---

@PhilipHeyes wrote:

Plusnet have configured SMTP server relay.plus.net as an Open Relay, making possible to send emails as you describe without being a Plusnet internet customer and without needing a Username or Password.

---

I don't believe that is a good description of what is happening. To send an e-mail FROM a Plusnet address you need to be on the Plusnet network and/or be authenticated.

To send an e-mail TO a Plusnet address you need a server to accept your e-mail, and then any intermediate servers to pass it on to Plusnet's server to pass to the recipient. You shouldn't need to be authenticated to relay an e-mail, otherwise every sender would have to authenticate for every recipient domain - which is quite impractical. Some servers may enforce DKIM or SPF etc to avoid passing on e-mails that are pretending to be from a different domain to the one they were sent from, or may refuse to relay e-mails from sources that have a "bad" reputation.

However, when sending an e-mail you can use any FROM: string you like - it has no impact on the delivery of the e-mail. It is like writing "from <XYZ>" on a postal letter - it will be delivered using the TO: address.

When sending spam messages it is common to use the recipient's address as the FROM: address as it is unlikely to be blocked by that recipient's spam filter.

---

@corringham wrote:

---

When sending spam messages it is common to use the recipient's address as the FROM: address as it is unlikely to be blocked by that recipient's spam filter.

---

Or that 'Spammy' uses a known pair of email addresses (a 'to' and a 'from' pair) that have been harvested from hacking an IMAP mailbox. Again to increasing the chances of being believed and avoid junk filters

An SMTP mailbox is of course usually empty.

@corringham  I thought I had heard some months and possibly years ago that there was a way of being able to see a senders genuine address if they had put a fake sender address on an email - and just out of curiosity, is that corringham near where the old but long gone shell haven oil refinery was?

Regards and thanks

Penneck

I run spam through SpamCop as a reporting tool, it reports to the IP address and host of the 'last step' before the email reaches legitimate steps.

There is usually one earlier 'known faked' step from which mail should not have proceeded.

There is no requirement for there to be a 'real' sending address at all - just a mail server to send the junk content with the faked header

I've just been off-the-air for about 4 hours with no internet connection. I spent an hour on the phone to Plusnet Helpline, and they tried everything they could think of to fix the problem. It seems somehow the password on my router got changed on Sunday. Plusnet Helper remotely changed the password again (and told me over the phone what it was), but try as he might he couldn't figure out how to access the router from my side (getting me to do the typing). The 192.168.1.254 thing wouldn't work but that should work as a basic tool if nothing else.

Anyway, I had a look at the Netgear router instructions, and logged in using the new router password. That seemed to do the trick because the Internet LED on the router came on. I rebooted both the pc and the router, and I appear to have connection again (hooray).

Now I am assuming this little problem was caused by the person who keeps sending me the bad emails, and hopefully Plusnet Helper changing the password will prevent him from doing it again

Fingers crossed

It’s unlikely the person spending the nuisance emails has access to your Plusnet password and even less likely to have access to your router password, I’d be looking for another reason for your problem.
I suspect the person sending the emails is not a person but more likely a highly organised group of persons…..

---

@penneck wrote:

I had heard some months and possibly years ago that there was a way of being able to see a senders genuine address if they had put a fake sender address on an email

As mentioned previously, the From: is just whatever the sender wants to display, however the headers will contain Received: lines which are added by each server as it receives an e-mail - so the sender can't stop those being added. They will give the IP address that it was received from, and whatever rdns that IP announces.
The Received headers are added to the top on the e-mail so the ones further down the list are closer to the sender. Generally the first public IP address is the source of the e-mail. However, the sender can add extra Received: headers if they want to confuse things a bit.

 and just out of curiosity, is that corringham near where the old but long gone shell haven oil refinery was?

---

No, it's a surname - which originates from the Lincolnshire village of Corringham (rather than the Corringham in Essex).

---

@mwwagain wrote:

Has your email been transferred to Greenby yet ?

If so most of the complaints are of Greenby putting legitimate emails into 'spam' and therefore not delivering - rather than spam getting through that should not.

---

I have been transferred to Greenby and have had this happen to me sometimes. 

I believe I have found the reason for this, at least for my own ex Plusnet email account. With Plusnet email I never used the Spam filter, it was OFF in my PN account email settings (despite which I had been untroubled by spam). Since the transfer to Greenby I discovered the Greenby email settings for my account have spam filtering ON by default. It was set to Level 3 - which is "More Aggressive". I have changed this to Level 8, "Less Aggressive".

Despite the above, and despite claims to the contrary on this forum, it also looked to me likely that flagging messages in the Spam mailbox in the Greenby system as Not Spam was training their spam filter.

"How is he/she sending me emails which shows my email address as the source?"

This is trivial to do, and does NOT need to use Plusnet's email service to send it.