cancel
Showing results for 
Search instead for 
Did you mean: 

Spam to plusnet-specific Email address.

Community Veteran
Posts: 19,107
Thanks: 450
Fixes: 21
Registered: ‎31-08-2007

Re: Spam to plusnet-specific Email address.

Well done for all the info aich. This is all very strange, here are the headers from my PN Price increase email -
Return-path: <bounced@bt-plusnet.trclient.com>
Envelope-to: xxxxxxxxxxxxx
Delivery-date: Thu, 29 Aug 2013 17:43:25 +0100
Received: from [212.159.8.109] (helo=avasin13.plus.net)
  by inmx09.plus.net with esmtp (PlusNet MXCore v2.00) id 1VF5Jc-0007Kf-VH
  for xxxxxxxxxxxxxxx Thu, 29 Aug 2013 17:43:24 +0100
Received: from mx1.bt-plusnet.trclient.com ([202.43.5.89])
by avasin13.plus.net with Plusnet Cloudmark Gateway
id JgjM1m0061vEQBu01gjPtR; Thu, 29 Aug 2013 17:43:24 +0100
X-CM-Score: 0.00
X-CNFS-Analysis: ..............
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=tra; d=comm.plus.net;
b=CRE5yPBZiLjQ4JJXFA8dnng/YvR1zqaUW2q4BsuxoPTVfjjm/LtJS1kqwaqhyvdWhGIZFvYn/YEe
   I6PMGyDRxuioZBFGMWaYjMICUS5imqeS5v3pRMByBCgGHfJ5bDuzEPKUbQeb5qqtKhYUy3H8z7s3
   H517qn6OXGkiSSQ23uM=;
Received: by mx1.bt-plusnet.trclient.com id h3tt2m16pe0m for xxxxxxxxxxx; Fri, 30 Aug 2013 02:12:40 +1000 (envelope-from <bounced@bt-plusnet.trclient.com>)
x-accountid: xxxxxxxx
X-tra-envid: 1135355134-int
From: =?utf-8?B?UGx1c25ldA==?= <plusnet@comm.plus.net>
Reply-to: autoemail@plus.net
Date: Fri, 30 Aug 2013 02:12:40 +1000
Message-Id: <1135355134.1418265198@bt-plusnet.trclient.com>
To: xxxxxxx
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="UNIQUE_STRING"
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: =?utf-8?B?SW1wb3J0YW50IGluZm9ybWF0aW9uIGFib3V0IHlvdXIgUGx1c25ldCBzZXJ2aWNl?=
=?utf-8?B?Lg==?=
It's similar to what others have mentioned.
I've deleted irrelevant stuff and xxxx'd anything personal or that might me, now I haven't had any of these odd messages.
I seem to remember complaints about the Price Increase email at the time, but I haven't searched for them yet.
Community Veteran
Posts: 5,569
Thanks: 349
Fixes: 5
Registered: ‎11-08-2007

Re: Spam to plusnet-specific Email address.

Todays SPAM messages to my private Plusnet account mailbox -
Quote
From: "ProductTestingUK" <news@liveuknews.co.uk>
Subject: WANTED - Dyson DC40 Product Testers

Quote
From: "Product Testing UK" <news@liveuknews.co.uk>
Subject: Become A Product Tester and Keep The Product

Angry
Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.4.4-p3 router, 5 WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT
gecuser
Newbie
Posts: 5
Registered: ‎21-11-2014

Re: Spam to plusnet-specific Email address.

Hi,
I have an email address that is only used for my Plusnet account (no where else) overnight I have received in excess of 100 spam emails send specifically to that unique email address. Angry
This suggests to me that somehow the email address was obtained from a Plusnet database, could someone check to see if the Plusnet website has been hacked into?
I have now changed my email to a different unique address, so if the spam also arrives at the new address I will know where the leak is.
As a precaution I have also changed my Plusnet login password.
regards
Steve
dick:green Topic merged with this long running one on the same subject.
Community Veteran
Posts: 26,786
Thanks: 987
Fixes: 10
Registered: ‎10-04-2007

Re: Spam to plusnet-specific Email address.

Strange how if it was an email listed ripped from Plusnet they are only using a selection of the email addresses. Usually spammers use every address they obtain (and make up some more besides based on the domain). I've not had a single one of these spam emails.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)
Community Veteran
Posts: 5,569
Thanks: 349
Fixes: 5
Registered: ‎11-08-2007

Re: Spam to plusnet-specific Email address.

It is now more than a week since it was first reported that our Plusnet billing accounts appear to have been compromised, and Plusnet have done nothing to reassure us that our other personal details are safe (or not).
From reading this thread, it seems nothing will get done until Bob gets around to looking at some more email headers sometime next week.
Angry
Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.4.4-p3 router, 5 WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT
Community Veteran
Posts: 1,136
Thanks: 2
Registered: ‎30-07-2007

Re: Spam to plusnet-specific Email address.

Time to report them to the ICO for a data protection breach.
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
jab1
Hero
Posts: 3,426
Thanks: 1,134
Fixes: 22
Registered: ‎24-02-2012

Re: Spam to plusnet-specific Email address.

Quote from: jelv
Strange how if it was an email listed ripped from Plusnet they are only using a selection of the email addresses. Usually spammers use every address they obtain (and make up some more besides based on the domain). I've not had a single one of these spam emails.

Very strange - my 'primary' email address for PN is an old TT one used to get loads of spam. It still gets a little (maybe 3 or 4 a day), but none from 'livenews' or 'brandnews'
John
Anonymous
Not applicable

Re: Spam to plusnet-specific Email address.

I've been reading this topic with interest as I have not had any spam like those mentioned and the account I use my 'everyday' email address (I don't seem to have PN Web Mail access). Out of curiosity I thought I'd look at my advanced billing notification's headers and I see that mine are quite, quite different from those cited here.
Quote
Return-path: <padmin@billing03.servers.plus.net>
Envelope-to: MY_EMAIL_ADDRESS
Delivery-date: Sun, 09 Nov 2014 08:01:41 +0000
Received: from avasout05.plus.net ([84.93.230.250])
by MY_MAIL_SERVER with esmtp (Exim 4.82)
(envelope-from <padmin@billing03.servers.plus.net>)
id 1XnNRN-0005Ta-Dz
for MY_EMAIL_ADDRESS; Sun, 09 Nov 2014 08:01:41 +0000
Received: from billing03.servers.plus.net ([84.93.233.162])
by avasout05 with smtp
id DL1h1p0013WtizY01L1h9N; Sun, 09 Nov 2014 08:01:41 +0000
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.1 cv=XNu+SGRE c=1 sm=1 tr=0
a=WPTklmkeA0lf4ztKFIiyww==:117 a=0Bzu9jTXAAAA:8 a=7HIFeAphMSMA:10
a=xEx-Wa2oUWud5OJHtvEA:9 a=LVjlQi7Bm5w9XuE6:21 a=lxcFCifWQNZdZXMR:21
a=pn7XOFuvdOUA:10
Received: from padmin by billing03.servers.plus.net with local (Exim 4.72)
(envelope-from <padmin@billing03.servers.plus.net>)
id 1XnNRM-00089V-V4
for MY_EMAIL_ADDRESS; Sun, 09 Nov 2014 08:01:40 +0000
Date: Sun, 09 Nov 2014 08:01:40 +0000
Message-Id: <E1XnNRM-00089V-V4@billing03.servers.plus.net>
To: MY_EMAIL_ADDRESS
Subject: Advance notice of your Direct Debit payment
From: support@plus.net
Reply-to: support@plus.net
Sender: <padmin@billing03.servers.plus.net>

Edit - Added mail headers.
Community Veteran
Posts: 38,460
Thanks: 1,032
Fixes: 62
Registered: ‎15-06-2007

Re: Spam to plusnet-specific Email address.

I have been avoiding this thread as I haven't been affected and couldn't help
But I just did a search for trclient.com as given earlier and also mentioned here http://community.plus.net/forum/index.php/topic,107654.0.html/
Quote
Received: from mx5.bt.trclient.com ([202.43.5.51]) by COL0-MC2-F29.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
   Thu, 13 Sep 2012 06:13:40 -0700
Received: by mx5.bt.trclient.com id ha7e080i00sk for <****************@hotmail.com>; Thu, 13 Sep 2012 23:13:37 +1000 (envelope-from <bounced@bt.trclient.com>)
x-accountid: 5477
X-tra-envid: 842950991-int
From: =?utf-8?B?UGx1c25ldA==?= <Plusnet@comm.bt.com>
Reply-to: bt.athome@bt.com
Date: Thu, 13 Sep 2012 23:13:37 +1000
Message-Id: <842950991.629296089@bt.trclient.com>
Subject: =?utf-8?B?SW1wb3J0YW50IGluZm9ybWF0aW9uIGFib3V0IHlvdXIgUGx1c25ldCBIb21lIFBo?=
=?utf-8?B?b25lIHNlcnZpY2U=?=
To: ************@hotmail.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="UNIQUE_STRING"
Return-Path: bounced@bt.trclient.com
X-OriginalArrivalTime: 13 Sep 2012 13:13:40.0456 (UTC) FILETIME=[97BC6E80:01CD91B1]

It appears that it is very dodgy and is based in Australia https://ipdb.at/ip/202.43.5.51 so sending email addresses out of the EU is a major worry
Quote
    Host Name: mx5.bt.trclient.com
IP address is numbered 202.43.5.51. This IP address is affiliated with Australia. IP Country code is AU. It is also assigned to a hostname mx5.bt.trclient.com. IP address latitude is -27.0 and longitude is 133.0.

It does look as though this is a BT problem rather then Plusnet as it is a BT system problem hence a lot more difficult for Plusnet to tie down
https://community.bt.com/t5/Email/BT-Premium-mail-changes-deferred/td-p/1011426
LFaulkner
Dabbler
Posts: 20
Registered: ‎13-11-2007

Re: Spam to plusnet-specific Email address.

I use an email address of the form plusnet@xxxxx.co.uk, where xxxxx is my domain name, with Plusnet and the Plusnet Usergroup and nothing else.  I am also getting similar spam to that mentioned earlier to this email address. 
Community Veteran
Posts: 5,569
Thanks: 349
Fixes: 5
Registered: ‎11-08-2007

Re: Spam to plusnet-specific Email address.

Quote from: Oldjim
It does look as though this is a BT problem rather then Plusnet as it is a BT system problem hence a lot more difficult for Plusnet to tie down

Which would also explain my observation in Reply #12
Quote from: purleigh
Having seen this topic, I have searched my IMAP accounts to see whether this has occurred before,  and discovered that on the 14th and 19th of August 2013,  that I have had messages to this same email account from <bt.email.antivirus@bt.com> with a subject of "BT Messaging Anti-Virus Alert",  and the headers look like they are genuinely from BT servers.  Why would I ever receive email from BT anti-virus ?


I have had security concerns in the past about BT,  where I have been on-site helping someone fix their broadband connection,  have reported a phone line fault (to BT) and then within minutes received a phone call from an Indian call centre (claiming to be BT or on behalf of BT), who knew I was looking at a phone line problem, and then proceeded to instruct me to go to a Windows machine, open then log files to look at the warnings, and then went into the spiel about logging onto their website (using Internet Explorer) to pay for and download their security program to resolve the issue I had reported.  That phone line had NEVER received these types of call before, and no it wasn't a coincidence - because they knew about the phone line fault.
Plusnet FTTC 80/20 IPv4/30, Hurricane Electric 6in4 IPv6/48, Pulse8 landline & calls, SamKnows 600N
Vigor 130 modem, pfSense 2.4.4-p3 router, 5 WAPs, Devolo dLAN 500, Gigaset N300A-IP VoIP DECT
Community Veteran
Posts: 19,107
Thanks: 450
Fixes: 21
Registered: ‎31-08-2007

Re: Spam to plusnet-specific Email address.

That's probably someone in India flogging your number for a few rupees
I was talking to a friend last night and he mentioned security leaks with BT and Adobe.
I've been looking to see if I could spot some common factor amongst everyone getting the SPAM, it doesn't seem to be related to when anyone signed up. For those getting the problem, do you all have/had your own domains which which your Spammed email address may be linked?
Community Veteran
Posts: 1,136
Thanks: 2
Registered: ‎30-07-2007

Re: Spam to plusnet-specific Email address.

I see your thinking Anotherone, you're thinking that the addresses may have been harvested from the WHOIS data on a £1 domain?
Not having one of those any more I can't check to see what e-mail address Plusnet list as the contacts, can someone who does check?
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
LordFox
Grafter
Posts: 211
Thanks: 6
Registered: ‎10-03-2008

Re: Spam to plusnet-specific Email address.

I use Clara as an email provider, have for many years. It allows me to have a catch-all address and use anything I want before the @ symbol. So, I generally register unique addresses with companies such as An-Imaginary-Company@my-catchall-address. It allows me to track exactly where anything comes from and has been enlightening on some companies' lack of scruples. You get the point.
I have one registered as my contact address here, plusnet@etc. I have never used this address to send anything or given it to anyone else, and I registered it here years ago when I first joined. It is not specifically entered into my email clients as a usable address so could not have been harvested locally.
Over the last few days I have received multiple spam emails to this plusnet-only address. At the bottom of each email is the real-world address:
237 S Delsea Drive #302
Vineland, NJ 08360
Any ideas where this company (if it is real) has got my plusnet email address? It wasn't from me!
Community Veteran
Posts: 1,136
Thanks: 2
Registered: ‎30-07-2007

Re: Spam to plusnet-specific Email address.

That's another one (to merge to this thread) to add to the list, using a specific-to-plusnet address getting hit
If you're looking for the URL you want to use CRT, I think you'll find it here - http://ico.org.uk/for_organisations/data_protection/lose
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)