this is a classic email spoof attempt

look in the headers to see the full details.

ANY email address on the internet is easy to get
they probably accessed a database of a company the user used,

but this is exactly the reason SPF and Dmarc were created

If you read the OP that is what is being said. The address was only used to communicate with one company and one only.

And only from that company. Never used by me to send an email to anyone.

Edit: I see the poster registered here purely to make those two posts. That's odd in itself, seeing as everything they posted has been thoroughly covered in the thread.

Edited by RobertoS (Thu 17-Dec-20 17:11:18)

I receive spam emails to an old [email protected] email address( but nothing to the [email protected] address) According to Have I been pwned it was in the "Onliner spambot" breech list https://haveibeenpwned.com/PwnedWebsites#OnlinerSpambot . Having seen how insecure certain forum software has been in the past I wouldn't be surprised if thats what route it came from ( but I'm surmising).

I've seen similar content spam messages to some of my PN compromised addresses on and off for ages now. Most prevalent in 2019 and earlier it has to be said though.

The primary data breach was in May 2007 with the webmail platform being hacked. Long out-of-date OS/software with known vulnerabilities resulting in a database containing virtually all PN customers' e-mail addresses being acquired. Even if, like me, you didn't actually use webmail you were still screwed because PN had pre-loaded the webmail system with all customer's account and contact e-mail addresses etc. just in case they wanted to use the webmail system. Also, any e-mail address that had been 'seen' in any customer's webmail account was compromised. If, for instance, you had sent an e-mail from, say, gmail to a PN customer who used the webmail system then your gmail address was almost certainly compromised.

A secondary data breach occurred in November 2014 although I think from memory that PN denied everything so it's unclear exactly what happened. However, there was absolutely no shortage of evidence from a good many reliable PN customers that various e-mail addresses allegedly known only to PN had been compromised. A shiny new and to all intents and purposes unused PN account that I'd set up 'just in case' following the 2007 breach suddenly started receiving spam and occasionally still does. The e-mail addresses being abused were only known to PN and PUG plus possibly also to one other PN customer who generally used PN webmail all the time. IMHO there was definitely a smoking gun in Plusnet Towers.

I also have a certain amount of evidence suggesting several other possible data leaks but nowhere near sufficient to be in any way sure that it was actually down to PN. I believe that there were also some data breach(es) during 2017/18/19 mostly relating to the billing system although I didn't appear to be affected

I'm still monitoring the use/abuse of my compromised PN addresses and accounts ... really must get a life ! However, I don't see any recent evidence of further PN breaches but I can say that the level of spam to all compromised addresses has been on the increase again after a fairly lengthy lull. From past experience this is typical in the run up to Christmas and other public holidays in general although it does seem worse than usual.

I've also had something very odd going on with one address and Amazon recently. A specific PN address used only to open an Amazon A/C and place one single order. The Amazon A/C was then closed shortly afterwards with all personal data allegedly being permanently deleted. However, it now receives regular phishing attempts that are mostly, but not exclusively, Amazon related. The address was known only to PN & Amazon and it was only in use and/or visible to anyone in any way for literally just a couple of weeks during October 2020.

Click Here to see ye olde weekly F9/PN Spam Volume Chart. More spam than you can possibly shake a stick at
Thank you Plusnet, grrrrrrrrrr ...

Edited by ambrougham (Thu 17-Dec-20 22:30:22)

I receive email spam about Doncaster and Liverpool city centre apartments daily. I am not with Plusnet or have any Plusnet email addresses.

Yes, the same. Multiple spam daily except weekends for those properties.
Comes in to various email accounts I've used over the years. None Plusnet.
Those ones come in to email addresses that have been business related.
The headers change every day. They use different From addresses every day. They use a system with different sending domains every day. It's probably a big operation.

I fully understand the point the OP is making. The email address that it's being sent to (him) - that was obviously leaked from PN.
But once an address is on a spam list, it never dies.

A bit like my landline - for days now, I'm getting up to about 10 or 12 phone calls a day from "an automated message from Amazon". They start about 09.01 in the morning and generally never last beyond 2pm or so.

Same here, all to my business email accounts, except one, that I only use for social media. Mailwasher catches them, so I haven't looked closely at headers, but the sender email does change daily.

Thanks to all that have contributed since my previous post, especially the plusnet.f9 ones.

Like you all. i get loads of similar ones about apartments and such, but to random addresses on my domains. Most being automatically routed to spam/junk.

It was the specific address that bothered me, and that does seem to have come as a result of the single hacked/copied database that got out a few years ago.

Just as a side question, are anyone's all from [email protected]random domain? Mine are. Given they are all on the same topic, apartments, it wouldn't be surprising.

🎶