User comments on ISPs
>> PlusNet plc

These posts have been archived and can no longer be replied to or modified.
	Print Thread

deleted
(deleted) Tue 22-May-07 00:05:01

Oh dear SPAM propagating?

[link to this post]

I am sure like many others I have SPAM in my various mailboxes but to my surprise a short while ago I got one in the [email protected] mailbox. I have never seen SPAM in that one before. Bearing in mind that I never send mail from that address and it is in effect an internal address how the heck does it slip through the filtering?

I am sure I have the filtering set to maximum!

TLM
(eat-sleep-adslguide) Tue 22-May-07 00:30:36

Re: Oh dear SPAM propagating?

[re: deleted] [link to this post]

Why are you surprised? Or have you not been here the last few days?

As I understand it, ALL the mailboxes on that particular server have been compromised, so it makes no difference whether you ever used that address before or not. If it existed, it is now known to spammers.

And how is the spam filter supposed to know something was spam just because it was sent to that mailbox? It doesn't know how you use your own private mailboxes, so it would need more than destination alone to conclude that something was "spam".

T.

camieabz
(legend) Tue 22-May-07 00:40:25

Re: Oh dear SPAM propagating?

[re: TLM] [link to this post]

Well I've now got postmaster, username and a couple of others @username.plus.com filtered to delete e-mail at the server end. They can spam all they like now. It's Plusnet's problem.

~ If you can read this, your AG/TB settings are not configured for performance ~

Camie

SAR 715...plusnet...6893kbps/383kbps

~ The AG'ers Mugshots ~

~ Camie's Forums ~

deleted
(deleted) Tue 22-May-07 00:41:28

Re: Oh dear SPAM propagating?

[re: TLM] [link to this post]

Yes, I have been around these last many days and had my share of additional spam as I think I indicated.

As for which server the pnetnotices are sent from I have no idea but for the fact I have never seen any spam from that source before and granted there were many reports of 'unused' addresses being spammed but that the main raft of that was few days ago and as I said that address as I perceived is "internal" for PlusNet notices. And in my haste I did not say correctly that it was id'ed as SPAM. My surprise was the mailbox it landed in after the matter had had much attention by PlusNet.

h0tblack
(knowledge is power) Tue 22-May-07 01:20:58

Re: Oh dear SPAM propagating?

[re: deleted] [link to this post]

The spam does appear to be coming in waves. It may even be that the leaked addresses were split up and sold to different people. It's also possible that after some time the known addresses will be used as the basis for more random attempts. For example, if they had the address [email protected] they may try [email protected]. Plenty of addresses only used internally have been leaked though.

I wish there was something more helpful I could add. If you think this address is reciving abnormal spam and do not think it was linked to the webmail platform, you could try getting in touch with one of the comms team. Although I haven't had much like on that front with an address I queried. One explanation given is that all email addresses that existed before the atmail system was implemented were imported into the system.

stevebasford
(committed) Tue 22-May-07 08:26:24

Re: Oh dear SPAM propagating?

[re: h0tblack] [link to this post]

In reply to:
The spam does appear to be coming in waves

Yup.. here's a couple of stats screen links from a site that uses my spam/virus sigs:

http://overlord.oucs.ox.ac.uk/images/stats/relay/virus-day.png
http://overlord.oucs.ox.ac.uk/images/stats/relay/virus-month.png

There is no doubt better stats out there releated to PlusNet... but you can see the point and the numbers ISP/big organisations are having to deal with

Cheers,

Steve

Print Thread

Jump to