Spam to plusnet-specific Email address.

lorisarvendu · ‎26-08-2007

How can you say "that is not what happened" when nobody knows what happened?
It was a simple scenario. I'll rephrase it even simpler:
1. I find out the domain name of a plusnet user.
2. I now automatically have their billing email address.
3. I can send them spam
4. Multiply by several thousand
Is that possible? Can anyone answer yes or no (and if no, then an explanation why it isn't possible).
Let me clarify this even more. My Plusnet web space is http://www.username.force9.co.uk. ok? That address exists in DNS, as I presume does every other PN user's web space.
If I remove the "www" from that, and add "postmaster@"or "username@", I get a legitimate billing email address...in fact the address or addresses I am currently getting spam sent to.
Is this not a legitimate and perfectly feasible way to identify the email addresses of an ISP's users?

A tortoise? What's that?
You know what a turtle is? Same thing.

avatastic · ‎30-07-2007

But that is not what has happened.
People receiving the spam are reciving it at the secondary billing e-mail address.
My mail notifications go to my @f9.co.uk address and a gmail.com address. It is the gmail.com address that the spammer(s) have.
Well, would have if I was being affected by this, but that's what the others have been getting.
Some of them have set up specific addresses such as plusnet-billing@example.org which the spammers are using, and those addresses are only used for the plusnet billing e-mails.
Hope that clears things up.
A.

F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)

lorisarvendu · ‎26-08-2007

Sorry, I misinterpreted that. I see now that my method could not have resulted in spam sent to a non-PN address.
However I have started receiving spam at username@username.force9.co.uk. This is my primary billing address, not the secondary one I can change in my online account/billing settings. It is also an address that is never used other than by PN to send me monthly billing mails and any ticket updates.
It's possible I may be receiving spam at my secondary one, but since that's my work address, and I'm at a prominent UK university our email servers drop 99% of all spam that we receive anyway, so I wouldn't know.

A tortoise? What's that?
You know what a turtle is? Same thing.

alan659882 · ‎04-02-2011

Quote from: lorisarvendu
Sorry, I misinterpreted that. I see now that my method could not have resulted in spam sent to a non-PN address.
However I have started receiving spam at xxxxxxxxxxxxxxxxxxxx@yyyyyyyyyyyyyyyy This is my primary billing address, not the secondary one I can change in my online account/billing settings. It is also an address that is never used other than by PN to send me monthly billing mails and any ticket updates.
It's possible I may be receiving spam at my secondary one, but since that's my work address, and I'm at a prominent UK university our email servers drop 99% of all spam that we receive anyway, so I wouldn't know.

Woh! - delete your email address from that post quickly, otherwise you'll start getting a whole lot more!!!
And don't EVER post it on a public forum again.

lorisarvendu · ‎26-08-2007

Ah well, if I get spam I get spam. I don't use it for anything at all, and from the look of what I've read here it should be already getting some from the infamous "2007" incident, plus it's started getting spam from what we will probably call the "2014" incident. But just to stop everyone from panicking I have modified it.
Although my earlier point still stands, that if someone manages to enumerate all Plusnet's subdomains (and from what I understand that is perfectly possible to do) then they automatically get a list of all Plusnet users primary email addresses anyway.

A tortoise? What's that?
You know what a turtle is? Same thing.

KevinG · ‎05-11-2008

Is the spam you are getting of the type that has been described in this thread, i.e. from the "Gamer SEO" domains based at 237 S Delsea Drive #302 Vineland, NJ 08360? If not, it's probably nothing to do with it.

HolaPussycat · ‎29-03-2011

I wonder if by way of an apology for breaking the law regarding keeping email addresses safe, PlusNet might be interested in giving everyone affected 1 year of service for free?
Perhaps if the number of customers they believe are affected is so few, it wouldn't be an issue for them to do that.
Perhaps someone with the figures for the Plus Net email servers can give us some statistics on the subject:

How billing email addresses are served by PlusNet MX servers (volume and percentage of accounts).

Percentage of billing email addresses served by PlusNet MX servers, that are receiving the Gamer SEO spam.

Signup time window that unites these addresses. Or other relevant unifying detail (after all, you've finished a thorough investigation, so you should have this in a report)

Chris, as PlusNet staff, you now need to respond to the questions we've been asking, as they're building up,
James

MD · ‎21-01-2015

Pity this thread was not called Plusnet compromised or something but clearly they are ignoring this
I too use a special Email only given to Plusnet and have been recieveing unsolicited Emails since November on that address - I dont call it spam because it isnt random or flooding just Emails from companies I would never deal deal with
I also got the canned answer from their Security team that their investigation found nothing - yet I get Emails to this specific address
The concern is anyone who took the Email address from the billing system could also have taken name/date/credit card details too
I will attach some evidence I can share with the ICO and/or Plusnet in full if they wish

Anotherone · ‎31-08-2007

When I saw a response from an "MD" in my Updated Topics, I thought for one excited moment that it might be answers to the questions from Andy Baker, Plusnet CEO

and of course, pigs might fly.

bishz · ‎24-01-2015

I have been receiving these spam messages since December, I've attached an image showing the 52 I've received since Christmas day. The email address was (obviously) only used for my plusnet account, and emails to that address does not touch plus.net's email servers. To deny this oblivious breach is craziness.
It hasn't ruined my life, but for Plus.net to deny this has happened is pretty outrageous. I've updated my plus.net contact email address, so if the leak is ongoing we'll know.
If anyone at plus.net wants any more information from the emails I'm happy to help. Also, any action by the ICO I'm happy to provide evidence as required.
I raised a ticket with plus.net and received a nonsense response about spam filters.
shame.

Routefinder · ‎01-08-2007

Rather than start a new thread this seemed like the place to post what I have seen on the 24th & 25th Jan
Three separate emails to 3 different mailboxes I have in place all spurious, all "from" random letter string @astral.ro @centennialpr.net @beotel.net the subject in each case was different and for example one said "Rarely patients may experience significant bleeding or pain during the biopsy."
If the CSC et al want the headers PM'ed I have them in my delete folder for now...........................for the record I never use the preview pane and only read emails that are AFAIK legitimate so have no idea what the body contents might be

KevinG · ‎05-11-2008

Quote from: Routefinder
Three separate emails to 3 different mailboxes I have in place

Doesn't sound like the problem being described here, unlike the previous post from bishz, which was spot on.

tyke · ‎25-07-2007

I haven't read through all 25 pages on this thread. Will someone who has let me know if these messages are just annoyances or do any carry malware? They are becoming more frequent now. I hope they don't reach the level that I got on Freeserve: about 60 a day towards the end of that service.

KevinG · ‎05-11-2008

I have not seen any reports of malware.

HolaPussycat · ‎29-03-2011

Can I just ask everyone that hasn't yet done so, to contact the ICO about this.
Bishz, thank you for joining our numbers; The fact that you first saw the spam in December shows either that spam filtering catches these messages easily, or that we have a more serious problem that only some of the addresses were used in their initial phase of testing out the validity of the email addresses they had purchased.
The potential for these addresses to be sold on to someone, who may well use them for more nefarious purposes, is still ever present,
James

Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.

Re: Spam to plusnet-specific Email address.