Spam to plusnet-specific Email address.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Spam to plusnet-specific Email address.
Re: Spam to plusnet-specific Email address.
18-11-2014 11:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
18-11-2014 11:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Received: from avasout05.plus.net ([212.159.9.108])
by avasin08.plus.net with Plusnet Cloudmark Gateway
id GVqo1p0022KrXh801Vqwya; Mon, 17 Nov 2014 05:50:56 +0000
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=Mpbc6gqe c=1 sm=1 tr=0
a=fS+5Zzvk6gANdtf7AAd0ug==:117 a=WPTklmkeA0lf4ztKFIiyww==:17 a=0Bzu9jTXAAAA:8
a=7HIFeAphMSMA:10 a=KHeHGimUAoAKc9PjO_IA:9 a=1HBN-GZUpTBaVCB_:21
a=nf6QWtfKtV0T3MW5:21 a=pn7XOFuvdOUA:10
The only difference between the above (sent to the primary default address for the account) and the one sent to the cc. address is that the id (3rd line above) ends in 'b' instead of 'a'.
Re: Spam to plusnet-specific Email address.
18-11-2014 3:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
18-11-2014 3:59 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Meanwhile these links may be of some interest -
http://www.reddit.com/r/sysadmin/comments/2mjnnh/anyone_seeing_an_excessive_amount_of_test_message/
http://community.spiceworks.com/topic/640437-test-mesage-spam-emails
Re: Spam to plusnet-specific Email address.
18-11-2014 5:55 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Spam to plusnet-specific Email address.
18-11-2014 6:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The spam emails I received had an unsubscribe link.
On investigation opening cardnews.co.uk in a browser just SQL errors.
Opening livenews.co.uk ends up at E-Market Labs.
Now for the "your are not supposed to do" bit.
In both spam Emails I clicked unsubscribe.
cardnews.co.uk responded:
UNSUBSCRIBE
Please enter the verification code below to unsubscribe ********@*****.co.uk:
Verification code: 7b8d5980be42759120676aa00580277c
Enter the verification code here:
liveuknews.co.uk responded:
UNSUBSCRIBE
Please enter the verification code below to unsubscribe ********@*****.co.uk
Verification code: a0f7eef880ad01cce96798836f221ebd
Enter the verification code here:
So from the two identical format responses I'm pretty sure we can assume that
E-Markets Labs are the source for cardnews and liveuknews.
Maybe PlusNet should could ask E-Market where they got the email addresses from?
Also to my surprise since I unsubscribed I've had NO FURTHER SPAM!!!!!!!!
If this continues to be true then one might be able to conclude that only E-Market have the targeted Email addresses. This is minor good news as it will mean that we all don't have to change our registered email addresses with PlusNet. Of course it could just be that E-Market are the early birds. Only time will tell.
Re: Spam to plusnet-specific Email address.
18-11-2014 8:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote From: "Fantastic discounts" <news@liveuknews.co.uk>
Subject: Wowcher
Quote From: "Eco News" <news@newsnationals.net>
Subject: 50% drop in your energy bills - newsletter
Quote From: "Clinic News" <news@newsnationals.net>
Subject: 20/20 Vision Should Be Yours - Newsletter
Re: Spam to plusnet-specific Email address.
18-11-2014 9:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I bet (hope) that if you hit the unsubscribe (this is your choice and not a recommendation) you will get the same unsubscribe responses I posted earlier.
PN will/should be monitoring this thread so they can and this latest info and follow-up accordingly.
Re: Spam to plusnet-specific Email address.
19-11-2014 6:00 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Have spoken with a friend who signed up after 2007; he hasn't seen any spam to his gmail address, so perhaps it is from that old hack?
Just seems bizarre that our addresses would be floating around out there for 7 years before they got added to a list.
Re: Spam to plusnet-specific Email address.
19-11-2014 8:38 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This week is my 15th year anniversary with Plusnet.
My Plusnet email-mailboxes and email-redirects WERE harvested in the 2007 hack, and I continue to receive a considerable volume of SPAM messages daily to ALL those stolen email addresses.
Regarding the email address that is the subject of interest in this topic, that domain name was created approximately a year AFTER the 2007 hack, and the domain and email servers have been independently hosted from the start. Unfortunately I can't remember when I created the unique email-address that is only used for Plusnet account information, but I would guess between late 2008 and 2010.
The SPAM messages that I am now getting to this specific Plusnet account only email-address, ARE NOT also appearing in any of the 2007 hacked email addresses, or being picked up in the catch-all mailboxes of my other independently hosted domains and email addresses.
HOWEVER I have now received a couple of these new SPAM messages to the email address that I would have been using on my Plusnet account BEFORE I changed it to the current unique account address. Because this older email address was used for general email (and wasn't specific to my Plusnet account - but was previously listed as my Plusnet account email address) and receives daily SPAM, I wouldn't and hadn't noticed anything unusual about receiving this latest SPAM to that mailbox.
The fact remains that these new SPAM messages are appearing in a unique mailbox that has ONLY ever been given to Plusnet, and some of the same SPAM messages are also appearing in a mailbox which was my previous Plusnet account contact, and these SPAM messages have NOT appeared ANYWHERE else.
Conclusion, either our our Plusnet billing accounts (but not the email platform) have been hacked, or Plusnet (or an employee) has given/sold our Plusnet account email addresses to someone who is now using that information to send out SPAM messages. In either case, what other personal information has been leaked ?
Re: Spam to plusnet-specific Email address.
19-11-2014 9:49 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Just checked the email again I received it because I was part of an internal mailing list at my company.
Re: Spam to plusnet-specific Email address.
19-11-2014 9:51 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
My domains are hosted elsewhere and the address receiving the spam is the only one recieving this particular spam.
I have an address that was registered with Adobe when they were (in)famously hacked, which I still receive some spam on and another which was registered with an Australian company Rode Microphones which likewise recieves some.
Neither have recieved any of the same spam as this Plusnet registered address.
With regard to unsubscribing as mentioned further up - I would strongly suggest not responding in ANY way to the spam emails as "liveuknews.co.uk" was only registered on the 11th November and has un-validated contact details for the domain registrant.
I have raised my concerns about this with Nominet - the UK Domain registry, but unless there is clear eveidence of criminal activity they cannot do anything about canceling the domain.
Here is the whois results for "liveuknews.co.uk" from Nominet :
Domain name:
liveuknews.co.uk
Registrant:
Gamer SEO
Registrant type:
Other Non-UK Entity (e.g. clubs, associations, many universities)
Registrant's address:
237 South Delsea Drive
Suite 302
Vineland
NJ
08360
United States
Data validation:
Registrant contact details awaiting validation
Registrar:
eNom, Inc. [Tag = ENOM]
URL: http://www.enom.com
Relevant dates:
Registered on: 11-Nov-2014
Expiry date: 11-Nov-2015
Last updated: 11-Nov-2014
Registration status:
Registered until expiry date.
Name servers:
ns1.liveuknews.co.uk 192.241.79.2
ns2.liveuknews.co.uk 192.241.79.2
WHOIS lookup made at 09:11:01 19-Nov-2014
--
This WHOIS information is provided for free by Nominet UK the central registry
for .uk domain names. This information and the .uk WHOIS are:
Copyright Nominet UK 1996 - 2014.
I imagine (hope) that Plusnet are already looking into this "company" as they appear to be the source of the spam so far.
Re: Spam to plusnet-specific Email address.
19-11-2014 2:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
That domain's essentially anonymous - registered when the spam started, and Suite 302, 237 South Delsea Drive looks like a UPS store post box.
Certainly seems that plusnet's database has been compromised in some way.
Re: Spam to plusnet-specific Email address.
19-11-2014 5:36 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The US based registrar "enom.com" who registered these names are listed as the number 1 registrar of spam originating domains by URIBL see: http://rss.uribl.com/nic/
Nominet are completely uninterested and claim they cannot cancel a domain as they have no control of the purpose of its use. I pointed out that Registrant details are supposed to be accurate but they said it's down to "enom.com" (the registrar) to sort it out!
Basically although the sending of SPAM is illegal both in the EU and the US apparently the UK Domain Register have no control of the use of .co.uk domain names even if being used for illegal purposes!
I give up.
However there is still the issue of how our email addresses were obtained.
I would still like to know why Plusnet saw fit (as apparently did BT) to use a third party marketing service such as "trclient.com" (apparently owned by Traction Digital an Australian marketing company) to send out details about phone service changes in July this year.
This would seem to me to be a possible source of email harvesting?
Re: Spam to plusnet-specific Email address.
19-11-2014 11:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote From: "Fantastic discounts" <news@ukbrandnews.co.uk>
Subject: Winter news - Up to 80% off your items
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Spam to plusnet-specific Email address.