Apart from Plusnet's apparent confidence in the fact that their core systems haven't been compromised, last mentioned in their last response reply #287 and the fact that their 3rd parties have carried out investigations, it's still pretty obvious that the email addresses were leaked or hacked somewhere.
Plusnet have still NOT answered this question -

Quote from: Anotherone

............ - Have Plusnet contacted the Registrars of the domain used for the spam to advise them of the issue and with a view to tracking down the offenders sending the Spam? Have Plusnet contacted any other Global Anti-Spam agencies to enable potential tracking of the offenders sending the Spam?

It's now 2 months since the start of this thread. It hardly inspires much confidence in Plusnet taking SPAM issues seriously if when major SPAM events occur they do not contact Domain Registrars or Anti-Spam Agencies so that potential offenders can be located and stopped by the relevant authorities.

Quote from: kmilburn

I see the odd email dropping into my equivalent accout (few and far between),  there's probably a lot more being sent to it but I have Plusnets spam filter turned on. Plusnet were the only one to ever have that address as I'd never used that form of it anywhere else. So in my instance, it was definately the 2007 hack which got that address into the wild.

I have never had spam to this account. Ever.  Now I've had two in as many weeks.  Not a lot I know, but highly unusual for an address that is not used for incoming mail.
I've never configured the spam filter.  I've just looked now and it says "enabled" but there are no ticks in the domain so I guess it isn't applying.
The spam mail is being sent to "username@mydomain", whereas my billing updates are sent to "postmaster". 

Yes James, they are all with the S Delsea Drive footer.  From memory there are lots of clearly falsified sending domains, as I just filter them out without reading them using the Delsea footer as a marker and then permanently delete them from my domain host's POP inbox I can't give you any examples at the moment but if it is of interest will collect a few over the next few days and then post them on here.
As a matter of sensible housekeeping I would never click on any links in the junk e-mails so cannot comment as to whether any 'unsubscribe' links work.

Quote from: lorisarvendu

I've never configured the spam filter.  I've just looked now and it says "enabled" but there are no ticks in the domain so I guess it isn't applying.

The two tick boxes beneath the domain name only apply when you make changes and 'update setings',  the various settings below them indicate how the domain is setup,  if 'Should spam filtering be enabled' is currently Yes,  then spam filtering is enabled on the domain.

Hi again,
I’m sorry to see that some of your are continuing to see SPAM sent to you, please be assured that we haven’t been ignoring this thread, however there isn’t anything we are able to add that we didn’t say in our previous post.
You can find that post here: http://community.plus.net/forum/index.php/topic,133959.msg1182640.html#msg1182640

Three received overnight and deleted so no further info.
One received so far today from: "news@ _ninetyeightbeneficialoffernews.com"

To Chris Parr of Plusnet
Sorry, I find your post this morning apparently just shrugging your shoulders at our concerns to be somewhat inadequate.  Clearly somewhere along the line our e-mail addresses have been compromised from Plusnet records.
It would therefore seem reasonable for Plusnet to in the first instance answer  the questions posed earlier by 'Anotherone' ie
a) "Have Plusnet contacted the Registrars of the domain used for the spam to advise them of the issue and with a view to tracking down the offenders sending the Spam?"
b) "Have Plusnet contacted any other Global Anti-Spam agencies to enable potential tracking of the offenders sending the Spam?"

So in summary:
- Plusnets investigation is at an end and you have found no evidence to suggest your systems, staff or 3rd party suppliers (including offshore) were responsible
- You have reviewed the various evidence offered by users on this forum (including that of unique email addresses, unused for other purposes, and hosted on servers unconnected with you or each other) and concluded it is circumstantial and can be safely discounted with respect to pointing to plusnet as the source of the breach
and/or...
- You have reviewed the user supplied evidence and conclusions drawn and have reached a different set of conclusions entirely to those prevailing, presumably at some level involving multiple of our PCs or mailservers being breached.
- You are not, at any level, in any way, going to hold your corporate hand up and admit you are likely to be the source, on the basis that if it quacks and flies south for the winter, its probably a duck. And definitely no apology.

From my own point of view, it seems that in reaching your concluding statement you have paid studious attention to what you've been doing internally, and not a jot to anything thats been said or offered here. There is, I'll grant, a lot of supposition, but there are also a good number of hard facts that are beyond coincidence - those unique email addresses on external domains and hosted on separate servers are hard to explain in any other way than if plusnet was the source of the breach. I would at least appreciate an alternative theory for those.
I've no doubt the ICO will concur with whatever you report to them, and that will be the end of it. If that's the case, the only conclusion I can come to personally is that the security and regulation of customer data in this country is totally inadequate.

Just had an e-mail to "webmaster@<freenetname domain>" (or madasafish now) - though, as is my habit, it was deleted immediately after saving as .txt file and opening in a text editor for checking*. Obviously a way to get a "valid" (semi-obligatory) address
Phil
* one reason I used Pegasus Mail when I used MS Windows  - it could be easily set to open attachments (.doc/.exe etc) with a text editor instead of the application

Over night junk received from (allegedly):
tangnewstime.com
mightynewsbird.com
flytothenews.com
findthenewsinthehaystack.com
newstothechopper.com.
eightagreeableukoffernews.com
ninetyfivefutureukoffers.com
As Plusnet continues to just shrug its proverbial shoulders then I suggest the time has come for our problems to be given wider circulation.

Hi PeeGee, and good afternoon everyone
Spammers will always try the RFC required email addresses on all domains (info@, webmaster@, etc.). The particular emails we are concentrating on here are very specifically being delivered to the email addresses we have used on the PlusNet Billing system (where a large percentage of us have used a service identifying email address, hence being able to prove where the leak has occurred) and have all been sent from domain names that are registered by, "Gamer SEO."
So far all of these emails, from the Gamer SEO registered domains, have the same footer:

Quote

To stop all future communications from this sender, please go here You may also write to us at 237 S Delsea Drive #302 Vineland, NJ 08360

and they are all (I assume still?) using the email address that they are sending to, in brackets, as the first part of the subject header.
Despite Anotherone stating in post #119 that

Quote

It's not uncommon for SPAM to have the email address in the subject line.

This is not something I have ever seen (although, as you can see, I protect myself from getting spam in the first place, so I cannot give a great amount of evidence to corroborate the validity, or otherwise, of that statement).
Here are the details of the domain name registration details:
_{GAMER SEO
237 SOUTH DELSEA DRIVE
SUITE 302
VINELAND
NJ
08360
US
Phone: +1.8009692587}

Worth noting that the postal address is for The UPS Store, and the phone number is for the Lake Geneva Area Convention & Visitors Bureau, but the point here isn't those details, but instead that they are consistent among all the domain names. Also, it's annoying that Nominet haven't stepped in to give us more information, given that some of these domains are allocated by them, and they are using false contact details.
I think these are all, or certainly mostly, registered through namecheap.com, who are clearly a fairly careless registrar, and should be avoided at all costs. You'd like to think that PlusNet in conjunction with the ICO, would be in contact with namecheap.com to get a record of the IP addresses used to register those domain names. But of course, why would they bother doing something logical like that, far better to spend the time not answering the simple questions that have been asked.
My partner was reading some of the posts over my shoulder last night, and she suddenly piped up with, "Chris did it! Look he's trying to cover it up!" Which made me laugh between scowling at the screen in frustration.
Looking at the evidence here, we think the email addresses have leaked from one of the following sources:

• Third party (trusted by PlusNet, no permission sought from us) email marketing company used, possibly as part of the BT take over, and their promotion of BT AntiVirus (?) some time in 2013 (August?), despite a large number of us stating that we did no want marketing information.


• Support ticket system (which uses that same email address) compromised in some way (see posts on pages 19 and 20 in particular)

_{I've discounted the email scanning, as that's PlusNet systems only.}
Now, is someone from PlusNet actually going to answer the questions we've asked? I'll reiterate them if you're too lazy to go through the thread and find them yourselves
James

I'll correct any of those question mark items with an edit, if someone can PM me the correct details; sadly I deleted the one in question. Same goes for any other potential sources we haven't ruled out.

http://www.bbc.co.uk/programmes/b04yg8f1
From 50 minutes onwards. The preceding story about O2 is a lot worse!

Is it possible that somebody somewhere has simply got hold of a list of all PN's subdomains (e.g. username.f9.co.uk) and sent mail to all of them? 
Since PN by default uses username@username.domain as the primary billing address doesn't that mean that with a list all PN subdomains you automatically get a list of all PN users' billing mail addresses, without having to access the billing information or any sensitive areas?

Quote from: lorisarvendu

Is it possible that somebody somewhere has simply got hold of a list of all PN's subdomains (e.g. username.f9.co.uk) and sent mail to all of them?

No. That is not what has happened. Sorry, but you need to read the thread.