@Batphone 

In #44 you wrote:

“I wasn't aware of that. I have not received any notification yet. However the GreenBy website seems to confirm this with the FAQ stating that we will get notified once our account has been migrated”.

It’s been in hand for several months e.g. see Fixed: Plusnet email moving to Greenby - Plusnet Community.

One of the Greenby FAQ answers says “You’ll receive notice 60 and 30 days before the migration”. I don’t think any standard Plusnet users have received the 60 day notification yet.

Another FAQ answer says “Your Plusnet email address will remain the same and continue to function as it did before”. As the present service is virtually unusable, that is somewhat worrying!

See, for example, From address doesn't meet the authentication requi... - Plusnet Community in case you don’t know what I mean but I would have thought that all Plusnet users must be having the same miserable experience of sent emails being rejected by recipients’ providers.

And yes, I've received a few 'Boots' survey emails too.

Thank you for explaining that so well 🙂

Spoofing can happen to anyone at any time and as you say, 

It would seem that someone has managed to obtain a list of e-mail addresses hosted by PlusNET somehow and is exploiting them to send SPAM with malicious links

As such, the way i understand it is that Plusnet can't do anything much (if anything at all) to stop this happening to us.

Ive had over 1000 since 17:00 yesterday, the last one being at 03:00 this morning - so either the spammers or in bed or may have moved on to someone else 😉

I've now had my email address blacklisted (as I discovered when trying to forward some of these to abuse@plus.net)

Ive opened a case with Plusnet and will have to go through the support process to change my email password while they remove me from the blacklist and then send me a link to restore my password.

Im not sure if that removes me from all blacklists or not - that's beyond my area of knowledge.

I also ASSUME that if the spoofs continue, I may get blacklisted again and have to repeat the process 🤷‍♂️🤷‍♂️🤷‍♂️

The emails I've had all share the following subjects or body text

Undeliverable: 9/28/2025 2:34:03 a.m. Share Your Feedback & Receive a Free Gift from Boots (@bootsUK)Your opinion matters—claim your thank-you gift!

Mail delivery failed: returning message to sender

Reason: A message that you sent to the following recipient could not be delivered due to a permanent error. ** The remote server ?? responded with: xxx@hotmail.co.uk This message was created automatically by mail delivery software on the server .

Fortunately, I have alternative email addresses I can send from.

Unfortunately, trying to filter your way through hundreds of emails on an iPhone so that you don't miss anything important is a real PITB! You can't create rules for the native email client in iOS.

I have long been planning to move all of my emails away from Plusnet, and this will accelerate the process. NOT because I blame Plusnet for any of this, but because I can then move to EE and take advantage (I have EE Mobile) of their WiFi hotspots and unlimited data 🙂

The agent I spoke to at Plusnet regarding my blacklisting suggested that Greenby, as a dedicated email provider might be able to resolve blacklisting issues over the phone, but I don't know if that is true or not (he wasn't very polite about Plusnets email service) 😉

I migrated to Plusnet when the company first started and I have to say tha

I was trying (above)  to reply to @Batphone but keep getting a 403 forbidden error ?

I wanted to add I migrated to Plusnet when the company first started and I have to say that Ive NEVER had email problems before with them 👏

@purkle 

You can change the password yourself - see this standard guide...

Reset email password

It is VERY unlikely that your email account has been compromised, so changing your password (always a good belt and braces move) is probably not going to help you.  It is possible to send an email as being from ANY email address if you know how.  SPF is a vector to inhibit such spoofing, but if one has access to a compromised Plusnet account (or several) then any email appearing to come from *.plus.com sent through Plusnet's server WILL PASS SPF.  Thus the claims made elsewhere about the effectiveness of SPF ((or not) are NOT RELEVANT in this scenario.

The two cases forwarded to me show that they were submitted from a Plusnet IP address, suggesting that numerous users are running malware - not everyone takes protection of the computing devices seriously enough ... at which point we all suffer.

Unfortunately finding Plusnet email addresses to abuse is not as difficult as one might think, there will be 1000s of them out there on the dark web as might be discovered here - Have I Been Pwned: Check if your email address has been exposed in a data breach - pop your own email address(es) therein and find out all of the third parties who are known to have leaked your email address over the years.

@James_B are you still looking for more cases of this issue - looks as though @purkle has a lot of them.

HI @Townman 🙂

I honestly don't have any concerns about my account security, as none of these emails have come from either my webmail or Outlook client 🙂

It's a simple case of spoofing, which can probably happen to anyone, regardless of ISP or email provider 

I certainly don't blame Plusnet - they are as much victims as we are 🙂

I checked to see if I had been Pwned yesterday and all is well. 

I doubt (but hope otherwise) that Plusnet can do much about this, although I wouldn't expect them to come right out and say so 😉 

FOR NOW, the emails have stopped coming for me, but that may be because they may be emanating from a different time zone (HUGE GUESS) although they may be automated, which shouldn't be affected by that.

I plan to slowly move my email reliance from Plusnet to either Outlook or Gmail - not because of this (Ive had NO other issues with plusnet and have been with them since the start) but because of EE giving users free WiFi hotspots and unlimited data - my mobile moved from Plusnet to EE so it makes sense for me. Moving is a HUGE task for me, and Ive been avoiding it until now... gone are the days when you could migrate between Plusnet/BT/EE 😞 

It’s a shame these messages can’t be intercepted and obliterated at Webmail level….

Using MS Outlook and an IMAP configuration, perhaps the Outlook rules could be a possible method.

Agreed and that would work if everyone was using one of the versions of Outlook. But, there seems to be endless amount of client software using either Imap or Pop3. It would be simpler to be able to add a rule in Webmail  with one instruction to cover all users : "This is what you need to do & this is how to do it."

---

@Champnet wrote:

It’s a shame these messages can’t be intercepted and obliterated at Webmail level….

---

That is certainly a potential spot measure - get the AV / Anti-spam platform to treat this episode as spam.  That might have an impact on the promulgation of the payload out from Plusnet and distribution within, but it will not deal with the NDR backscatter.  Nor will it deal with the next campaign which will have an entirely different finger print.

SPF has its merits, up to a point - unfortunately it is a receiver's choice to verify it and then chose to act.  It answers the inbound question "Was that MTA permitted to send for that sender?", after it is received.  A far more useful implementation would have been a model which asks the outbound question "Am 'I' permitted to send on behalf of this sender?" before sending it.

That would have done exactly what you suggest - eliminate SPAM at source, thereby avoiding transmission entirely - no parasite pay loads on mail services and much reduced back scatter.

I did a quick Google search and found nothing hinting at this an anti-spam measure ... I wonder why no one has thought about it!

---

@PhilipHeyes wrote:

Using MS Outlook and an IMAP configuration, perhaps the Outlook rules could be a possible method.

---

Entirely the wrong place to deal with the issue across the piece, but such could deal with an individual's blight.

What needs to happen (but it is hard) is to identify the rouge operators and close them down.

Townman, I have given you one like for being such a grumpy old darling !

And you Phillip, get two likes for good humour!

---

@purkle wrote:

I was trying (above)  to reply to @Batphone but keep getting a 403 forbidden error ?

I wanted to add I migrated to Plusnet when the company first started and I have to say that Ive NEVER had email problems before with them 👏

---

I have not had any problems before with them either. Overall the service has been reliable.

I have another "Boots Survey" email this morning, again not marked as [-SPAM-] and delivered when the sender's IP is not matching the _SPF IP lists for Plusnet emails in the format <name>@<account>.plus.com

Received: from avasout-peh-002.plus.net ([84.93.223.46])           ( IP is not on the PN  _SPF lists. )

84.93.223.46 is returned as 84.93.223.46.bizsurf.pth-ag2.dyn.plus.net
this does not have any _SPF records so is not a genuine outbound email server.

Plusnet's SMTP server avasout-peh-002.plus.net has an IP of  212.159.14.18  hence forged & not sent via relay.plus.net.

This scenario of an unexpected sender's IP is what SPF is intended to catch.