Plusnet is still declining to comment on this issue, oficially or in the thread on PN's forum. It seems they are just going to ignore us all completely until we go away.
6 posts • joined 7 Dec 2014
Re: If anythingAnd Everyything@yourdomain.co.uk is forwarded spam?
Well, after 15 years of using the same catchall/domain, I actually get very few such emails. The vast majority of the spam I get (and really there isn't much) is to specific addresses identifiable as having been leaked by some company or other.
Anyway, firstly the base address I have (email@example.com) is never used. Anything that comes directly to my-domain.com is spam and is filtered first.The catch-all is of the format firstname.lastname@example.org. That is a harder one for spammers to randomly generate stuff for, because they won't know the my-account bit to add on to the domain.
That said, I do get occasional emails like that, likely from spam lists taking one of my compromised addresses and changing the prefix to something random. Perhaps a few every month, usually in a short burst. Again, these are easy to spot because they will not be filtered into a specific folder and instead will land in the (rarely used) general inbox. I just delete them.
So, it's easy, provided one is careful with one's email address in the first place, which I have been. My wife, on the other hand, was not so careful and was receiving hundreds per day to her account before I closed it.
I've just checked my trash folder (last did about a week ago) and there are only 72 entries, mostly ones I recognise as knowlingly compromised as mentioned first above. For an email I've used for 15 years, and given to hundreds of people and companies, that's not bad going.
More people are coming onto the PN forum having found out about the reason for their spam here.
The fact that some people are not getting the spam (provided that's not because of filtering) is of great interest, just as much as those who are.
If PN were to do a customer survey and determine which accounts are compromised and which not, they might be able to narrow down the point of the leak.
Was it because we had opted in (in my case, without my knowledge) into a certain mailing list from one of the many tick boxes perhaps.
A proper investigation... I'm not holding my breath... Much too much work to do covering corporate backsides to actually investigate anything!
Re: Where are your passwords and logon details?
What you, and the comment you have replied to, are saying is essentially true and a definite security concern. However, it is completely irrelevent to the current issue.
I have never, ever logged in to PN in any way other than from my home (wired) PC. I'm paranoid about security (have been since pre-Internet!) and would never store any useful information 'in the cloud'. In fact, I don't do that for anything that I don't specifically want to share with the whole planet.
Most of the people who have discovered they have this spam problem are similar to me, because they have set up unique email addresses too, so we are all security concious. I bet none of us have uploaded our login details to the cloud.
Anyway, we certainly haven't all used the same wifi hotspot or cloud service at the same time!
The leak has originated from PN. There is no other reasonable explanation.
Re: no proof
Re: 'no proof':
That's Total rubbish. If it were a dictionary attack...
1. What, on all our different domains that have never had spam (in most cases) before, all at the same time? REAlly....
2. On our catch-all accounts where ALL AND EVERY email sent to the domain comes in, we would have all of the 'aaa@', 'aab@' etc come in as well. I would, anyway. Despite what you say, I have remarkably little spam to that domain despite having used it in this way for over fifteen years!
It is only those specific address that we have created and given to PN, and only to PN, ever. Mine does not even exist on my PC as an address I can use, and I never have, it just comes in to the catch-all account like all the rest. If I were to send a reply, it wouild not have that address as my sending address.
So yes, we can say that the released information has come from PN in some way. There are plenty of us with similar (but different domains) setups having exactly the same issue. The only direct common factor is PN. Any indirect ones still include PN as the source.