cancel
Showing results for 
Search instead for 
Did you mean: 

Avoidance of the leaked email addresses issue

LordFox
Grafter
Posts: 211
Thanks: 6
Registered: 10-03-2008

Avoidance of the leaked email addresses issue

This is a feedback issue regarding Plusnet, not a query about email problems.
Plusnet, you have in some way allowed unique email addresses of many of your customers to be leaked to a spmmer. This is practically irrefutable; there is far too much evidence that the leaked data can only have come from you.
Now, my private email account that I have paid for for almost as long as the Internet has been here, and which has NEVER had spam to the base domain address, is receiving the same, easily identifyable spam we have been receiving to our unique addresses known only to you. This means that the spammer is now moving further than just using the exact email addresses that were compromised, and it is only a mater of time until such things as dictionary attacks begin and render my email account unusable.
The amount of work I will have to do to contact everyone who has my contact details on that domain will take me many days to do, and I doubt I will even get to most of them.
You, Plusnet, had been far too silent on this issue and tried to brush it under the carpet.
You have allowed our data to get into the hands of spammers, and this is going to cost at least me, and I guess many others, a lot of time and money to correct.
What are you going to do about this?
23 REPLIES
Superuser
Superuser
Posts: 12,233
Thanks: 3,543
Fixes: 22
Registered: 22-08-2007

Re: Avoidance of the leaked email addresses issue

Frustrating as this is, the horse has left the stable.  There is no practical thing which PlusNet can now do.  The milk is out of the bottle.  The best that can be done is to ensure no more milk can be spilt.
Personally I would like to hear that PlusNet will stop using all third parties for service delivery which involves the release of personal data, including email addresses.  PlusNet are not alone in this respect - far too many organisations farm out their email marketing activity rather than keeping such activities in house.  Running in-house marketing email services is not that difficult - I do not understand why such activities are farmed out... especially with the marked risk of third party data leakage.
Empirical
Grafter
Posts: 54
Registered: 05-04-2014

Re: Avoidance of the leaked email addresses issue

So whats all this about, what emails have been leaked? The ones provided by plusnet or the ones supplied as registered?
LordFox
Grafter
Posts: 211
Thanks: 6
Registered: 10-03-2008

Re: Avoidance of the leaked email addresses issue

The continued silence from PN is deafening ...and the spam floodgates are opened here, just as I feared! It seems even Amazon Prime isn't above joining the various services the spam is trying to sell.
There is far more PN can do - it can come clean, admit to its userbase as a whole there has been a problem (whether or not PN claims it cannot find out how it happened) and offer compensation to those of us who have been severely inconvenienced and will be put to expense because of this leak.
@Empirical, thank you for the question. It shows exactly how this issue has been kept quiet by PN by keeping the thread away from feedback and in the email problems section, where people wouldn't go unless they had, well, an email problem I guess.
It certainly shows that they have not done as was suggested and requested by us, asking their userbase as a whole if they were receiving the particular spam. It would have helped them greatly in determining where the leak was to know how widespread it was. That assumes they don't already know, of course, and that the supposed investigation PN did was actually an investigation and not a cover up.
The spam (which is unusual in format and easily recognisable from others)  is going to unique addresses that many of us have made up entirely for PN's billing system, and are used nowehere else. It is not PN-supplied addresses, but our own, private addresses that we gave to PN that have been leaked.
We are all similar in this. My own address is one that has never, ever been given to anyone other than PN, does not even exists on my PC as a sendable address (so no leak from me is possible) and is received only by a catch-all email account that I pay for.
The whole point of doing this, and I have done it for years, is that if I get an email sent to me using a particular address, I know for a fact that it has come from the company I ghave that unique address to. Or, they have given it to someone else.
Have a read through the thread here if you are interested. Even the media got involved at one point - they might again if things don't improve on PN's side soon.
http://community.plus.net/forum/index.php/topic,133959.0.html
LordFox
Grafter
Posts: 211
Thanks: 6
Registered: 10-03-2008

Re: Avoidance of the leaked email addresses issue

Well, I had a spare ten minutes between cleaning out the spam, so I used PN's online chat and asked how PN plans to compensate me for the this.
Not surprisingly, it was a complete waste of ten minutes.
The agent I spoke with claims they know nothing about this issue (utter rubbish), denied that there could have been any leak of information (even PN has not said that, in case it gets caught out) and suggested I raise a ticket. Which, of course, I had already done and got nowhere.
You are leaving my with little alternative here PN, I won't let this matter just go away and foot the bills and wasted time myself.
I have used this email system, for about twenty years, and in all that time had hardly any spam to it because of the system I implemented. Now, I am receving more spam than genuine emails, thanks to PN.
"Good honest bradband from Yorkshire" - yeah, right!
Superuser
Superuser
Posts: 12,233
Thanks: 3,543
Fixes: 22
Registered: 22-08-2007

Re: Avoidance of the leaked email addresses issue

I really do not understand what you want to happen.  There is nothing NOW that PlusNet can do to stem the SPAM which seems to be your present complaint...
Quote from: LordFox
You are leaving my with little alternative here PN, I won't let this matter just go away and foot the bills and wasted time myself.

What bills and what waste of time?  Seems that all you want is a fight.
I do understand your frustration, but surely the simple solution is to replace the existing unique email address you have for PlusNet and "blackhole" the old one.  Five minutes work and the problem is gone - no bills (?) and no more wasted time.

Do not get me wrong, I am not defending PlusNet for what has happened, but it has happened and cannot be undone.  There is nothing PlusNet can do over the consequential flood of SPAM - that is for you to manage, in the same way we had to after the 2007 webmail server hack which stole numerous email addresses used with webmail.
Assign new email addresses, blackhole the old ones, move on and enjoy life.  The people I really feel for are those who have given every contact the same email address.  They do not have the means that you have to manage the problem.
LordFox
Grafter
Posts: 211
Thanks: 6
Registered: 10-03-2008

Re: Avoidance of the leaked email addresses issue

Townman, what you fail to understand is that the domain I use is now being attacked at the base level with this spam.
It is pointless to blackhole the original address (it is already filtered off so I can keep a record of the spam).
An address I have used, as my main means of communication (I have autism) for twenty years, and which I have kept almost free of spam, is now receiving quantities of spam to the base address. I repeat, not just the address given to PN but now to the address I receive as the catch-all address.
The spam is exactly the same as that also sent (duplicated in fact) to the PN address - it is from the same source and thus is of the same cause.
I have never used an antispam service due to the chance of losing legitimate emails, which happened the only time I tried such a service out. I have never needed such a service before, however now, thanks to PN, my account is receiving more than double the amount of spam I have seen in all the twenty years that I have used the addresses.
Everyone I have communicated with in all that time has a unique email address on my system.
Do you have any idea of the length of time it will take to try to contact all of them, generate new addresses on a new domain (since this one is likely to succumb to spam sooner or later now) and the cost of my time to do so? And the cost of finding another such servivce; I do not think even Clara offer it any more and keep mine active only as a customer service.
Why do you take it on yourself to say there is nothing that PN can do? There is a lot they can do, but they won't unless they are made to, it seems. People jumping in and saying there is nothing more they can do can only hurt those of us who say they should. Why do that?
I certainly do not want a fight; with autism, I find I am really quite poorly equipped to deal with such matters. I refuse to allow that to stop me trying to get what is only right though and have found means to do so before.
If you do not feel that it is a problem to you, please do not apply whatever reasoning brings you to that conclusion to me. We are clearly not in the same situaton.
Superuser
Superuser
Posts: 12,233
Thanks: 3,543
Fixes: 22
Registered: 22-08-2007

Re: Avoidance of the leaked email addresses issue

I think you are totally missing the point and using your autism as a reason to want the world to revolve around you.  Your expectations need reappraising so as to lower your stress levels.  If your email addresses / domain name is out in the wild receiving spam, there is nothing which can now be done to rectify that.  The "target" addresses are out there, they will be used, NOTHING can be done to rectify that.  You need some other strategy - both technically and personal coping strategy.
What relationship is there between the PlusNet email address used for billing and the the "base address"?  Do you mean that you used plusnet@yourdomain.co.uk as your PlusNet billing address AND another-address@yourdomain.co.uk is now receiving spam too?
Is this a catch all email box?
Did you by chance click the UNSUBSCRIBE link on an earlier email?
Is this spam to the "base address" all to a single "name" or multiple "names"?
If none of your specific names are receiving spam then you only need to sort out the catchall mailbox.

If this does not help you, then please do spell out in simple words what you believe ought to be done by PlusNet to fix your CURRENT issue - may be you know more about how email works than do the members of this forum - you might have something to teach us.
LordFox
Grafter
Posts: 211
Thanks: 6
Registered: 10-03-2008

Re: Avoidance of the leaked email addresses issue

I think you are now being personal and offensive in you opposition to me. Why? Until now I have not even mentioned that I have autism in many years (of admittedly low activity) on the forum. I mentioned it because otherwise my comment regarding email being my main mothod of communication and the importance of that email address would not be understood as clearly.
I have used my autism as an excuse for nothing - do not put your misinterpretations on me. As to wanting the world to revolve around me - I want compensation for a comapny losing control of my personal information, in breech most likely of the data protection act, and the problems it is now causing me. How is that "wanting the world to revolve around me"?
Please leave such personal, and incorrect, assumptions about me out of this; they are not relevent nor welcome.
Have you read the post I made in the main thread on this matter?
I use an address in the form plusnet12345@myaccountname.clara.co.uk. That is what was leaked and originally was the only address receiving the spam.
Duplicates of the spam are now being sent addressed directly to the catch-all address, myaccountname@clara.co.uk. This is what has changed, as I have now repeated several times. That catch-all address has never, ever been used except twice a year by Clara themselves for billing purposes.
Do you understand now?
Superuser
Superuser
Posts: 9,667
Thanks: 1,070
Fixes: 59
Registered: 06-04-2007

Re: Avoidance of the leaked email addresses issue

I suspect the reason the base address is now receiving spam is because spammers will understand the mechanisms behind many email mailbox name rewriting processes - Claranet are not the only ones who use that system.
David
LordFox
Grafter
Posts: 211
Thanks: 6
Registered: 10-03-2008

Re: Avoidance of the leaked email addresses issue

spraxyt, yes, I agree.
It means someone is actually leverging the information in the database they have rather than simply using a list. It raises the issue that they will likely make more attacks now, based on the original address, where previously the spam has been restricted to only the leaked address. The spammers do not know or care that the thousands of addresses they could generate from it will all go to one person.
That is my concern. I can cope with one address being taken out by this; it's not the first time a company has leaked an address I have given them. This is the first time spam has subseqnetly come directly to the base address. If a larger scale bombardment now happens against my account, it will cause problems.
It is still an "if" of course, unfortunately so far, the "ifs" have happened.
hex
Grafter
Posts: 103
Thanks: 3
Registered: 06-02-2013

Re: Avoidance of the leaked email addresses issue

Is the base email address explicitly being used though?    Some spam will bcc email addresses so you cannot see who they are addressed to so may still be getting sent to the original 'leaked' email even if it is caught in your catch-all mailbox.
LordFox
Grafter
Posts: 211
Thanks: 6
Registered: 10-03-2008

Re: Avoidance of the leaked email addresses issue

Duplicates of each spam email are now being sent addressed directly (from X-Original-Recipient) to both the leaked address (plusnet12345 @myaccountname.clara.co.uk) and the base address simultaneously. Also, each copy has the relevent destination email address in the subject, as is the way with this spam. Except that the one to the base account is actually not the domain I use I've just realised...
Interestingly (maybe) is that the ones going to the base address are addressed to myaccountname @claranet.com - I do not use that domain, I use myaccountname @clara.co.uk. Higher up of course is envelope-to myaccountname @clara.co.uk since that is what I receive as the catch-all address.
So they haven't just sent (or BCC'd) to the base address they would get from the leaked address (clara.co.uk). Not sure how they have come up with claranet.com. It does work, but originally it was clara.co.uk and that is what I've always used. I can get nslookups to give my mail server IP addresses followed by looking up the domain names to give me clara.net, but not claranet.com. Huh!
I don't claim to know much about reading email headers unfortunately (depsite certain patronizing remarks somewhere above).
What I do know is that this is the very same spam, from the very same source that was provided with our data from PN, now sending me duplicates to the (or at least one) base address.
gswindale
Grafter
Posts: 942
Registered: 05-04-2007

Re: Avoidance of the leaked email addresses issue

I'm slightly puzzled by this.
Firstly as I've taken a quick look through the email sub-forum and nothing leapt out at me about a leak. Maybe a link to the specific thread would be useful here?
Secondly; I'm still getting very little spam on the account that PN use for billing notifications etc.
Superuser
Superuser
Posts: 12,233
Thanks: 3,543
Fixes: 22
Registered: 22-08-2007

Re: Avoidance of the leaked email addresses issue