Comments on: Webmail Incident Report

By: failmagnet

failmagnet — Mon, 04 May 2009 12:53:11 +0000

OK, its 2 years on (2009). Where are we with the intention to provide "3) SSL encrypted connections for POP3 and IMAP email and FTP"??

By: spencerlyon

spencerlyon — Wed, 18 Jul 2007 14:35:30 +0000

This is totally unaceptable.
Your responses to customers concerns are answered with an attitude that is rude and dissmisive.
You offer no compensation while people are having to spend time sorting a problem that Plusnet created.
I have just tried to contact your Customer Services dept only to be put through to an automated system telling me there is a 20 min wait. You then send me 6 emails to tell me that you would like me to fill in a survey.
I suggest you read your own forum and you will see the level of feeling without the need for a survey!
The situation is now getting worse with more rubbish e-mails each day.
I sent in a request for compensation as a reply to my bill, I have yet to get a responce.

By: PlusNet Comms Team Blog - Blog Archive » Webmail Incident Report - Follow-up

Tue, 10 Jul 2007 18:09:56 +0000

[...] on the webmail incident report, we pledged to provide answers to any remaining queries which the original report didn’t address. [...]

By: Ian Wild

Ian Wild — Thu, 28 Jun 2007 13:52:56 +0000

I'm sorry to hear how you have been affected by this. We are not offering financial compensation, but we certainly don't wish to lose custom and are making ever effort we can to build back confidence in our platform by doing the right things all of the time.

Regards,

Ian

By: mh

mh — Tue, 26 Jun 2007 22:53:39 +0000

This whole episode has been a disaster for me, no thanks to plus.net. An important email address which I had taken very strenuous efforts to keep spam away from is now receiving a continual stream of spam. I wrote to plus.net to ask for financial compensation, and they have refused, and in their haste they even replied by sending me a letter addressed to another customer instead of to myself, which is sadly typical of the overall degree of care they give to their customers these days. There is now no way to undo the spam, only the option of filtering, which carries with it an unacceptably high risk of false positives.

For an independent opinion on the incident, you need look no further than the following article on The Register. It is of course rightfully critical of plus.net.

http://www.theregister.co.uk/2007/05/15/plusnet_spam_attack_may/

By the way, I have "referrals" on my plus.net account because in better times I recommended the service to others. But I certainly have no intention of doing that any more, and when I finally get round to sorting out some things so as to be in a position to migrate to another ISP, I'll do my best to take my with me also those whom I referred to plus.net in the past.

By: Ian Wild

Ian Wild — Tue, 26 Jun 2007 14:09:21 +0000

There was a benefit for most customers, in that we automatically set their from email address for them when they used webmail. We were asked to do this by a number of customers, and it was a replication of how our previous webmail system had worked. At the time the implications never occurred to us, which we obviously regret.

In the future, following the implementation of very strict new data retention policy that we will commit to and follow to the letter, this will be something we would completely avoid.

Ian

By: mimosil

mimosil — Tue, 26 Jun 2007 08:12:13 +0000

I'm a bit confused as to why the contact email addresses provided to plusnet for account management purposes were imported into the webmail system. This seems like unnecessary replication of confidential customer details to potential insecure locations for no benefit.

There was completely no reason for this.

As a result of this action, the email address I gave to plusnet confidentially for communication with plusnet has now been given away to spammers.

Can I suggest in future that in order to keep confidential customer details confidential (as require by the data Protection Act) plus net doesn't mix data stored as part of a customer's confidential account details with data stored as part of the process of operating a customer's account, such as webmail messages and address books.

I guess we should just count ourselves lucky that plus net didn't decide to replicate the credit card details onto the webmail database.

Please in future think about the consequences of unnecessary replication of data, and what it means to keep data confidential or secure.

By: PlusNet Comms Team Blog - Blog Archive » Additional Webmail Features

PlusNet Comms Team Blog - Blog Archive » Additional Webmail Features — Thu, 14 Jun 2007 08:56:27 +0000

[...] These activities are additional features as well as the deliverables in the Webmail Incident Report [...]

By: Community Site News - Blog Archive » Update on Webmail Deliverables

Community Site News - Blog Archive » Update on Webmail Deliverables — Thu, 07 Jun 2007 16:22:03 +0000

[...] information about the changes we are making for our customers, announced in the webmail incident report, are now available. These deliverables [...]

By: Kelly

Kelly — Sat, 02 Jun 2007 21:30:48 +0000

"This seems like a great deal of effort to just propagate a virus and generate nuisance e-mails!"

Not really! I'm sure they sell lists of email addresses for quite a bit, and sell the use of their zombie networks for distributing spam. It's all about the cash.