cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet Signup Emnail Abuse

N/A

Plusnet Signup Emnail Abuse

We all hate SPAM and I applaud Plusnet's recent changes, I had a look at the webmail spam folder to see if it had any false positives.

I was surprised to find that some of the spam is being addressed to:

plussignup@mydomain.plus.com

As this is used by Plusnet for important communications can we perhaps have the option to put in our own bespoke address for valid communications from Plusnet.

I use loads of bespoke email addresses some for collection and some for redirection to the black hole. I was interested to see that a bespoke email I used for Ryanair had been used by a spammer.
5 REPLIES
N/A

Plusnet Signup Emnail Abuse

Quote
I use loads of bespoke email addresses some for collection and some for redirection to the black hole. I was interested to see that a bespoke email I used for Ryanair had been used by a spammer.


I think you'll find all of the 'bespoke email addresses' that you use may have been harvested by spammers - see THIS report. Therefore, I would be fairly confident that Ryanair are not selling email addresses to spammers.
N/A

Plusnet Signup Emnail Abuse

That is shocking after losing 700+gb of customer mail.

However, I have hardly ever used webmail and certainly never used their online address books etc.

I have long said that the guest access to these forums is a huge security risk.
Community Veteran
Posts: 26,447
Thanks: 691
Fixes: 8
Registered: 10-04-2007

Plusnet Signup Emnail Abuse

It wasn't just the address book. If you once sent an email to ryanair using webmail that would be sufficient (not sure about if you viewed an email from ryanair using webmail).
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
br1anstorm
Grafter
Posts: 113
Registered: 24-06-2007

Plusnet Signup Emnail Abuse

I don't think guest access to forums was the main loophole or cause of the problem.

The attack found vulnerabilities in PN's webmail setup. Those who used PN webmail, and had online address books there, suffered badly.

But PN's own practices exacerbated the problem. I have never used PN webmail; I have no addressbook on PN's site; and I had only two PN mailbox addresses - the username one which PN created, and my own name. These were only ever used by PN to communicate with me (I have other arrangements for the rest of my mail and contacts). But because PN foolishly stored, or transferred, the addresses of clients like me on to their webmail servers, they got harvested and I too got hit by the spam deluge.

Rather a careless own goal by PlusNet. Once bitten, twice shy - there's no way I'm going to ever go near PlusNet's webmail portal, even though they have overhauled it.

Trust is hard to gain and easy to lose. PlusNet has a lot to do to recover its credibility. I'm waiting now for the new username option...

holmside33
N/A

Plusnet Signup Emnail Abuse

I had practically all my mail accounts harvested and I never used the webmail system. Many others are in the same situation:

See http://www.plus.net/support/security/spam/spam_problem.shtml

Quote
This list of email addresses obtained from our Webmail database included accounts that customers have used to login to Webmail. In addition, email addresses contained in customers' online address books, and addresses customers have sent mail to or received mail from using Webmail were released. It is therefore possible that your email address may have existed in the Webmail database even if you had not used the Webmail service yourself.

Additionally, when we first implemented @mail, we moved existing customers' email addresses from our old system into the new Webmail. This effectively meant that all addresses we had stored for customers at that time would have been in the Webmail database.

This explains why some ex-customers may also be affected by this.
My addresses were only compromised because PlusNet moved the existing customer addresses to the new Webmail.

The horse has bolted, the email addresses have been harvested and so any thing done now (by PlusNet or its customers) is not going to solve the situation completely for all those affected.