I understand what you're saying BUT we *need* a ticket raising for us to pass through to the correct team. Once the ticket is raised we're more than happy to make sure it's forwarded correctly internally.

Quote from: Anotherone

As helpful as ever. And there was reply #96

Sorry, i don't think that comment is called for. We are trying to help but we need the ticket raising!!

Ticket raised - now lets see what happens

@Chris Parr
Well I'm sorry about that, but it was the curt way in which you responded along with the fact that I'm niggled because I've also hightlighted a question I asked days ago in this thread to which Plusnet still haven't responded - last mentioned at http://community.plus.net/forum/index.php/topic,104609.msg894923.html#msg894923

Quote from: snozboz

However, in the longer term, isn't there something that can be done to improve the Plusnet email system?  I'm not all that knowledgeable about these things, but there are a few ideas on the Plusnet Usergroup Issue Tracker (PUGIT) that seem to offer the potential for the Plusnet email system to more easily prevent spam being sent through Plusnet, which would mean anti-spam services like Trend would trust Plusnet servers more.  For example, Sender Policy Framework ...

Already enabled for Madasafish domains and wouldn't stop spam being sent. It would just result in messages getting refused/spammed at the recipient's side by MTA's that reject/spam mail based on SPF mismatches. Not too dissimilar to how the NHS etc. are rejecting mail now based on Trend's RBL/

Quote from: snozboz

... and Authorised outgoing SMTP email...

We already support SMTP AUTH however you can still send mail without it as long as you're on our network. If we were to make it a requisite then the vast majority of our customer-base would need to reconfigure their email clients and I'm sure you can imagine what sort of disruption/support overhead something like that would entail? FWIW, the new Webmail platform already uses SMTP AUTH when sending messages. Forcing it would be an exercise in futility anyway because if an account gets compromised, the spammers already have the SMTP AUTH credentials for the customer in question.

Quote from: snozboz

... and Encrypted SMTP...

That would only help if accounts were getting compromised by people 'sniffing' customer's usernames/passwords if they're using SMTP AUTH on a public Wi-Fi network or similar. I'm pretty confident this won't be happening in any large scale though (far too much hassle for people to go to). I reckon the majority of accounts get compromised by people replying to/responding to phishing emails.

Quote from: snozboz

... and Changing rDNS to ip.plus.com.

I don't see this helping either. Somebody would have to pull our netblocks from RIPE or similar, rDNS lookup them all for the usernames and then  try brute-forcing the passwords associated with each username. It's possible yes, but I doubt it's contributing in any large scale to the problem at hand. Again, it's too much effort to go to when there's people out there who'll still willingly reply/respond to phishing disclosing their account passwords etc.

Quote from: Robtheplod

I have 16 customers who can no longer email any NHS clients and it's really starting to cause problems......

As Matt's pointed out in a previous post. Most servers have been delisted. There's 8 in total and you've pretty much a 1 in 8 chance of hitting each one when you send a message. If a message gets bounced on the first attempt then try again.

Quote from: purleigh

Aren't the examples of SPAM for the stated IP addresses on the TrendMicro website good enough ? http://www.mail-abuse.com/cgi-bin/show_listing.cgi?5188053

Old examples from last month. You'll notice there's Madasafish and Waitrose accounts in that lot, both of which use SPF (see my comments about SPF up there ^)

Quote from: Anotherone

I know Bob is a very busy person, but someone else from Plusnet could have addressed my query in reply #68 which referred to this Whilst Matt's reply #85 does say that Plusnet now have examples, I still want to know whether the initial information provided by Trend gave Plusnet sufficient detail to look for sources of the SPAM.

Yes, they provide headers etc. as can be seen by the link Purleigh posted. Let's be clear though - We're not talking about a single customer's account that's causing the problem.

Quote from: x47c

.....and I hope at the end compulsorily closing the Plusnet account(s) from whom this is all traced back to.

We've disabled, and continue to disable, any accounts we come across that are spamming. We do monitor our outbound mail queues from day to day and do this anyway as a matter of course.

Quote from: Oldjim

Chris, As I see the same error I suggest you try it yourself. Note that this was from one Plusnet email to another (both mine) and the Internet Header on the bounce is blank This is the bounce Quote Your message did not reach some or all of the intended recipients.      Subject: test      Sent: 24/05/2012 10:01 The following recipient(s) could not be reached:      'Jim' on 24/05/2012 10:01            552 Dl0h1j00D2ZcWc101l0ifA message rejected due to spam or virus. If you believe this is in error please login to your portal or contact your ISP support team.

That's *our* relay servers rejecting the message because the URL in question matches one of Cloudmark's spam fingerprint. So this is us rejecting messages because Cloudmark has identified spam messages containing that URL or originating from an email address associated with the same domain.
So when another company blocks us it's us that gets flak for it, and when we block another company it's us that gets flak for it.
Seems like you can't win when it comes to spam detection
Anyway, I'll have a look at getting the reputation of that URL reset by Cloudmark. It's nothing to do with the Trend situation and discussing it in this thread is likely to start confusing matters.

Thanks for your comprehensive reply Bob, appreciated. With respect to my original query to which you replied

Quote

Yes, they provide headers etc. as can be seen by the link Purleigh posted. Let's be clear though - We're not talking about a single customer's account that's causing the problem.

That's fine, because I was quite prepared to have a go at Trend myself if they hadn't provided sufficient information at the outset.
With regard to the Outgoing Server issue, the original problem was raised in reply #86 which might have been more blacklisting, more detail was given in reply #96 which is how it developed.

Quote from: Bob

Quote from: snozboz ... and Encrypted SMTP... That would only help if accounts were getting compromised by people 'sniffing' customer's usernames/passwords if they're using SMTP AUTH on a public Wi-Fi network or similar. I'm pretty confident this won't be happening in any large scale though (far too much hassle for people to go to). I reckon the majority of accounts get compromised by people replying to/responding to phishing emails.

Is it still the principal that PlustNet are willing to allow (or indeed forcing) any customer using any network other than PlusNet to expose their login credentials to their entire account (not just email) when using IMAP or SMTP, because only a small proportion are at risk.
Given the fact that the Member Center on the Portal and Webmail only use an encrypted protocol (HTTPS) and the forums can do, why can't we have encyption support for IMAP, POP and SMTP?

Quote from: kmilburn

Given the fact that the Member Center on the Portal and Webmail only use an encrypted protocol (HTTPS) and the forums can do, why can't we have encyption support for IMAP, POP and SMTP?

You can. The fact is it's not something that we've invested the money/resource into enabling though. It's not as simple as just switching SSL on for the MTAs we're using. There are hardware implications and other things to consider too. I'm not going to lie to you - The work simply isn't on our roadmap at present.
I'd like to see SSL enabled as much as the next man but our resource is pooled elsewhere at the moment

Quote from: Anotherone

It's this http://www.holbornwhippet.com/ that it doesn't like

This should now be fixed.

Bob, thank you very much for such a comprehensive response.
While I can see that technically those suggestions for improving the Plusnet email system won't, by themselves, solve all the problems such as the Trend one we're currently experiencing, wouldn't implementing the suggestions help to improve the reputation of Plusnet's servers so that services like Trend will be less inclined to blacklist them in such a blanket way?

Quote

s it still the principal that PlustNet are willing to allow (or indeed forcing) any customer using any network other than PlusNet to expose their login credentials to their entire account (not just email)

I believe you can now use the username+mailbox and mailbox password rather than only the main account details. That means you could setup a mailbox with its own password just for authenticating SMTP.

Thanks Bob, http://www.holbornwhippet.com/  fixed.
Edit: Thanks added to ticket and closed.

ditto 

This sounds eerily familiar. Perhaps we should get El Reg on the case too.

Quote

Pipex subscribers struggled to send emails for several days after antivirus biz Trend Micro declared the ISP's network a source of spam.

Pipex 'silence' condemned punters' emails to spam blackhole

Quote from: kmilburn

Is it still the principal that PlustNet are willing to allow (or indeed forcing) any customer using any network other than PlusNet to expose their login credentials to their entire account (not just email) when using IMAP or SMTP, because only a small proportion are at risk.

NO! You can use username+mailbox now (it doesn't have to be the account login).
If you want to be really secure create a new mailbox to give you a login that you will only ever be used when sending emails.
Edit: Reading further on I see MisterW's had the same idea.