You do know that they sometimes dictionary spam the domain? So if your "supersecret" bit of [email protected] is in their dictionary of things to try then you are jiggered and they don't need to have ever seen for you to get the email.

So far as I know it isn't in any dictionary. I'm not stupid.

Unless anyone has experienced the same for "Plusnet-secret" email addresses, (as I said earlier it only came into existence as a unique login email address), please can people stop giving reasons why I could be wrong. The main reason for my OP was to see if it was something affecting multiple Plusnet login addresses.

I don't want to be impolite by not replying to suggestions, but in itself I'm not worried by it.

Doing a search on my emails I have found another couple in 2019 that had been moved direct to Junk by Thunderbird on receipt, so I didn't even know they had occurred. The reason I saw this one was I have a new laptop and a new installation of TB, which of course hasn't self-trained from my own Junking .

There are many reasons why I could be wrong! That is why I also posted earlier that I had stopped, given the age of that detection.

If ian72 would like to see the whole source, as a matter of analysis by him and education for me as a result, that would interest me . Beyond that, it doesn't bother me.

Edited by RobertoS (Mon 14-Dec-20 23:45:16)

Feel free to PM it to me if you want me to have a look - not guaranteeing any startling insight but I might be able to make some sense of it and give an idea of where it originated.

If they were doing that there would be loads of emails received in this case - I believe Bob uses the same technique as I do by redirecting anything@domain to the actual email account. If using a dictionary spam everything would ultimately be received so the chance of accidentally coming across a single address that was used with a service is low - especially as Bob says it isn't a dictionary word.

In reply to a post by ian72:

If they were doing that there would be loads of emails received in this case - I believe Bob uses the same technique as I do by redirecting anything@domain to the actual email account. If using a dictionary spam everything would ultimately be received so the chance of accidentally coming across a single address that was used with a service is low - especially as Bob says it isn't a dictionary word.

Correct.

In reply to a post by RobertoS:

Unless anyone has experienced the same for "Plusnet-secret" email addresses, (as I said earlier it only came into existence as a unique login email address)

I also use a DEA system and there's nothing showing in my mail server's rules log that might be the old address I used.

Post deleted by Andrue

Edited by Andrue (Tue 15-Dec-20 20:46:55)

I use the same system (it's official name is 'DEA' - Disposable Email Address) and how the address got out isn't the issue. As long as it's not something really simple like '[email protected]' which might conceivably be guessed or generated via a dictionary you can be sure that something nefarious is going on and it started with PN.

Yes a mail relay (should such things still exist) and snooping routers (paging the CIA?) could grab addresses but neither of those is very likely. Most SMTP exchanges are sender server connection direct to recipient server and I don't think the CIA and their ilk are likely to be the culprit here

If I tell PN to communicate with me as '[email protected]' that address is highly unlikely to be guessed or generated via a dictionary. So if spam starts appearing with that address anywhere in it then PN are to blame.

It's true that from: can be faked but that only means that most people can't be sure who the email was actually addressed to. It still remains true that a DEA address is a secret shared by only two people. I run my own mail server so I filter on RCPT TO: so I actually do know the address the email was sent to. And (should I care to look) the IP address of the sending mail server

Edited by Andrue (Tue 15-Dec-20 20:59:27)

Exactly Jenny. If we're relying on the from: field reported by a mail client then we don't reliably know the actual address used to send the email. However the mere fact that someone other than PN and RobertoS know that email to be valid is highly suspicious and whatever happened almost certainly started with PN or their servers.

- assuming it's a slightly obfuscated address.