cancel
Showing results for 
Search instead for 
Did you mean: 

Avoidance of the leaked email addresses issue

hex
Grafter
Posts: 108
Thanks: 7
Registered: ‎06-02-2013

Re: Avoidance of the leaked email addresses issue

Quote from: LordFox
Interestingly (maybe) is that the ones going to the base address are addressed to myaccountname @claranet.com - I do not use that domain, I use myaccountname @clara.co.uk. Higher up of course is envelope-to myaccountname @clara.co.uk since that is what I receive as the catch-all address.

Have you considered the possibility that in your case this leak was via claranet somehow rather than plusnet - do you use that account to set up the aliases or for the mailbox rather than your own server? 
It may be that the incoming mail server is rewriting the address but I assume it is not doing that to your other emails?  It is however a bit suspicious if the spam is only coming in address to the 'plusnet' email if you have other aliases on the same account (and the fact others have reported spam to their email addresses).
LordFox
Rising Star
Posts: 240
Thanks: 21
Registered: ‎10-03-2008

Re: Avoidance of the leaked email addresses issue

You mean, that clara has just now leaked my address to exactly the same spammer (since the spam is of an easily recognisable format) as PN did with the address I gave to them?
No.
We have gone around and around this issue in the original thread, with people coming up with plausible-sounding but easily refuted excuses other than PN.
Bottom line - the only common factor in all of it for all of us is PN. There is no other reasonable explanation.
Please, read the thread if you are interested. You'll see what I mean, and how poorly the matter has been handled by PN given that they have clearly lost control in some way of our personal data.
Even PN cannot (and have not) denied that they are the source of the data, despite all of the "well, it might be..." which have been shot down in flames by the simple facts every time.
LordFox
Rising Star
Posts: 240
Thanks: 21
Registered: ‎10-03-2008

Re: Avoidance of the leaked email addresses issue

The prevailing theory from some customers is that the data was lost at some third party whom PN gave it to for some reason, like everyone seems to outsource these days.
I don't necessarily buy into that, it's just one possibility. Probably the most likely one, but PN certainly aren't for telling us anything.
This is PN's final response to the matter:
http://community.plus.net/forum/index.php/topic,133959.msg1182640.html#msg1182640
...with which there are a number of issues, including their insistance that it is only a small number of users effected, i.e. those of us who have generated unique email addresses for the purpose of detecting where spam comes from, and have therefore noticed and complained about it. Has PN asked anyone who hasn't complained to check their spam traps? Nope! So that comment of PN's is meaningless and misleading.
gswindale
Grafter
Posts: 942
Registered: ‎05-04-2007

Re: Avoidance of the leaked email addresses issue

But,
I have had nothing end up in my junk mail folder that I don't know where it came from - thereby making your assertion that PN's comment is meaningless in itself incorrect.
All of my junk email that I get on my billing email address seems to mainly be late rooms or estate agents (all of whom I signed up with).  The rest is occasional emails that I had been expecting but got classified incorrectly.
Maybe my email provider's server is better at fleeing out real spam; but I certainly don't seem to have a problem with stuff going AWOL.
Phileasfrog
Grafter
Posts: 51
Registered: ‎01-08-2007

Re: Avoidance of the leaked email addresses issue

In my opinion (for what it is worth!), this new thread has turned out to be rather a waste of time.  There seems to be a tendency among some posters to question what has been "conclusively" shown in the original thread - ie that a clear and obvious leak has occured and that it is Plusnet where the blame lies.  I was one of the many users who received spam to a distinct email address which Plusnet has on their records, although it did refer to a period of about 12 months or so ago.  Thankfully this spam stopped in Nov last year..
The point to observe at this stage is that Plusnet seems to be unable to accept the fact, or that they are waiting for the results of various official complaints before commenting further.  I do strongly suggest that the original thread be closely studied before trying to re-invent the wheel!
LordFox
Rising Star
Posts: 240
Thanks: 21
Registered: ‎10-03-2008

Re: Avoidance of the leaked email addresses issue

Phileasfrog, unfortunately I have to agree.
Why on Earth do people who don't have a problem, or at least don't know that they have, want to insist that others can't have one, when they know nothing about the issue at hand?
The mind boggles.  Crazy
I'm glad your spam has stopped - I'm probably getting yours now by the quantity in my inbox, Wink
Phileasfrog
Grafter
Posts: 51
Registered: ‎01-08-2007

Re: Avoidance of the leaked email addresses issue

Hi LordFox....
Sorry about your continuing problem,  however I need to correct my earlier statement that my spam ceased in Nov last year.  Having checked the dates, they did stop in Nov but recommenced in Feb this year and then after quite a burst of activity they stopped again, and hopefully for good. 
Judging by how and when I used the email address in question with Plusnet, the leaked database (or whatever it was), does seem to have happened a year or more ago, or a more recent leak referred to fairly old data.... but these theories have already been well rehearsed!
Townman
Superuser
Superuser
Posts: 23,794
Thanks: 10,068
Fixes: 172
Registered: ‎22-08-2007

Re: Avoidance of the leaked email addresses issue

This thread is not about the source of the leaked information, how it happened nor who is to blame.
It is all about the consequences, picking up the pieces and getting things fixed and the claimed time and cost of doing so, having an expectation that PlusNET will (indeed could) fix the consequences.
The damage is done and cannot be undone by anyone.  The email addresses are out in the wild, indeed where those email addresses are external to PN, such email would not even touch PN's systems, even if technically they could do something.  The only way forward is to filter the spam / ignore it / ditch the affected addresses.  Given this individual has a unique address for every contact, this cannot be as difficult, time consuming or costly as has been suggested.  It does though need a positive approach to accepting the reality of the situation, rather than persisting in seeking someone to blame.
Oh silly me!  I forgot we now live in the "where there is blame their is a claim" culture!  Angry

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

HolaPussycat
Grafter
Posts: 50
Registered: ‎29-03-2011

Re: Avoidance of the leaked email addresses issue

Indeed the damage is done, and as you state, we know that these email addresses have only been provided to Plus.Net.
The annoyance is the following though:

  • There is a financial impact for those of us affected; even for those of us that can / have set the address in question to be rejected by our email servers, the volume of traffic our servers are dealing with has increased, and the overall visibility or our domain names has increased to exactly that kind of spam source*.

  • The law has been broken (Data Protection Act 1998) and there is no recourse for us. You can't dial 101 (the non-emergency police number) and tell them that someone's been careless with your data, they just don't care. The ICO are so completely useless, that they don't even understand what has happened, despite it being their job to deal with it. This is the real reason why Plus.Net are ignoring this situation

  • Plus.Net have shared our personal data with third party companies for the purposes of their marketing, but then have refused to tell us who those people are. This surely is a direct violation of the Data Protection Act, as we're supposed to be able to ask a company what data they hold about us. Plus.Net isn't answering and we can't even find out who the other people are that we need to ask!


* LordFox referred to this as a dictionary attack, and I know what he means by this; there is a potential for our domain names to receive more emails to other inbox addresses (strictly speaking, a dictionary attack is where a large list [dictionary] of words [or popular passwords] are attempted on a service in order to gain access). This is a little bit of a stretch, but this exposure can't be ignored completely.
I wouldn't say this is a case of, "where this is blame, there is a claim," it's a case of knowing what has happened to our data, and therefore being reassured that it won't happen again. We've had no explanation from Plus.Net as to who has our data, and the procedure that was followed to find out where the leak occurred. Instead, we've had a, "don't know, and don't care."
As we don't know where the leak occurred (and neither do Plus.Net it seems) we don't know what data has gone astray. We don't know if we need to change passwords. Now again, I'm fine, I use a different randomly generated password for each service, but imagine for a moment that the password database was compromised, and that a whole group of less informed users, use the same password on more than just Plus.Net. Do I need to complete this picture?
Now I don't think that is the case (partly because I've not seen any attempts yet on that username in my Exim logs), but we simply do not know what's happened.
It's this level of denial and lack of information that worries me, and that's why the legal course is all we're left with.
So much to say here, and so little time (and obviously lots of repetition for clarity)
J