Sounds good to me! 

Cheers for the update.

If this post resolved your issue please click the 'This fixed my problem' button

Adam Walker  Plusnet Help Team

And it starts again!  At 5:51pm today I received 13 spam return emails, supposedly emails that I had sent.  Exactly the same as I first reported, although looking at the header these ones originated in Tehran.  Since this issue occurred, I have only plusnet email setup on my desktop, and I am using a long complex password that I do not use on any other websites.  Can plusnet please explain how these emails are being sent through their servers?  Or is that not what is happening here?  I've not had any explanation and I am still in the dark about why this happened, and now why it is happening again.  I'm pretty certain there are no viruses on my PC - I've scanned the life out of it, and since the original incident have multiple programs etc running to prevent viruses etc.

I don't think it's too much to ask to have some kind of explanation. 

Sorry to hear this has started again from a different area, Unfortunately it's a never ending battle to keep the spammers at bay. 

Did @adamwalker add a ticket to your account to record his contacts with you? It would be useful to post the number for reference. You can find tickets and service notices by logging into Member Centre and going to https://www.plus.net/wizard/?p=search. Select last 30 days and click Go to see closed tickets in that period.

Hi,

Thanks for the reply.  I've had a look on the that link and can see two related cases:

171243829 - This is the one Adam raised
170972447 - This is the original issue dealing with the bouncebacks

Thanks

---

@mongo wrote:

 

 

I don't think it's too much to ask to have some kind of explanation. 

---

Complex story kept simples...

If you know what to do, it is quite possible for anyone to send an email and make it look like it came from you.  To do this, the villains do not need to be anywhere near your PC or Plusnet account.  They just need to know your email address.

Having spoofed your email address to send emails to 1000s of other acquired email addresses, some email servers will send rejection messages to the APPARENT sender (you) advising that the email address does not exist or rejecting if for a number of other 'protection' reasons.

This results in you receiving 100s of delivery failure messages.

@There are mechanisms available which help to mitigate this activity, for example Sender Policy framework (SPF) which in effect defines which SMTP servers can authentically send emails coming from @domain.name.tld  However Plusnet mail services do not offer SPF functionality (not vendors all do) and its effectiveness is governed by the (original) receiving email service opting to check the SPF validity for the received (spoofed) email.

HTH?

Thanks for the reply.  I guess all I can do is ride this out, and hopefully this will stop for good soon.

@mongo In message #18 you said the new batch of delivery failures were "Exactly the same as I first reported". Please could you post an example to demonstrate that (with your email address obscured)?

Have you received any more of this type since that post?

Yes, sorry, when I said 'exactly the same', I meant the type of message received.  As in rejected spam.  Message details as requested:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

xxxx@xxxx.com
SMTP error from remote mail server after end of data:
host relay.plus.net [212.159.9.107]: 552 4qtjfpiFBy3ji4qtkfkQps message rejected due to spam or virus. If you believe this is in error please login to your portal or contact your ISP support team.
> ------ This is a copy of the message, including all the headers. ------
>
> Return-path: <xxxx@xxxx.plus.com>
> Received: from [212.159.8.109] (helo=avasin01.plus.net)
> by inmx15.plus.net with esmtp (PlusNet MXCore v2.00) id 1f4qtj-00010Q-9J
> for xxxx@xxxxx.com; Sat, 07 Apr 2018 17:41:03 +0100
> Received: from [127.0.0.1] ([94.241.163.183])
> by Plusnet Cloudmark Gateway with ESMTP
> id 4qrzfKmY4BzS64qs2fZUWT; Sat, 07 Apr 2018 17:40:56 +0100
> X-BV-Spam-Flag: Yes
> X-CM-Score: 100.00
> X-CNFS-Analysis: v=2.3 cv=RLmd4bq+ c=1 sm=1 tr=0 p=jBlLVwJOAAAA:8
> p=x-TXIUBNYMIA:10 p=pZYJ5u1oo4IA:10 p=yFFg6qQLYr-fPI8Jg6IA:9
> p=ufUQN1ILgc8A:10 a=EeZUUR7fs3Dw1XWVJ7FGRg==:117
> a=EeZUUR7fs3Dw1XWVJ7FGRg==:17 a=9DvhAHx2yrWFMPxQWpQA:9 a=KXFMLufVAAAA:8
> a=NtmYS9TaDQQNbf4hGLAA:9 a=QEXdDO2ut3YA:10 a=-FEs8UIgK8oA:10
> a=NWVoK91CQyQA:10 a=eypaTzzcAAAA:8 a=Hlxen8aesPq4bhgZ:21 a=_W_S_7VecoQA:10
> a=5CgzxoCIJ4JmZYb3U09x:22 a=adnKyd6sAHpEazVUerM5:22
> From: xxxx@xxxx.plus.com
> To: xxxx@xxxx.com
> Cc: xxxx@xxxx.net, xxxx@xxxx.com, xxxx@xxxx.com,
> xxxx@xxxx.com, xxxx@xxxx.com
> Subject: Hey there!
> Message-ID: <9116F87E.FE7FE72BA74C02F3@xxxx.plus.com>
> X-Priority: 3
> Importance: Normal
> Date: Sat, 7 Apr 2018 18:40:55 +0200
> Content-Type: multipart/alternative;
> boundary="--InfrawareEmailBoundaryDepth1_52595CD8--"
> MIME-Version: 1.0
> X-Mailer: Infraware POLARIS Mobile Mailer v2.5
> X-CMAE-Envelope:

Thanks @mongo. As you said it is the same type as before but from a different locality. I'll escalate this to be picked up by Plusnet staff.

Has the problem continued from IPs in Iran (or elsewhere)?

Hi,

Had some more about 8:15pm tonight, and these look to be from Brazil.

Thanks