Spam to plusnet-specific Email address.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: Spam to plusnet-specific Email address.
Re: Spam to plusnet-specific Email address.
24-11-2014 1:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
24-11-2014 1:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: HolaPussycat
One thing I've spotted, and I consider this a bit naughty, is that if you send a, "join Plus.net," email from the referral page in the Member's Centre, it sends using your (non-plus.net) email address as the sender.
As I've never used that facility I thought I'd test it following your comment, to see if the email was sent directly from the page or whether it opened an actual email which would then presumably show a dropdown to select which email account to send with - it was the former. In my case I have 2 PN email addresses based on my main account details listed so it wasn't a problem for me.
However, the test email received back opened with the line "XXX YYY as asked us to contact you about Plusnet's service." which clearly is not right (probably just a typo, but should be 'has' not 'as').
Re: Spam to plusnet-specific Email address.
24-11-2014 4:55 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I can confirm the spam is being sent to email addresses submitted in the signup process for notifications...
I use a particular format for these email addresses, unique to each client and I am getting the spam specifically to these addresses, ten at a time, as well as my own email.
The addresses are NOT set up as redirects or mailboxes and never have been - I use a prefix and the client name followed by my own domain name so I can receive and identify emails for a given client.
Mine started on the 13th November as far as I can see - and loads of similar blocks of emails since then in the spam.
BTW, if you disable ALL plusnet spam filtering and use "Cloudmark Desktop" with Outlook or other supported desktop clients, they all get caught in any case. The free version of Cloudmark works far better than anything else...
Re: Spam to plusnet-specific Email address.
24-11-2014 8:35 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: RobPN
Quote from: HolaPussycat
One thing I've spotted, and I consider this a bit naughty, is that if you send a, "join Plus.net," email from the referral page in the Member's Centre, it sends using your (non-plus.net) email address as the sender.
As I've never used that facility I thought I'd test it following your comment, to see if the email was sent directly from the page or whether it opened an actual email which would then presumably show a dropdown to select which email account to send with - it was the former. In my case I have 2 PN email addresses based on my main account details listed so it wasn't a problem for me.
However, the test email received back opened with the line "XXX YYY as asked us to contact you about Plusnet's service." which clearly is not right (probably just a typo, but should be 'has' not 'as').
So it does - I'd missed that - "as asked us..."
You're right, I wasn't clear: The recommendation form in the Member Centre automates an email from the Plus.net system which uses your registered account email address, be it Plus.net or otherwise, as the From and Reply-To headers.
James
Re: Spam to plusnet-specific Email address.
25-11-2014 9:43 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote Chris at plusnet: Sorry that we haven't provided a further update as of yet. We are continuing to investigate this internally.
What steps are you taking to investigate this, specifically? Have you been able to rule anything out? It has been 2 weeks - "investigating this internally" isn't enough now, we need to know more; specifically, what was leaked - whether it was just e-mail addresses, or if it included billing information - or at least an update with some details on your progress.
Quote I'm not 'accusing' PN (maybe BT more!) as such, but realistically there is nowhere else that this address could have leaked from.
I'm accusing PN - as others have said, guessing these addresses is virtually impossible, the leak had to come from plusnet.
Quote My Plusnet marketing preferences has always been OPTED IN set to accept email marketing offers from Plusnet.
Mine were all opted out on my current account, so that's probably unrelated.
Quote It still haven't received a single spam email of the type being discussed here on any email address (Plusnet or otherwise).
It seems it's only a partial customer list which has been leaked. Now that I've turned on spam filtering for that address, none are getting through though, so at least that's something.
Re: Spam to plusnet-specific Email address.
25-11-2014 10:12 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
25-11-2014 10:25 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
However I keep ALL (rolling last 2 years worth (approx.25K messages)) of the received SPAM (in a SPAM directory) as doing so improves the accuracy of SPAM detection when using a self learning Bayesian filter.
Re: Spam to plusnet-specific Email address.
25-11-2014 10:31 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Oldjim That is interesting - I haven't received any BUT I have spam filtering turned on
Depends what settings you have JIm, maybe try altering that and see if a) you get them & b) if the actually get recognised as SPAM should you get them.
Re: Spam to plusnet-specific Email address.
25-11-2014 10:36 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have it set to discard obvious spam which explains why I don't get any in the spam folder
Will see what effect the change has
Re: Spam to plusnet-specific Email address.
25-11-2014 11:55 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
There is a small handful who may have signed up more recenbtly -
@Grampus, gecuser, Mook, Ambadista
Did you sign up with Plusnet after the 10th June 2014, maybe after September 23rd? Whichever, do you still have the emails that you received during the signup process? If so, can you post the headers from one of them (redacting your personal email address) and any of those where the sending servers are different from the others?
Re: Spam to plusnet-specific Email address.
25-11-2014 4:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Anotherone do you just mean @username.plus.net as part of the email address, or do you have a website with the same domain?
Can I ask, is your current username the same as it was previously?
I created and assigned plusnet@'mydomain'.net to be my private contact email when I first signed up with PlusNet from 2007-2009.
When I signed up with them again at the start of this year I used my personal web-domain but didn't create a unique address or use the previous plusnet@'mydomain'.net address. I just used my global public email address myname@mydomain.net
Thanks for the welcome
Re: Spam to plusnet-specific Email address.
25-11-2014 6:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
25-11-2014 6:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Rest assured that we have been investigating, so sorry not to have kept you guys informed. It's not helped that I've not been around this past week.
We've conducted a thorough investigation into these reports and at no point has there been any evidence uncovered that any of our core systems or networks, including our subscriber and billing databases, have been compromised.
In response to some of the discussion whilst I've been away:
Quote from: aich I can't see any other obvious way for the address to have been obtained other than by hacking Plusnet systems or a rouge employee.
There are plenty of ways data can be obtained without systems being hacked or the nefarious actions of an employee.
Quote from: avatastic My idea is that cloudfront (or whoever is doing the spam-scanning for PN these days) has had the breach and is keeping lists of the addresses that it sees pass through their devices and they've not a) noticed or b) notified their clients or c) have notified their clients under a NDA.
We're confident that's not the case.
Quote from: aich However one sent on 17/07/14 about changes to phone packages comes from "mx1.bt-plusnet.trclient.com"
Googling "trclient.com" doesn't fill me with a lot of confidence about them especially when following a link to them causes Firefox to throw a wobbly about the sites security certificate!
These emails (and other one-off/targeted mail sends) are often sent with the assistance of third parties/marketing partners as per the details in our privacy policy.
I am interested to know if everyone affected received this email though and if they did, on what date? The emails should also have a reference number on them somewhere. Fairly sure the price increase emails went to well over half our active broadband base (including me and a number of my referrals) and I can categorically state that many of them have not received the emails you guys have.
Quote from: poshrat So from the two identical format responses I'm pretty sure we can assume that
E-Markets Labs are the source for cardnews and liveuknews.
Maybe PlusNet should could ask E-Market where they got the email addresses from?
I doubt that would help. It's fairly obvious from the WHOIS data and SPF records of the sender domains are simply being registered for the purpose of spamming. I see similar stuff in my mail rejection logs (that's been happening for some time though). From personal experience (and as others have found), there's little point in pursuing the registrars either because the damage is often done before they get round to suspending the domain.
Quote from: purleigh Conclusion, either our our Plusnet billing accounts (but not the email platform) have been hacked, or Plusnet (or an employee) has given/sold our Plusnet account email addresses to someone who is now using that information to send out SPAM messages. In either case, what other personal information has been leaked ?
Not necessarily, and as mentioned right up there ^^^ an audit returns no evidence of any of our integral systems being compromised.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: Spam to plusnet-specific Email address.
25-11-2014 6:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
25-11-2014 7:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
ClinicCompare News <news@liveuknews.co.uk>
Wowcher & E-Market Labs <news@onepoundnews.co.uk>
The following were sent to an address only used with Madasafish:
ClinicCompare News <news@liveuknews.co.uk>
Daily Deals in association with E-market Labs <news@ukbrandnews.co.uk>
Tailored Offers <news@onepoundnews.co.uk>
PMI Simply <news@onepoundnews.co.uk>
All of them come from a company that claims to reside at:
237 S Delsea Drive #302
Vineland, NJ 08360
Both are email addresses at my personal domain (not registered through Plusnet). As it is only addresses used with Plusnet and Madasafish (effectively the same company), the chance of them being random guesses at valid addressees is minuscule. There has been a leak of some sort, if not from Plusnet then from one of its marketing partners.
Ironically, a genuine marketing email from Plusnet today (trying to get me to take out a new 18-month contract to Unlimited Fibre Extra at a discount) was also treated as spam by Gmail, perhaps because of this incident. (This is one of the bt-plusnet.trclient.com jobs).
PS I did not apparently receive the email about telephone package changes referred to in Bob's reply.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: Spam to plusnet-specific Email address.