Thanks Baldrick1. I did edit the links to make them unreachable, but substituting <redacted> is probably even better and safer.

I have JUST spoken to Plusnet about the:

 "Mail delivery failed: returning message to senderMail delivery failed: returning message to sender" messages.

Plusnet is aware of this, and there is no known risk to your account security as far as they can see.

AS LONG AS - there are no emails in your webmail or client (Outlook for instance) SENT items box that were not created by you.

The difference is that IF there are items in your own private sent items box then that would indicate a likely security breach of your system.

So far NO ONE has reported that happening and so your accounts are safe.

It's VERY annoying but they are working to resolve it ASAP

They hope to have the problems resolved soon 🙂

@purkle  This issue  has been reported with supporting evidence by people  on here who understand the email protocols, and has been under investigation for a couple of days - from my experience (so far) today, it looks like the guilty party/parties have been silenced.

I had over 200 of them 2 hours ago, so it would still appear to be ongoing  🙂

Hence my call to Plusnet Tech Support and me relaying their specific advice here 🙂

Perhaps if you'd asked if I had been affected, then your terse response, 'people on here who understand the email protocols', may not have been necessary 😉

Thanks for your welcoming response!

Afraid not.  The forged spam senders continue in the recent days and forged emails
are being delivered to Plusnet email accounts too.

I was quite shocked at the utter incompetence of allowing an SMTP with a 192.168.xxx.xxx LAN address
to send emails to us and for the them to be delivered not marked as [-SPAM-]

What is the point of SPF (Sender Policy Framework) ... if you fail to apply it.

Plusnet may as well operate and open relay for all the good _SPF is doing for us.

Sorry you took it that way, @purkle - it was not intended o be offensive, but I was merely pointing out that it is being investigated at a high level. First-line support will only tell you what they have been told.

---

@PhilipHeyes wrote:

Afraid not.  The forged spam senders continue in the recent days and forged emails
are being delivered to Plusnet email accounts too.

I was quite shocked at the utter incompetence of allowing an SMTP with a 192.168.xxx.xxx LAN address
to send emails to us and for the them to be delivered not marked as [-SPAM-]

What is the point of SPF (Sender Policy Framework) ... if you fail to apply it.

Plusnet may as well operate and open relay for all the good _SPF is doing for us.

---

I know they are, as I have had a couple - yesterday and the previous day, but none so far today.

Thank you for your appology 🙂 I provide support in numerous technical forums and always consider my words carefully. Member retention can be compromised by inappropriate responses.

For anyone to have come here in the first place shows a certain level of investment in the community that should not in any way be discouraged 🙂

Thank you 🙏

I have now had 621 'mail delivery failed' in the last 2 hours.

Ive also had some VERY angry and ABUSIVE replies from those who think I actually sent the emails to them 😞

Sorry about that, @purkle . Fortunately, I've only received the actual spam, but I understand your frustration/anger.

It would seem that someone has managed to obtain a list of e-mail addresses hosted by PlusNET somehow and is exploiting them to send SPAM with malicious links. The e-mails appear to be being sent from compromised servers other than PlusNET, but by substituting the actual source address with the obtained PlusNET addresses (known a s spoofing), it has been made to appear to the target that the message came from a PlusNET account, when, in fact, it did not. Unfortunately, any messages that "bounce" or any replies returned will come back to the plus.net address in the reply-to field, so we, PlusNET e-mail account holders, rather than the spammer, end up getting the SPAM as well as delivery failed messages from non-existent target addresses. Meanwhile, the spammer collects personal details and data from anyone inattentive or foolish enough to click the links in the body of the message via a fake web server.

Of course, the recipient will often assume the e-mail came from the spoofed address that they can see in the From: header, so if they happen to vent their anger, then it ends up being at the perceived sender, who, of course, is totally innocent and unaware (until that point) that someone is misusing their e-mail address.

The frustrating result is the the company, its clients and recipients of the SPAM messages are all inconvenienced, while the spammers continue their nefarious activity. The number of people clicking links in SPAM mail is still quite high (around the 30% mark I believe) making it sufficiently viable for spammers to engage in such activity.

It cannot be emphasised enough that if you receive such an e-mail DO NOT CLICK ON ANY LINKS.

Plusnet have sold an utter turkey of an email platform to GreenBy.

What must GreenBy be thinking ?

I wasn't aware of that. I have not received any notification yet. However the GreenBy website seems to confirm this with the FAQ stating that we will get notified once our account has been migrated. It also states that mailbox size has been increased and that the first two years will be free assuming out broadband contract is still active after which it will cost £15 per year which is token really. Seems they are taking on the management of PlusNET Webspace and domains as well. @PhilipHeyes thank you for letting us know.

I guess this makes business sense from the EE point of view. Grab all the broadband customers and divest themselves of everything else. I guess its only a matter of time before PlusNET broadband will get re-branded to EE and with the exception of the pieces of the business taken over by Greenby which may keep plus.com alive for some time as a historic domain, PlusNET will all but disappear.

Since I have not been notified yet and my account has not yet been migrated, this must be a very recent development. Is the timing of the spam attack just a mere co-incidence then?

@Batphone Are you a Plusnet account holder, or one of the 'legacy' brands? The migration is being done in stages, with the low-volume, really old legacy brands moving first.

As to the timing of this attack, yes - I suspect it is coincidental, but for obvious security reasons, I doubt much will be revealed.