged with [-SPAM-]" however are those people aware 'the mxcore could be rejecting/deleting a message they really wanted'? I'd say not many people are too aware of the possible implications.

If Tagged Spam can go to a different folder/mailbox while keeping the mxcore, clamspam and despam usage the same would be best.

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Daved on May 18, 2007, 12:22:56 pm
To quote Jelv
Somewhere in one of the 4 parts of the long threads on the Plusnet portal forums I've seen a post from one of the comms team (I think it was Mand) confirming that this has not happened. It was a webmail server that was compromised, the mail storage servers were not compromised.

-----
You may also have noticed that the questions I asked for clarification:-

You are 100% sure, that those that were not logged into webmail at the time of the breach do not need to change passwords outside of plusnets services?
 
 Also you are 100% sure there is no possibility of access to any other information such as account details such as address and telephone numbers?
 
 You are 100% sure that no credit card details were available to the hackers?
 
 Yes would be an appropriate answer to all three questions.
 Can we have those assurance stated this simply?

They have finally realised that as I left plusnet some months ago and am only on the free dialup account they can deny me access to the forum. The assurances above will therefore not be answered except in the roundabout way of 'probably' and we are 'confident'.

The number of spam emails has decreased to two today on my personal domain address (not hosted with plusnet) so don't count your chickens as this must be a slowing down on the spammers part and not on the security measures put in place by plusnet.

One of the many reasons I left plusnet was the going astray of emails sent to me, rated as black listed. I can't see why anyone could be heralding losing more genuine emails which could be vital to a business by going down this route again.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 18, 2007, 01:25:40 pm
If the system is put into place that [-SPAM-] can go to a folder or specific mailbox, there is no need for this extra step with mxcore now deleting messages silently.

That was the plan.  Having said that, feedback so far has actually been very positive.  I expect we will revisit this next week and make a decision then.

Yeah, well no surprises there esp as they don't necessarily know or understand what might be going on and PN aren't really saying either !  All they are seeing is little or none of the explicit spam (which is a good thing) but are blissfully unaware that there might be implications of other mail going missing either now or at some point in the future.

What I simply don't want to end up with here is PN tweaking the system to reject more and more spam so that on the surface it looks as though there really isn't any significant problem following the breach - but with a side effect of "a very small number of customers might possibly get a very small amount of genuine mail rejected" to quote the sort of wording one could reasonably expect to see in a PN service.status announcement ! Whilst PN might well consider that to be an acceptable situation I don't.  I do appreciate efforts being made to reduce the impact of spam in general but not if it errs on the side of over enthusiastic or erroneous deletion.

What often seems to happen with other ISPs who appear to be doing this kind of detection (simply to protect their servers by reducing volume rather than anything else) is that genuine mail IS deleted or bounced and other related problems DO occur.  For instance, a colleague is subscribed to various yahoo and similar groups and receives individual e-mails from these.  Every time some @rse spams the group(s) with iffy looking or sounding messages, the ISP bounces them as 'content rejected' or suchlike which results in yahoo stopping all further messages being sent to that address until it is reactivated.  Anyone here who uses yahoo groups no doubt knows that they are a bit quick in blocking addresses but very slow in letting you know that they have.  The result is that one or more times a week, one or more addresses are blocked by yahoo due to a single bounce, lots of genuine messages are lost and it's a right old PITA all round.  Yes I appreciate that PN appear to be silently deleting rather than bouncing so this kind of thing may not be a problem but I still want to understand fully what risk there is of any genuine mail getting silently deleted. Similarly, consider again the hotmail (and others) problem with the Booking Confirmations from a Ticket Agency that I mentioned earlier. The decision to silently delete all those 1000's of e-mails was apparently the result of a scoring-type system deciding that the messages were most likely spam rather than being some of the 150K genuine and desperately wanted messages that were sent out in a very short space of time.  The users of the services who rejected these messages were completely unaware that their service provider could and indeed was deciding which mails they could read and which they could not.  The deletion was automatic on receipt and occurred regardless of specific users' account settings to use a 'junk' folder or similar.

So, am I going to get more official detailed info as asked for (particularly on this ClamSpam thing) or should I just stop asking because PN are going to completely ignore the requests ?

Unfortunately some peoples mail systems treat these lists as black blacklists and reject the mail out of hand. Plusnet use these as part of the scoring system which results in our mail being tagged.

AIUI, the change Plusnet have made is to treat more of the blacklists at the blacker end of the scale as outright rejections because monitoring has proven that no genuine mail has come from servers on this list.

Understand all that fully and it all sounds very good of course BUT (and there's always a 'but' isn't there) How do I know that PN isn't one of those mail systems that could screw up when making the decision to delete ? How do I know that monitoring has in fact 'proven' that no genuine mail has ever been deleted ? I mean, in all fairness rather than intended to be insulting, PN doesn't have a particularly good track record in testing and monitoring anything does it. The only thing likely to flag a problem is customers complaining and in perhaps the majority of cases they wouldn't even be aware that genuine mail had been deleted. Also, I still get the impression that we are talking about 'silent deletion' on receipt here and not simply 'tagging' iffy stuff.  Tagging, whilst being a bit of a PITA to have to manually check 'junk' folders when you haven't ever needed to before is not so bad but it's the possibility of silent deletion or worse still silent bouncing that concerns me in all this.  It's all too easy for any ISP to dismiss any claims of stuff going missing as "just one of those things that happens sometimes and nothing directly to do with us" so even if you do know that something has got deleted by mistake, no one is ever likely to listen or do anything about it.


Title: Re: Spam being recieved on Private e-mail addy
Post by: kitz on May 18, 2007, 01:36:31 pm
>> The list will be cut in to chunks and given to many different botnets to spew out.

This does appear to be what is happening and I mentioned this in another thread yesterday.

Sunday the spam started on username@username.
Tues it started on a mailbox I deleted last year.
Yesterday it started on a name@domain name which previously had no spam, but had an association with PN.
Today, I've now started receiving it on pug@


Title: Re: Spam being recieved on Private e-mail addy
Post by: OldDave on May 19, 2007, 09:43:20 am
I keep getting spam offering Photoshop CS for $89 all refering to a site soft-ag.com.

Why aren't Plusnet blocking this??? 



Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 19, 2007, 12:47:03 pm
Dave,

Are you getting any of these emails through a free dialup account; or do you have Spam turned off on your paid account?

The reason I ask is that I am getting those same emails, but on my old free account they are untagged (as free dialup doesn't include spam protection - although they are going to add it next week! Hurray!), whereas on my broadband account, the mails are ALL (so far) correctly tagged by PlusNet as Spam.

If you are getting any through the cracks, then send them to "spam@despamchecker.plus.com", where they will be added to the scoring database, to increase the chances of them being caught next time. There is talk of some accounts that are ONLY receiving this spam being given over to collecting and automatically adding to PlusNet's database of spam detection, but as far as I know this is a work in progress.

Mike


Title: Re: Spam being recieved on Private e-mail addy
Post by: kitz on May 19, 2007, 01:29:39 pm
Got a pile of them overnight too - all mine are tagged ok.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 21, 2007, 09:09:26 am
If they implemented Tam's honeypot/blacklist suggestion the majority of these messages wouldn't be tagged, they'd be binned.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Matt_2k34 on May 21, 2007, 07:44:25 pm
yeah try and keep it to tagging, so you dont lose anything you want to keep :-)

oh and i have been getting a bucketload of spam per day to the address with the catchall for MONTHS and PN blamed me for it, the last few days this has died down to nothing. which is good i guess *touch wood* it stays like it eh ?  :-P


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 23, 2007, 02:39:34 pm
I very much get the impression that the handling of this incident in general is primarily being driven by two things:

1) Users that habitually use webmail/IMAP who want access to all of their previous data and those who don't want to see anything that might possibly be spam etc. but who don't understand the possible consequences of making such demands or give a positive reaction to PNs plans without fully understanding (or being told about) any potential downside. 

2) PN wanting to publicly demonstrate that they have the spam situation and webmail 'under control' and users are not having significant problems with the amount of spam now being received ... not to mention reducing the stress on the servers of course.

It's all well and good importing historic webmail data for those who need or want to continue using it but it is a significant risk for all those who don't !  Similarly, users complaining very loudly about PN stopping the spam completely is all well and good but such users do not seem to understand in the slightest that it simply isn't realistically possible to achieve.  PN making the filtering more aggressive may reduce the spam but will also increase the risk of losing genuine messages. There is NO stopping it now and the problem can only get worse not better as the details are passed around to be used by more spammers and subsequently modified to target other common or random addresses and used as the 'from' address in future spam.  The ONLY true solution is to change email addresses and/or username/domain completely so that any mail sent to any compromised addresses can be blackholed immediately on receipt. Any detection/filtering employed, no matter how good or accurate it might be, can only limit the problem in the medium term as it will always be at least one step behind the spammers and as the volume increases the success of any detection/filtering will 'appear' to get worse.

I do hope that the full report due today will make a big point of explaining that the problem CANNOT be truly resolved other than by changing addresses and/or username/domain.  It is completely unreasonable to suggest that spam detection and filtering etc. is in any way a realistic solution for those who don't want to receive any spam of any form. It is also unreasonable for PN to be too aggressive in detection/filtering in an attempt to placate those users complaining loudly that they are still receiving spam and PN should be stopping all of it.

The way I see it is that no matter how aggressive the spam detection and filtering becomes, it's always going to be a losing battle long term.  Spam is and will continue to be a significant and ever increasing problem to all those who had their addresses compromised no matter what ... but with the added potential problems of losing genuine mail (at worst) or having it tagged as spam (at best).  One man's spam is another man's Sunday roast and all that ! It would appear that many users simply do not understand this at all and believe that someone can somehow flick some switch to turn their spam off. They are sadly misinformed and will be somewhat disappointed IMHO !  So here's hoping the full report will be 'open and honest' in this respect and not try to hide the fact that there is NO magic solution to the problem now (other than dumping all compromised addresses, usernames or domains) and all that spam detection and filtering can possibly achieve is a certain and unspecified amount of damage limitation ... but with some  risks attached.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 23, 2007, 03:34:46 pm
When are we going to see any announcements on the steps Plusnet are taking to improve the accuracy of the spam filters?

I have a number of email addresses which were getting no emails (spam or otherwise) prior to 12th May which are now being spammed. I have set up a specific mailbox with aliases for these addresses and can therefore accurately monitor the numbers being tagged. At present around 25% of spams are not tagged - and that is in spite of many having subjects including "wondercum". What I am seeing in this mailbox reflects the accuracy I am seeing on my proper mailboxes.

Whilst the spam filter is performing as badly as this, the changes being made to move the tagged spam in to a SPAM folder is as much use a chocolate fire-guard. We will still be seeing very high volumes of offensive spam in our normal mailboxes.


Title: Re: Spam being recieved on Private e-mail addy
Post by: adh2020 on May 23, 2007, 03:56:27 pm
It so very very annoying. PN stating that the spam is like any other spam and filtering etc is the answer are missing the point.
We are talking about people who have gone out of the way to keep clean email address' by whatever means now being bombarded by rubbish through a PN fault. SPAM filtering isn't the answer for these people, as MikeB says, the ONLY way is to change address and remove the old mail box which potentially has other implications. This error is going to cost me time and money to rectify and it's all down to PN's error.

I'd like to see financial compensation to be honest, sorry just doesn't cut the mustard with me. I sincerely hope this one hits them where it hurts, although with BT's aquisition I doubt it.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 23, 2007, 09:26:03 pm
It so very very annoying ... [snip]...

I'd like to see financial compensation to be honest, sorry just doesn't cut the mustard with me. I sincerely hope this one hits them where it hurts, although with BT's aquisition I doubt it.

Understatement of the century ... but mentioning the 'C' word, esp in a first post, is quite probably going to get all your subsequent posts totally ignored accidentally missed by PN even faster than mine were !   :-D  :-P :evil:

Anyway, all this talk of postmaster@, Contact_Name@ and User_Name@ addresses on another thread has just made look up precisely what is set up in my two accounts via the appropriate portal.  What is most interesting (in an angry, well p*$$ed off, someone's not being entirely honest with me kinda way) is the subtle differences between the two accounts regarding the set up, the addresses actually being used and those which were compromised:

Ye olde F9 A/C: User_Name@ and postmaster@ have been compromised, neither of which would ever have been used directly by me of course. User_name@ is the PN default catch-all and postmaster@ is set as my 'contact' address.  No other spam has yet been received on any other address or mbox using an anything@My_Account.force9.co.uk form of the address. 

However, plenty of spam various is received (and has been for a long time now) on the original anything@My_Account.force9.net form of the address.  This also started very suddenly and quite a while after I actually stopped using that form of the address on PN's advice that it would cease to be supported shortly.  How strange to tell all customers that they MUST change the addresses they had been using for absolutely ages from ...force9.net to ...force9.co.uk with immediate effect because the original ones were going to be withdrawn only for them to suddenly start getting spammed silly not long after.  Needless to say I have a curiously strange feeling of deja vu about the recent breach.

Ye (likely_to_be_olde_real_soon) PN A/C: User_Name@ and My_Name@ and My_Mbox@ have been compromised. User_Name@ is the PN catch-all again, My_Name@ happens to be set as my 'contact' address and My_Mbox@ could possibly have been checked by just logging into webmail when it was first set up ages ago.   No spam has yet been received on any other address or mbox using an anything@My_Account.plus.com address.

So, whilst this is highly likely to be a webmail issue and not much else as has been suggested by PN, it also appears that Contact_Name@ and User_Name@ addresses would have been compromised even if you hadn't ever used webmail on someone else's account never mind not on your own !  All these comments suggesting you simply MUST have used webmail or have received something from someone else via webmail and so on in order for your addresses to be compromised is beginning to look rather like a bit of a smoke screen to me.

Is everyone else seeing Contact_Name@ and User_Name@ definitely being compromised along with any others that have actually been used via webmail in one way or another ?

I await the full report with much excitement (although I don't expect it to be particularly revealing or detailed for that matter) but whilst noting that Wednesday 23rd May doesn't end until 23:59:59 tonight I'm not sure that I will bother looking for it until tomorrow or maybe on 'bad news' Friday TBH.  I mean it doesn't seem likely to appear today now and anything likely to generate a backlash generally seems to get released late on a Friday so there is conveniently a whole weekend for the fuss to die down a bit before those responsible return to PN Towers on the Monday ;)


Title: Re: Spam being recieved on Private e-mail addy
Post by: lmartin on May 23, 2007, 11:03:49 pm
If they implemented Tam's honeypot/blacklist suggestion the majority of these messages wouldn't be tagged, they'd be binned.

We are doing this, just not as harshly as blacklisting altogether.  We're monitoring some honeypot addresses that we have identified from our own accounts and then we're automatically trained dspam with the contents every day, with a higher weighting.  This has started yesterday so we'll see if it is effective in the next few days.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 23, 2007, 11:14:38 pm
Give me one good reason why you should not totally blacklist the IPs?


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 24, 2007, 12:36:34 am
Oooo looky see what's just dropped into a USENET folder near me  :-)

clicky here for webmail incident report (http://community.plus.net/comms/2007/05/23/webmail-incident-report/)

A bit of light bedtime reading .... or maybe not ...


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 24, 2007, 08:26:51 am
I can see one thing that is going to cause a lot of confusion today!

When you go in to webmail it doesn't immediately display the spam folder (unless you already had one). You have to go in to folders and subscribe.


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 24, 2007, 09:47:48 am
... and looking on the portal forums that has already started.

It doesn't help that the advice being given by Comms reps is incomplete and only talks about selecting the mark and move option without telling people about the need to subscribe.


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 24, 2007, 10:10:19 am
Just hit a very odd problem.
One of my mailboxes doesn't have the option to subscribe to the spam folder it states
Quote
Unsubscribe/Subscribe
No folders were found to unsubscribe from!   No folders were found to subscribe to!
Is this because this is the one email account which wasn't compromised


Title: Re: Spam being recieved on Private e-mail addy
Post by: jelv1 on May 24, 2007, 10:21:23 am
From what I've seen posted elsewhere, I think the folder will be created when the first tagged spam hits the mailbox.


Title: Re: Spam being recieved on Private e-mail addy
Post by: simonflood on May 24, 2007, 10:24:16 am
When are we going to see any announcements on the steps Plusnet are taking to improve the accuracy of the spam filters?

I have a number of email addresses which were getting no emails (spam or otherwise) prior to 12th May which are now being spammed. I have set up a specific mailbox with aliases for these addresses and can therefore accurately monitor the numbers being tagged. At present around 25% of spams are not tagged - and that is in spite of many having subjects including "wondercum". What I am seeing in this mailbox reflects the accuracy I am seeing on my proper mailboxes.

Whilst the spam filter is performing as badly as this, the changes being made to move the tagged spam in to a SPAM folder is as much use a chocolate fire-guard. We will still be seeing very high volumes of offensive spam in our normal mailboxes.

I own my own domain name for which I have set up an e-mail "alias" that forwards to 3 e-mail accounts - a PlusNet mailbox, Google Mail, and my work account (so I don't lose my e-mail, thanks PlusNet!).

All the e-mail that PlusNet doesn't tag as [-SPAM-] both Google Mail and my work account do so why can't PlusNet's systems identify it as spam?  I also don't have to train either Google Mail or my work system to recognise spam messages.

At work we use SpamAssassin and DNS blacklists whilst Google Mail uses some unknown system.

Simon


Title: Re: Spam being recieved on Private e-mail addy
Post by: dgdclynx on May 24, 2007, 10:58:48 am
I just went to my Webmail account for the first time since 7 this morning and found that my Spam folder had been created with spam in it to delete.


Title: Re: Spam being recieved on Private e-mail addy
Post by: godsell4 on May 24, 2007, 11:27:41 am

Um, it takes 3 or 4 well placed clicks to get access to the Spam folder, were are the clear instructions from PN to explain to the great unwashed non-savvy users how to do this?

:(

SW.


Title: Re: Spam being recieved on Private e-mail addy
Post by: adh2020 on May 24, 2007, 12:10:46 pm
Compensation, compensation, compensation.

There I've used the c word three times in my second post. I don't understand what makes PN / ISP's abe to operate different rules to any other business.
My business provides a service to our customers. If we don't do that well or make mistakes or miss deadlines etc then our customers either don't pay or pay less. Why customers are expected to pay irrespective of the level of service ie lost data, down time, leaked email addresses etc is a mystery to me.

ISP's should be next on the list for unfair codes of practice and unrealistic charges respective to quality of service received. The banking industry has had it's fair share of scrutiny. I vote ISP's next please.


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 24, 2007, 02:16:33 pm
I suspect the problem here is that most ISP's don't make much money (or make a loss for market share - which they hope to profit from in the future when the market thins). PlusNet is relatively rare in the market as making a healthy profit from their service, but that is from clearly defined product models. If they had to re-define them with a margin for refunds, then it would have to modelled differently.

If ISP's where forced to compensate for downtime, then the prices would have to go up, unless BT also paid the ISP's for downtime it caused, but if they were forced to do that, then they would probably put their prices up to. It would work great for the guy who had a big problem, and so got a big payout, but the rest of us would be paying for it with increased bills. There would be the advantage that ISPs would have a financial motivation to not make mistakes in the first place, which we would all gain from, but we would also have to expect higher monthly bills EVERY month to make it possible.

I am not saying that ISPs shouldn't go down that route, in fact there is possibly something to be said for offering that as an option, for business customers (at a suitable price), as it might give some the piece of mind that they are getting the best service possible... but BT don't guarantee their own service, so it makes it difficult for ISPs to offer a guarantee on a product they can't control and get no compensation from the supplier for downtime.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 25, 2007, 12:17:39 am
If ISP's where forced to compensate for downtime, then the prices would have to go up ....

I'm not naive enough not to understand that what you say is the way of the world and all that, but it still *really* winds me up whenever I see the old "Ah, but, if we offered service guarantees and compensation then we would have to put prices up" line trotted out !!!

[soapbox]

Erhm, well excuuuuuuse me, but methinks the sole objective of any such scheme is being entirely missed - the sole aim is NOT to pay out any compensation whatsoever by ensuring that the service is provided as advertised and as paid for by the customer - so it shouldn't actually cost anyone any more money than is already changing hands !  Unless, of course, the company concerned is being somewhat less than 100% honest in what it is advertising, the performance claims it makes, the way it operates or the way it sources or sub-contracts the goods and services necessary in order to provide the advertised service to the customer.

Granted that BT is a major issue in it's own right and a law unto itself but that should be of little or no concern to customers of any company other than BT. Who a particular company sources it's materials, facilities or services from or who it sub-contracts work to is entirely the responsibility and concern of that particular company and NOT of it's customers. The customer's contract is with a specific company to provide a specific service not with it's suppliers, sub-contractors or suchlike. How a particular company negotiates and handles issues with it's various suppliers and so on is (or rather should be) completely irrelevant and solely a problem for the company to resolve entirely to their own satisfaction.

What the "Ah, but, if we offered service guarantees and compensation then we would have to put prices up" line 'really' means IMHO is that the company knows d@mn well that it can't provide the service as advertised and therefore if there was some form of compensation scheme then it would cost them bigtime.  But again, the point is generally missed. The whole principle is not for the customer to pay more up-front only to receive it back as compensation when a satisfactory service isn't provided but to encourage preventing problems from happening in the first place so there is no requirement to pay any compensation.  And it certainly shouldn't mean tiddling the charges so that much the same bottom line profit is obtained regardless of whether a company screws up or not !

If a company feels no real 'pain' if/when it screws up then it's never going to be all that bothered about it and act responsibly.  Companies need to be 'encouraged' to do or provide exactly what they claim one way or another and feeling a certain amount of 'pain' if they don't is probably the only way to get anywhere close to that.  Saying sorry lots and lots is all well and good but talk is easy and cheap no matter how sincere it may be and it's always the poor old customer facing staff who have to take the flak rather than those actually responsible for the problem in the first place of course. 

Inflicting financial 'pain' is perhaps the only way to provide maximum 'encouragement' to get it right.  If it costs money and is therefore 100% obvious to shareholders looking at the balance sheet if/when things go horribly wrong then there's a reasonable chance that any fundamental problems will get sorted in one way or another.  Whilst losing some customers as a result of screwing up badly or too often no doubt causes a certain amount of 'pain', it's quite easily hidden away or compensated for by gaining a few others but a nice BIG red entry on the balance sheet for "Compensation paid out for not providing a satisfactory service as advertised: (£xxx)" resulting in a much smaller than anticipated bottom line profit plus far less free bubbly and munchies at the next AGM simply can't be ignored !

[/soapbox]

If only all things in life were so simple  :-D  and BTW, intended more for amusement rather than a rant and certainly not intended as a broadside to PN in particular - it is equally applicable to just about any and every company I (and no doubt most other people) have ever dealt with !  Any problem is always someone else's fault and we're very, very sorry and it won't happen again ... but, yes, of course we're still going to charge you the full amount despite the problems and all the inconvenience or cost to you !


Title: Re: Spam being recieved on Private e-mail addy
Post by: dhookham on May 25, 2007, 08:51:32 am
Any problem is always someone else's fault and we're very, very sorry and it won't happen again ... but, yes, of course we're still going to charge you the full amount despite the problems and all the inconvenience or cost to you !

And "Your call is important to us" as part of the default hold message on many complaints lines  :wink:


Title: Re: Spam being recieved on Private e-mail addy
Post by: adh2020 on May 25, 2007, 09:53:30 am
We could nickname it the business-customer russian roulette relationship.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 25, 2007, 11:51:25 am
And "Your call is important to us" as part of the default hold message on many complaints lines  :wink:

OMG ... don't get me started on that one !!!!! Your call is very important to us - which is why you've been on hold at your cost and making us money for just over an hour now listening to some poxy rendition of some generally good piece of music sounding rather like it's being played on a Rolf Harris Zylophone under water only to have your hopes raised then promptly dashed every few minutes when, click, the music stops and just as you begin to think someone is finally about to answer the call .... "Your call is really important to us. We are very sorry for the delay but due to an unusually high demand all our operators are busy at the moment. Please continue to hold (and make us some more money) until one of our operators is available to take your call."  Oh yeah, dontcha just love it !  The old BP goes up another notch each and every time it comes round :-D

Mind you, I think we've missed out a stage here ... don't forget the wrestling with the d@mn "press 1 for this" and "press 2 for that" game usually comes first.  Gotta spend at least 5 mins trying to work out which of a whole load of seemingly irrelevant options might just fit the bill ... or simply mash the phone key pad a few times until it finally stops giving out options and puts you on hold of course.  Extra points if you manage to press numerous options which seemed completely appropriate but then rather curiously find yourself right back at the start of course.  Now, if only there was always a "press * for I really don't give a %£$£&^ just answer the bl**dy call for god sake" option ! 


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 25, 2007, 11:54:55 am
If ISP's where forced to compensate for downtime, then the prices would have to go up ....

I'm not naive enough not to understand that what you say is the way of the world and all that, but it still *really* winds me up whenever I see the old "Ah, but, if we offered service guarantees and compensation then we would have to put prices up" line trotted out !!!

[soapbox]

<snipped/>

[/soapbox]

If only all things in life were so simple  :-D  and BTW, intended more for amusement rather than a rant and certainly not intended as a broadside to PN in particular - it is equally applicable to just about any and every company I (and no doubt most other people) have ever dealt with !  Any problem is always someone else's fault and we're very, very sorry and it won't happen again ... but, yes, of course we're still going to charge you the full amount despite the problems and all the inconvenience or cost to you !


I just wish to point out that I have nothing to do with PlusNet or PUG (other than being a F9 customer and occasionally posting here on PUG forums) and therefore my previous comments and opinions are my own, not theirs! Therefore it was ME trotting out those lines that really wind you up... not PN. I'm sure you knew that, but just making sure!

Anyway, for what it is worth, I know what you are saying, and I agree with you. Unfortunately, as well as being an optimist, I am also a realist (it is sometimes helpful, but often a frustrating viewpoint to hold!). The problem is the current market place. It has been price driven for a while, which means that corners get cut, in an attempt to cut costs, to cut the retail price, to grab a market share, and make a better profit etc.

When this happens, then the mistakes start and service levels drop. This is what we have seen from PlusNet in this last year (although the cuts probably happened in the previous year!). Last year and this year appear to have been a genuine attempt to turn things around and get things back in order (from my observations), but the current shortage of PHP coders can't be helping!

However they are certainly still reaping the "rewards" of their previous bad decisions 2 years ago (again just my opinion) and despite trying to get back on track, still have a way to go yet.

So Compensation....
Who can offer compensation for BT Wholesale's mistakes without putting prices up? PN can't improve BT wholesale's shoddy services more than any other ISP can. And if they received preferential treatment (through BT retail ownership) compared to other ISP's then OFCOM would come down on them pronto.

Their own mistakes... - yes they could start to offer compensation for their own mistakes, and hope that it provided an incentive to make sure the mistakes didn't happen in the first place. However, the investment in man-power to improve the service might price them out of the market. There is a delicate balance here. It is hard enough to compete with "free" broadband ISPs at current pricing without deciding you are going to take on even more staff to mitigate ALL future problems. Either way it has to cost more.... either to provide that premium service, or to pay for not achieving that service!

If you want that sort of service it costs money. And surely that would be the point of a price increase, not  to pay it all out in compensation, but to be paying it to get a better service than others are paying for.

I'm not saying we should be content with last year's service (or even this year's) from PlusNet. They need more prodding yet, to get back to providing the level and quality of service that they have potential to provide. I'm sure with the right pressure from us the customers, and hopefully PUG interaction too, they will make that transition back to being a solid dependable ISP, and that is why I have stayed with them through the storm (time will tell if that was a waste of time!)

There is a place in the marketplace for that kind of a premium service and some people would pay for it happily for a definite SLA (Service Level Agreement) with compensation on failure to meet those standards. Interestingly enough, just 15mins ago I filled in a PC Pro survey asking about ISPs and one of the questions was "would you be interested in a ISP with a strict SLA and compensation?". Another question also asked, "would you be willing to pay £50 more a year for better customer service?". I got the impression that the survey was linked to Thus/Demon Internet (although that might be wrong), so I suspect that they are looking at the current market place and trying to find a niche to slot into, but seeking customer opinion first.

I think the bottom line here is that we (the customers with PUG's help!) need to help prod PN into shape, so that this ship can sail without leaking (deliberate terminology chosen!), before anyone at PN towers considers offering a SLA or compensation deal. Once on an even keel, maybe it will be right time in the market to offer that sort of service from PN, but we need to be realistic at the moment and recognise, that even if everything was sorted today for ongoing improvements, that we would still reap problems from last two years for another 6 months or so, as it takes time to turn a moving ship around!

For what it is worth, I am optimistic about PlusNet's future or I would have jumped ship by now!


Title: Re: Spam being recieved on Private e-mail addy
Post by: XPC exiled in NZ on May 25, 2007, 12:42:29 pm
And "Your call is important to us" as part of the default hold message on many complaints lines  :wink:

OMG ... don't get me started on that one !!!!! Your call is very important to us - which is why you've been on hold at your cost and making us money for just over an hour now listening to some poxy rendition of some generally good piece of music sounding rather like it's being played on a Rolf Harris Zylophone under water only to have your hopes raised then promptly dashed every few minutes when, click, the music stops and just as you begin to think someone is finally about to answer the call .... "Your call is really important to us. We are very sorry for the delay but due to an unusually high demand all our operators are busy at the moment. Please continue to hold (and make us some more money) until one of our operators is available to take your call."  Oh yeah, dontcha just love it !  The old BP goes up another notch each and every time it comes round :-D

Mind you, I think we've missed out a stage here ... don't forget the wrestling with the d@mn "press 1 for this" and "press 2 for that" game usually comes first.  Gotta spend at least 5 mins trying to work out which of a whole load of seemingly irrelevant options might just fit the bill ... or simply mash the phone key pad a few times until it finally stops giving out options and puts you on hold of course.  Extra points if you manage to press numerous options which seemed completely appropriate but then rather curiously find yourself right back at the start of course.  Now, if only there was always a "press * for I really don't give a %£$£&^ just answer the bl**dy call for god sake" option ! 

Often pressing hash once (or a few times!) gets you to an agent instantly without the menu turmoil on a lot of phone menu's. On others if you don't press anything, and pretend that you phone isn't sending out tones then you also get to a real person quicker! Of course, you need to note that the person you get in these scenario's isn't always in the right department, so you can be better to brave the menu!


Title: Re: Spam being recieved on Private e-mail addy
Post by: dhookham on May 25, 2007, 01:29:58 pm
And "Your call is important to us" as part of the default hold message on many complaints lines  :wink:

OMG ... don't get me started on that one !!!!!

There's a whole family of worms in the business/customer relationship can :-D

Don't forget the other kinds of platitudes that crop up (largely in advertising, but are creeping into hold messages and call centre spiels) such as "We care... so you don't have to"

Then there's the over/misuse of phrases like "For your convenience", attached to statements such as "we have introduced a premium rate support line".



Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 25, 2007, 04:15:25 pm
Getting back to spam - just received which no spam filter is going to pick up as the text is totally innocuous except that the sent date is Sun, 25 May 2003 16:27:50 +0200
Is it possible for the filter to pick this up and reject anything more than 30 days old for example


Title: Re: Spam being received on Private e-mail addy
Post by: Penny on May 26, 2007, 12:29:22 am
It doesn't help that the advice being given by Comms reps is incomplete and only talks about selecting the mark and move option without telling people about the need to subscribe.

Um, it takes 3 or 4 well placed clicks to get access to the Spam folder, were are the clear instructions from PN to explain to the great unwashed non-savvy users how to do this?

Okay guys, I would appreciate some help here, falling as I do into the non-savvy-user category [not too keen on the rest of the description, needless to say]

I simply don't have time to log separately [via Squirrelmail] every day into every individual mailbox or account to see if there's some missing mail sitting in a spam folder somewhere.  Not that I'm entirely sure such spam folders are automatically-created as posited in other posts;  regardless on a sample mailbox account on which heavy-content spam is being received via OE, no such folder seems to have created itself for that account on the portal.

So.  Could someone here please provide idiot's-guide-type instructions as to how to do the following:
(1) create a spam folder for a mailbox I can't (yet) dispense with.

(2) on a standard (less busy) username,
(a) create a mailbox (this bit I can do, as per jelv's post here (http://usergroup.plus.net/forum/index.php/topic,3915.msg48834.html#msg48834))
(b) drop the catch-all [ is that the same thing as "blackholing the default"? ]
(c) blackhole postmaster@
(d) blackhole username@

As far as I can gather ( :? ) this will leave open only one route into that username, that of the mailbox I have created (eg mercury@username ), and everything else, including all the spam, will just get dumped.

If someone could possibly provide simple instructions for 2b, 2c and 2d above, I can just plod through relevant accounts and make the changes, whenever time allows, progressively reducing the spam overload factor till it's entirely gone.

If I (also) put mercury@username as my contact address for PN, on the portal, essential stuff will still have a way through.

Having had a relatively-sane period since the main site default address got blackholed and the mail dropped to minimal levels, I am finding the increasing spam volumes very wearing, as no doubt is everyone else.

I don't want to / haven't got time to, check endless "spam" folders so 2a-d above would for me represent a way of getting rid of all the spam for all the compromised usernames here, without having all the spam sitting on PN's servers for 30 days.

I trust that is a reasonably-accurate assumption :)  and I'd also value instructions on exactly how to set up a spam folder on the few affected mailboxes which can't immediately be dispensed with, on the main site account.

Regards,

Penny. 


Title: Re: Spam being recieved on Private e-mail addy
Post by: OldDuffer on May 27, 2007, 12:12:57 pm
Silly question:

I understand that there is a method where an email received at the ISP is compared to a list of authorised addresses. If the address is found then the email is sent to the recipients mailbox. If the email address is not found then the ISP sends an email to the sender saying that it not authorised and giving instructions as to how to proceed, and an email is sent to the recipient informing of the unauthorised email. The recipient then can then add it to the authorised address list or not.

We would then be in control of what we receive, or not. Obviously this should be selectable on individual mailboxes.

OR - am I talking out of another orifice.


Title: Re: Spam being recieved on Private e-mail addy
Post by: petervaughan on May 27, 2007, 12:25:51 pm
There are a number of problems with your solution - which is in part commonly referred to a white-listing...

1) Spam often has spoofed from addresses so bouncing the email back will actually do the spammers a favour by sending the spam to your mailbox and the one they have spoofed - two for the price of one - never a good idea. Spam should NEVER be bounced, it should be deleted.

2) Sending an email to you stating a message has been bounced causes just as many messages to be received by you as the original spam. In effect these additional messages will become just as annoying as the original spam, especially if you are targeted and receive several hundred of them.

A whitelist should be under your control to add email addresses manually. So you find the addresses you want to receive mail from and set it up. Any messages that do not match are then automatically deleted and you don't get a warning email for each one.

However PN do not have such a system. It has been asked for but I suspect it may be some time, if ever, before we see it and the work involved could be big having to maintain 100,000s of whitelist files that the mail servers need access to.


Title: Re: Spam being recieved on Private e-mail addy
Post by: OldDuffer on May 27, 2007, 12:37:27 pm
Thanks for elaborating.

I have learnt some pointers that I did not appreciate. (68 today and still learning)


Title: Re: Spam being recieved on Private e-mail addy
Post by: Oldjim on May 27, 2007, 12:48:44 pm
As another aged person can I throw in an episode on my previous company e-mail system.
A user set up a forward to his home e-mail account unfortunately the mailbox had exceeded it's limit so the server sent an automatic response back saying that it couldn't be delivered. You can guess what happened next - the response was forwarded again and so on.
The end result was that by the time the IT staff came in the whole e-mail system had died as it was full of these bounces - self inflicted DDS attack  :-D


Title: Re: Spam being recieved on Private e-mail addy
Post by: LC100 on May 27, 2007, 01:00:16 pm
Hi

Quote
Erhm, well excuuuuuuse me, but methinks the sole objective of any such scheme is being entirely missed - the sole aim is NOT to pay out any compensation whatsoever by ensuring that the service is provided as advertised and as paid for by the customer - so it shouldn't actually cost anyone any more money than is already changing hands !

I quite agree, but in order to ensure no payouts need to be made money has to be spent on improving the service to such a high level that no compensation is ever needed, so there is still a cost.


Title: Re: Spam being recieved on Private e-mail addy
Post by: mikeb on May 29, 2007, 01:52:47 pm
I just wish to point out that I have nothing to do with PlusNet or PUG (other than being a F9 customer and occasionally posting here on PUG forums) and therefore my previous comments and opinions are my own, not theirs! Therefore it was ME trotting out those lines that really wind you up... not PN. I'm sure you knew that, but just making sure!

Nah, don't panic, it wasn't a broadside to you either !  Like I said, I understand exactly and generally agree with what you (and everyone else) has said and my original comments were more for amusement value rather than being particularly serious.  But I do think there are issues here. Yes, I would be (and depending on what it is, often am) prepared to pay a little more for good service. Whether that's by using a particular ISP or by buying goods from a local specialist rather than an on-line box-shifter doesn't matter. I don't want to be messed around, I expect things to do what it says on the tin and with minimal hassle if something unforeseen does happen. Needless to say I'm often disappointed even when I do choose to pay above the 'going rate' !

The point I was (sort of) making is that ISPs (and others) really take the p*ss with their marketing hype .vs. the reality of what's actually going to be provided.  Take one ISP who I found earlier offering various packages along with an option for having an SLA.  With the most basic account at around £15 apparently having more bells and whistles than you can shake a stick at plus service descriptions that would have you believe that the MD personally checks all is well with your account on a daily basis then gives you a call if you have e-mail and haven't noticed (ok, maybe not *that* good but still sounds way too good for the price !) how much is the SLA option on other packages ?  Almost the same amount as a basic account !!!!

Who do they think they're kidding.  The service clearly can't and almost certainly wont perform as advertised.  It simply can't be anything to write home about if you have to virtually double the price before they will even consider what they actually GUARANTEE rather than what they IMPLY will happen.  It's a complete joke.  Yes, I know the *big* problem is the BT issues but even so, it's still crazy.

Consider this: If each and every one of the ~200K PN subscribers had agreed to pay 10p/month extra last year then the additional income over the year would have paid for new e-mail platform. It would have been commissioned  way before the other one gave up the ghost and without the need for PN taking the 'cheap' option and then skipping it after causing utter chaos by trying to add sufficient string, sellotape or whatever to make it sort of work ... only to find it would never work as anticipated.  Alternatively, think about how many OS or application upgrades would it have paid for ?  Again, not really intended as a rant about PN as such just pertinent examples fresh in everyone's mind.  But need I say more ... and all that for just 10p/user/month extra. An absolute bargain !

Bottom line: A realistic price to provide a realistically described service is what's needed. No marketing BS, smoke, mirrors, crossed fingers, lucky charms, upto's, unlimited's or anything remotely similar required to make it all sound way better that it actually is in practice thank you very much.  Say what it does and is capable of (and mean it by guaranteeing it) as well as maintain it so that barring the VERY OCCASIONAL and UNFORESEEN nightmare, it always performs as expected and customers actually experience what they signed up for.  If it's not achievable and sustainable at the advertised price then don't hype and sell it at that price or if you do, don't come back whining about it and trying to move the goalposts later on because you c**ked it up !! Do your sums and get it right ... or take the hit and then it might just 'encourage' you to get it right next time ;)

I do not believe SLAs or any other compensation type scheme actually helps because companies just don't take them seriously. If/when they do offer them it's either a token gesture that doesn't hurt or a blatant attempt to rip-off a 'concerned' customer. I've long since lost count of the number of times in real life that I've seen a huge contract with quite harsh financial penalty clauses signed despite everyone knowing full well that it's simply not possible to meet the contractual requirements and therefore the penalty clauses will come into play. But it will be argued and maybe negotiated later when it's way too late for either party to back out.  If/when a hit does have to be taken then so be it because the money to cover the penalty will have been added in somewhere so it's no real loss as the customer is paying extra for something to cover it.  Dontcha just love the moral superiority of Sales and Marketing guys :roll:

The one big drawback with BB in my view is the inability to easily and cheaply have a backup service or provider. In the dial-up past, I have always had 1 or more alternatives available should my PN connection or service fail at any time, some paid-for some free. It obviously doesn't help in all situations but it does (and did on several occasions) help a lot.  It's a great pity that there isn't any realistic way to do this on BB. Apart from providing a backup just in case it also gives the opportunity to 'test drive' an alternative supplier which is ALWAYS a very good thing. I would certainly choose 2 independent providers over any form of SLA scheme that's for sure if it were possible to do this - primarily because it totally removes the "we don't really care because we know the user can't easily and quickly go elsewhere" attitude that I think exists with most if not all providers.

Anyways, sorry for dragging this thread way OT :oops: best be getting back to all that luverly spam that there's no shortage of. I see the latest hot deals appear to be for Adobe something-or-others that enhance your anatomy as well. WOW! I know Photoshop is good for enhancing stuff but even I didn't think it was *that* good  :-D