Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 ... 14 15 [16] 17 18 ... 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 162541 times)
jelv1

Posts: 2130

« Reply #225 on: May 17, 2007, 02:00:46 pm »

Has any other Plusnet user ever in the last two or three years sent you an email to the address that is now being spammed? If that was using webmail you will be affected.

jelv
mikeb

Posts: 657


« Reply #226 on: May 17, 2007, 02:13:05 pm »

Hang on, would a reputable news site like El Reg let a faked comment like that remain on it's site? rolleyes

Of course it would unless it knew that it was potentially a faked response which is why I suggested that PN contact The Reg to advise them - if it truly is a fake and/or malicious unfounded comment of course.

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
Daved

Posts: 71

« Reply #227 on: May 17, 2007, 02:19:32 pm »

Has any other Plusnet user ever in the last two or three years sent you an email to the address that is now being spammed? If that was using webmail you will be affected.
Fairly sure that was not the case, unless plusnet has. Is there any way to tell from headers?

dillons on Plusnet forum
lmartin

Posts: 1404


Comms Team

« Reply #228 on: May 17, 2007, 07:32:08 pm »

Evening guys,

I've just published an FAQ on this incident right here : http://usergroup.plus.net/forum/index.php/topic,4787.0.html

Liam Martin
PlusNet Comms Team
wildmind
Guest
« Reply #229 on: May 17, 2007, 08:09:37 pm »

Nice glossing over of the fact that you were aware of the breach BEFORE the customer reports came in and yet didn't notify customers or take action at that point  angry
mikeb

Posts: 657


« Reply #230 on: May 17, 2007, 09:34:02 pm »

Hmmmm, nice FAQ and thanks for posting but I don't see anything particularly new in there.

However, quoted from the most recent service.status report:

Quote
What this is means for now is that less email is being accepted onto our platform and email meeting the following criteria is being rejected.

- Email that is detected as spam by our 'ClamSpam' filter (one of the detection solutions we use)

- Originating IP address of the sender is blacklisted on an RBL (list of known spammers).  For more information on this method of blocking spam, see here: http://en.wikipedia.org/wiki/DNSBL  This particular method of spam blocking has always been implemented on our incoming mail platform.

I've been meaning to make enquiries about the recent changes to mxlast regarding spam detection but haven't quite got around to it !  I realise that now is probably not the best of times to ask but as it's going to be implemented across the board, I'm going to ask anyway.

I have a major dislike of any spam filtering done 'behind my back' where I do not have any control over what's happening and may not even know that it's happening.  So many other ISPs and webmail providers frequently remove what they think is spam but in reality, chopped ham and pork hasn't been within several hundred yards of the messages !

A classic recent example concerns hotmail and others who decided in their 'wisdom' that the Booking Confirmation e-mails for Glastonbury Festival tickets purchased from a very reputable Ticket Agency were automatically classified as spam and silently deleted on receipt REGARDLESS of the users specific account settings and obviously without their knowledge.  It caused way more than a bit of chaos to say the least as many 1000's if not tens of 1000's of people failed to get confirmations and other very important communications from the Agency !

For almost 10 years up until now, I had been completely spam-free on all my used accounts. I had no need for spam filtering and therefore have none implemented despite easily having the ability to do so.  I have Mailwasher Pro on all my machines which I often use to have a quicky look at what's on the PN (and various other) servers as well as using Agent news/mail reader on all machines to DL messages from all over the place as/when required.  Both of these applications have way more than enough facilities to filter spam by various methods including Bayesian techniques should it be necessary although these facilities have always been disabled to date. Having a 'catch all' is very important to me and I do not generally use mboxes but DL everything and filter/sort/distribute locally.

Whilst the spam issue is a right PITA to say the least, it hasn't as yet reached the level where my harvested addresses are totally swamped or Random_Chars@ or Good_Guess@ prefixes are being used. It's only a matter of time before that changes of course IMHO.  Although I appreciate that PN are trying to reduce the impact on customers (and the servers of course) by detecting spam on receipt, like I say, I strongly dislike detection/deletion going on behind my back and completely outside of my control.

I don't even have the optional spam tagging switched on and don't intend to do so anytime soon either.  If spam detection becomes absolutely necessary in the short term then it is something that I will implement myself so that it is totally under my control. If/when the spam problem gets completely out of hand then it's going to be a very appropriate time to move on - simple as that.  If I'm forced into changing e-mail addresses and/or usernames that have been in constant and regular (personal and business) use for ~10 years because of this security breach then I might just as well change them to something that doesn't have plus.com at the end.

So, what exactly is this ClamSpam filtering, what does it do and how does it do it ? And more to the point, how can I be 100% certain that I am not EVER going to have e-mail deleted on receipt or delivery refused just because someone else thinks that it might be spam when in  reality it is a genuine and wanted message ?  I get the impression that both of these systems blackhole rather than 'tag' anything considered as spam which I'm most certainly not liking the sound of. I note that the volume of general spam received on my original F9 A/C addresses has decreased quite significantly over the last few days and I therefore suspect that this is due to these changes and perhaps also because the thresholds have been tweaked to reject more potential spam.  Deleting spam at source is a very good thing of course but only providing that the system is 100% guaranteed not to get it even slightly wrong ... and thereby hangs my problem unfortunately.  I'm very sorry but to be brutally honest, there is no way that I really trust PN to decide what e-mail is and is not delivered to me. 


--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
jelv1

Posts: 2130

« Reply #231 on: May 17, 2007, 09:42:48 pm »

There is a simple solution - run your own mail server and switch to SMTP mail delivery. That way you have full control.

jelv
godsell4

Posts: 397

« Reply #232 on: May 17, 2007, 09:59:51 pm »


I strongly agree with mikeb, now if somebody suffers a financial loss because of this it would be interesting to see what happens.

If the system is put into place that [-SPAM-] can go to a folder or specific mailbox, there is no need for this extra step with mxcore now deleting messages silently.

jelv - setting up an smtp server is not trivial and also I do not have the space for the machine or electric sockets available. Sad

SW.

BBYW1/10GB
jelv1

Posts: 2130

« Reply #233 on: May 17, 2007, 10:23:12 pm »

Remember that even before the change was made to the mxlast servers, Plusnet were dropping large volumes of spam from known bad sources and have been for a considerable time.

jelv
Tam

Posts: 1188


100Mb via Enta.net :D

« Reply #234 on: May 17, 2007, 10:49:59 pm »

From a PN point of view they are doing it for the majority, sure some wont like it, but thats up to them. If you want to run your mail spam scanning differently than how PN is doing it, move your domains to a hosting provider that offers what you want.

Thats what i did, and i'm happy (ish) as to how it now is.

JohnDavis

Posts: 21

« Reply #235 on: May 17, 2007, 11:11:18 pm »

Whilst I am happy that spam clearly identified as being sourced from known spammers can be deleted, I would agree with mikeb in being strongly opposed to any filtering that could possibly result in any genuine emails being deleted. 
channel

Posts: 94

« Reply #236 on: May 18, 2007, 12:06:21 am »

One question which should be added to the FAQ is:

Q Is there a chance that the content of my emails has been obtained by the third party hacker?

NB
Usergroup Member

Posts: 2073

« Reply #237 on: May 18, 2007, 12:27:33 am »

That's my guess. angry

So any confirmation e-mails you received when joining things like these forums which included usernames & passwords could have been harvested.  It would be just as easy to scan for the words username or password in an e-mail stored on the server as to scan for mail addresses within those e-mails.

Personally I've assumed all correspondence sent by e-mail has been read and made changes accordingly.  But I await Plusnets response to that particular question with anticipation.
mikeb

Posts: 657


« Reply #238 on: May 18, 2007, 12:38:24 am »

Re: own mailserver - yup, of course I agree totally and it's something I've sort of looked at more than a few times in the past although not that seriously. Not absolutely sure that I want to experience the hassle factor in doing it mind you as I'm quite sure that it's nowhere near as simple as it sounds !  Also perhaps seriously limits choice if it ultimately becomes necessary to move on so could be a whole bunch of problems for no real benefit long-term.

TBH, I know spam checking was apparently added to mxlast recently(ish) and had apparently always been on the main platform but I'm still not sure to what extent.  For instance, some (maybe most) of the recent very explicit spam did in fact have an 'x-open-relay' field added (presumably by PN as I don't think it was me) but it was still delivered rather than blackholed.  From the comments made in the service.status report, surely these messages should have been deleted shouldn't they ?  So why did they get delivered ? What went wrong there ?

I also kinda agree with the comments along the lines of "if you don't like what PN are doing for the masses then go elsewhere and get what you want" of course but my point is that I don't actually know what PN are doing or what they are intending to do in order to make a judgment on whether it's perfectly sensible and just fine or otherwise !  All they have given is some fancy sounding name without any details of what it's all about.  I fully understand checking against blacklists but even that's not in any way foolproof is it ?  How many times do read on here and elsewhere that PN relay servers have been blacklisted by someone somewhere and as a consequence virtually all e-mail from PN to a specific ISP or domain is being dumped ?

What concerns me (and yeah, I know it sounds stupid) is that I've seen a significant decrease in spam over the last few days and none of that really explicit stuff recently either. Now it could just be coincidence or the calm before the storm of course but I'm thinking that it's because of the changes PN are implementing - meaning that more potential spam is now being deleted on receipt. Like I say, just fine if whatever the system is happens to be 100% accurate but then again what system is ever 100% accurate !  When there is a vested interest in reducing spam to an absolute minimum before routing to customers, there just has to be an increased risk of genuine stuff getting clobbered IMHO.  I'd like to somehow try and assess that risk.

So Mr.PN, is it possible to provide more details on exactly what is being done without the risk of providing Mr.Spammer with some helpful advice on how to circumvent the system ?
« Last Edit: May 18, 2007, 12:41:03 am by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
LC100

Posts: 283

« Reply #239 on: May 18, 2007, 07:31:38 am »

Hi

Quote
Re: own mailserver - yup, of course I agree totally and it's something I've sort of looked at more than a few times in the past although not that seriously. Not absolutely sure that I want to experience the hassle factor in doing it mind you as I'm quite sure that it's nowhere near as simple as it sounds !

I switched to my own SMTP several years back and have none of the ups and downs of the PlusNet email system, it is pretty easy and free software is available, I use Mercury32 which has never crashed or caused any problem.  My email to username.plus.com comes to my own server (as well as my own domain name) however 98% of the email to me from this incident was blocked by Mercury32 open relay check, and I was able to add a rule to drop all mail sent to username@username.plus.com immediately, it just cuts them dead without accepting any data or using any of your bandwidth, makes me feel better! 

There are some drawbacks, with this software it is not easy to virus scan, but I have since built my own service that integrates with Mercury32 and scans emails and also does a look up on any URLs in the email to also identify SPAM.  There is another email server called hMail (http://www.hmailserver.com/) which is open source and free and probably easier to setup, Mercury32 can be found here http://www.pmail.com/

Pages: 1 ... 14 15 [16] 17 18 ... 20
  Print  
 
Jump to: