Home   Help Search Groups Login Register  
You are not logged in. To get the full experience of these forums, we recommend you log in or register
Plusnet Usergroup » All Users - The Open Forum » Plusnet Network and Technical Issues » Spam being recieved on Private e-mail addy
Pages: 1 ... 16 17 [18] 19 20
  Print  
Author Topic: Spam being recieved on Private e-mail addy  (Read 162560 times)
mikeb

Posts: 657


« Reply #255 on: May 23, 2007, 02:39:34 pm »

I very much get the impression that the handling of this incident in general is primarily being driven by two things:

1) Users that habitually use webmail/IMAP who want access to all of their previous data and those who don't want to see anything that might possibly be spam etc. but who don't understand the possible consequences of making such demands or give a positive reaction to PNs plans without fully understanding (or being told about) any potential downside. 

2) PN wanting to publicly demonstrate that they have the spam situation and webmail 'under control' and users are not having significant problems with the amount of spam now being received ... not to mention reducing the stress on the servers of course.

It's all well and good importing historic webmail data for those who need or want to continue using it but it is a significant risk for all those who don't !  Similarly, users complaining very loudly about PN stopping the spam completely is all well and good but such users do not seem to understand in the slightest that it simply isn't realistically possible to achieve.  PN making the filtering more aggressive may reduce the spam but will also increase the risk of losing genuine messages. There is NO stopping it now and the problem can only get worse not better as the details are passed around to be used by more spammers and subsequently modified to target other common or random addresses and used as the 'from' address in future spam.  The ONLY true solution is to change email addresses and/or username/domain completely so that any mail sent to any compromised addresses can be blackholed immediately on receipt. Any detection/filtering employed, no matter how good or accurate it might be, can only limit the problem in the medium term as it will always be at least one step behind the spammers and as the volume increases the success of any detection/filtering will 'appear' to get worse.

I do hope that the full report due today will make a big point of explaining that the problem CANNOT be truly resolved other than by changing addresses and/or username/domain.  It is completely unreasonable to suggest that spam detection and filtering etc. is in any way a realistic solution for those who don't want to receive any spam of any form. It is also unreasonable for PN to be too aggressive in detection/filtering in an attempt to placate those users complaining loudly that they are still receiving spam and PN should be stopping all of it.

The way I see it is that no matter how aggressive the spam detection and filtering becomes, it's always going to be a losing battle long term.  Spam is and will continue to be a significant and ever increasing problem to all those who had their addresses compromised no matter what ... but with the added potential problems of losing genuine mail (at worst) or having it tagged as spam (at best).  One man's spam is another man's Sunday roast and all that ! It would appear that many users simply do not understand this at all and believe that someone can somehow flick some switch to turn their spam off. They are sadly misinformed and will be somewhat disappointed IMHO !  So here's hoping the full report will be 'open and honest' in this respect and not try to hide the fact that there is NO magic solution to the problem now (other than dumping all compromised addresses, usernames or domains) and all that spam detection and filtering can possibly achieve is a certain and unspecified amount of damage limitation ... but with some  risks attached.

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
jelv1

Posts: 2130

« Reply #256 on: May 23, 2007, 03:34:46 pm »

When are we going to see any announcements on the steps Plusnet are taking to improve the accuracy of the spam filters?

I have a number of email addresses which were getting no emails (spam or otherwise) prior to 12th May which are now being spammed. I have set up a specific mailbox with aliases for these addresses and can therefore accurately monitor the numbers being tagged. At present around 25% of spams are not tagged - and that is in spite of many having subjects including "wondercum". What I am seeing in this mailbox reflects the accuracy I am seeing on my proper mailboxes.

Whilst the spam filter is performing as badly as this, the changes being made to move the tagged spam in to a SPAM folder is as much use a chocolate fire-guard. We will still be seeing very high volumes of offensive spam in our normal mailboxes.

jelv
adh2020

Posts: 3

« Reply #257 on: May 23, 2007, 03:56:27 pm »

It so very very annoying. PN stating that the spam is like any other spam and filtering etc is the answer are missing the point.
We are talking about people who have gone out of the way to keep clean email address' by whatever means now being bombarded by rubbish through a PN fault. SPAM filtering isn't the answer for these people, as MikeB says, the ONLY way is to change address and remove the old mail box which potentially has other implications. This error is going to cost me time and money to rectify and it's all down to PN's error.

I'd like to see financial compensation to be honest, sorry just doesn't cut the mustard with me. I sincerely hope this one hits them where it hurts, although with BT's aquisition I doubt it.
mikeb

Posts: 657


« Reply #258 on: May 23, 2007, 09:26:03 pm »

It so very very annoying ... [snip]...

I'd like to see financial compensation to be honest, sorry just doesn't cut the mustard with me. I sincerely hope this one hits them where it hurts, although with BT's aquisition I doubt it.

Understatement of the century ... but mentioning the 'C' word, esp in a first post, is quite probably going to get all your subsequent posts totally ignored accidentally missed by PN even faster than mine were !   grin  tongue evil

Anyway, all this talk of postmaster@, Contact_Name@ and User_Name@ addresses on another thread has just made look up precisely what is set up in my two accounts via the appropriate portal.  What is most interesting (in an angry, well p*$$ed off, someone's not being entirely honest with me kinda way) is the subtle differences between the two accounts regarding the set up, the addresses actually being used and those which were compromised:

Ye olde F9 A/C: User_Name@ and postmaster@ have been compromised, neither of which would ever have been used directly by me of course. User_name@ is the PN default catch-all and postmaster@ is set as my 'contact' address.  No other spam has yet been received on any other address or mbox using an anything@My_Account.force9.co.uk form of the address. 

However, plenty of spam various is received (and has been for a long time now) on the original anything@My_Account.force9.net form of the address.  This also started very suddenly and quite a while after I actually stopped using that form of the address on PN's advice that it would cease to be supported shortly.  How strange to tell all customers that they MUST change the addresses they had been using for absolutely ages from ...force9.net to ...force9.co.uk with immediate effect because the original ones were going to be withdrawn only for them to suddenly start getting spammed silly not long after.  Needless to say I have a curiously strange feeling of deja vu about the recent breach.

Ye (likely_to_be_olde_real_soon) PN A/C: User_Name@ and My_Name@ and My_Mbox@ have been compromised. User_Name@ is the PN catch-all again, My_Name@ happens to be set as my 'contact' address and My_Mbox@ could possibly have been checked by just logging into webmail when it was first set up ages ago.   No spam has yet been received on any other address or mbox using an anything@My_Account.plus.com address.

So, whilst this is highly likely to be a webmail issue and not much else as has been suggested by PN, it also appears that Contact_Name@ and User_Name@ addresses would have been compromised even if you hadn't ever used webmail on someone else's account never mind not on your own !  All these comments suggesting you simply MUST have used webmail or have received something from someone else via webmail and so on in order for your addresses to be compromised is beginning to look rather like a bit of a smoke screen to me.

Is everyone else seeing Contact_Name@ and User_Name@ definitely being compromised along with any others that have actually been used via webmail in one way or another ?

I await the full report with much excitement (although I don't expect it to be particularly revealing or detailed for that matter) but whilst noting that Wednesday 23rd May doesn't end until 23:59:59 tonight I'm not sure that I will bother looking for it until tomorrow or maybe on 'bad news' Friday TBH.  I mean it doesn't seem likely to appear today now and anything likely to generate a backlash generally seems to get released late on a Friday so there is conveniently a whole weekend for the fuss to die down a bit before those responsible return to PN Towers on the Monday Wink
« Last Edit: May 23, 2007, 09:38:25 pm by mikeb »

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
lmartin

Posts: 1404


Comms Team

« Reply #259 on: May 23, 2007, 11:03:49 pm »

If they implemented Tam's honeypot/blacklist suggestion the majority of these messages wouldn't be tagged, they'd be binned.

We are doing this, just not as harshly as blacklisting altogether.  We're monitoring some honeypot addresses that we have identified from our own accounts and then we're automatically trained dspam with the contents every day, with a higher weighting.  This has started yesterday so we'll see if it is effective in the next few days.

Liam Martin
PlusNet Comms Team
jelv1

Posts: 2130

« Reply #260 on: May 23, 2007, 11:14:38 pm »

Give me one good reason why you should not totally blacklist the IPs?

jelv
mikeb

Posts: 657


« Reply #261 on: May 24, 2007, 12:36:34 am »

Oooo looky see what's just dropped into a USENET folder near me  smiley

clicky here for webmail incident report

A bit of light bedtime reading .... or maybe not ...

--
WARNING: The e-mail address on my profile is not my usual address, all messages sent via this site have been redirected elsewhere for test purposes. This could result in messages not being received in a timely manner or potentially not being received at all.
jelv1

Posts: 2130

« Reply #262 on: May 24, 2007, 08:26:51 am »

I can see one thing that is going to cause a lot of confusion today!

When you go in to webmail it doesn't immediately display the spam folder (unless you already had one). You have to go in to folders and subscribe.

jelv
jelv1

Posts: 2130

« Reply #263 on: May 24, 2007, 09:47:48 am »

... and looking on the portal forums that has already started.

It doesn't help that the advice being given by Comms reps is incomplete and only talks about selecting the mark and move option without telling people about the need to subscribe.

jelv
Oldjim

Posts: 1016

« Reply #264 on: May 24, 2007, 10:10:19 am »

Just hit a very odd problem.
One of my mailboxes doesn't have the option to subscribe to the spam folder it states
Quote
Unsubscribe/Subscribe
No folders were found to unsubscribe from!   No folders were found to subscribe to!
Is this because this is the one email account which wasn't compromised
jelv1

Posts: 2130

« Reply #265 on: May 24, 2007, 10:21:23 am »

From what I've seen posted elsewhere, I think the folder will be created when the first tagged spam hits the mailbox.

jelv
simonflood

Posts: 88

« Reply #266 on: May 24, 2007, 10:24:16 am »

When are we going to see any announcements on the steps Plusnet are taking to improve the accuracy of the spam filters?

I have a number of email addresses which were getting no emails (spam or otherwise) prior to 12th May which are now being spammed. I have set up a specific mailbox with aliases for these addresses and can therefore accurately monitor the numbers being tagged. At present around 25% of spams are not tagged - and that is in spite of many having subjects including "wondercum". What I am seeing in this mailbox reflects the accuracy I am seeing on my proper mailboxes.

Whilst the spam filter is performing as badly as this, the changes being made to move the tagged spam in to a SPAM folder is as much use a chocolate fire-guard. We will still be seeing very high volumes of offensive spam in our normal mailboxes.

I own my own domain name for which I have set up an e-mail "alias" that forwards to 3 e-mail accounts - a PlusNet mailbox, Google Mail, and my work account (so I don't lose my e-mail, thanks PlusNet!).

All the e-mail that PlusNet doesn't tag as [-SPAM-] both Google Mail and my work account do so why can't PlusNet's systems identify it as spam?  I also don't have to train either Google Mail or my work system to recognise spam messages.

At work we use SpamAssassin and DNS blacklists whilst Google Mail uses some unknown system.

Simon
dgdclynx
Guest
« Reply #267 on: May 24, 2007, 10:58:48 am »

I just went to my Webmail account for the first time since 7 this morning and found that my Spam folder had been created with spam in it to delete.
godsell4

Posts: 397

« Reply #268 on: May 24, 2007, 11:27:41 am »


Um, it takes 3 or 4 well placed clicks to get access to the Spam folder, were are the clear instructions from PN to explain to the great unwashed non-savvy users how to do this?

Sad

SW.

BBYW1/10GB
adh2020

Posts: 3

« Reply #269 on: May 24, 2007, 12:10:46 pm »

Compensation, compensation, compensation.

There I've used the c word three times in my second post. I don't understand what makes PN / ISP's abe to operate different rules to any other business.
My business provides a service to our customers. If we don't do that well or make mistakes or miss deadlines etc then our customers either don't pay or pay less. Why customers are expected to pay irrespective of the level of service ie lost data, down time, leaked email addresses etc is a mystery to me.

ISP's should be next on the list for unfair codes of practice and unrealistic charges respective to quality of service received. The banking industry has had it's fair share of scrutiny. I vote ISP's next please.
Pages: 1 ... 16 17 [18] 19 20
  Print  
 
Jump to: