Telstra Denies Selling BigPond Customers' Data

Red Wolf writes "The Age reports that allegations that Telstra sells email addresses of BigPond customers have been denied by the telco. Melbourne-based IT worker Mark Edwards had doubts in this direction when he began receiving unusually large amounts of spam at his bigpond email address. Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain, indicating that the unsolicited mass emailings were being sent to lists of BigPond users."

Dictionary Attack

[wukie]

Hello, I get these all the time on accounts with my first name.

Re:Dictionary Attack

[NerdENerd]

Yes, when I used a common name on my Telstra cable account it was spammed continually, but since I have changed it to something obscure I don't get anymore spam at all.

Re:Dictionary Attack

[jarkko]

I think dictionary attacks are a myth or targeted against big organizations. I run a relatively small mail system (50 users) and I've never seen a dictionary attack in action.

I get plenty of spam though, around 50/day and osirusoft + ordb block around 150-200/day.

Any experiences with dictionary attacks from people running bigger systems ?

Re:Dictionary Attack

[mirko]

I guess the word "Directory" would be more suitable than the word "Dictionary".

Re:Dictionary Attack

[fdiskne1]

I run a system with about 1400 users and I see dictionary attacks all the time. I ended up directing the domain of "domainnameharvesting.com" (or something very similar to it) to 127.0.0.1 because they were sending hundreds of spams to addresses that are not on our system and don't even conform to our standard. It was looking for what bounced and what didn't. Once it didn't receive any bounces at all for a few days, the spams from this particular domain stopped. Maybe it would have stopped anyway. Maybe now they are selling all the addresses as "confirmed".

Re:Dictionary Attack

[letxa2000]

I think dictionary attacks are a myth or targeted against big organizations. I run a relatively small mail system (50 users) and I've never seen a dictionary attack in action.

They're not a myth. I run a mail server roughly the same size as yours and I've seen quite a few dictionary attacks. I had one a year ago that had been going for 4 days straight before I realized it and blacklisted that IP address.

Who didn't buy names from them?!

[Ignominious+Poltroon]

I sure as heck bought a few. I've got some Jones, some Smith, you name it. It's like having a friggin phone book, but it costs a lot more.

Re:Who didn't buy names from them?!

[CoolGopher]

It's like having a friggin phone book

I even got a phone book from them! And Yellow Pages too! ;-)
Wish they'd stop wasting the paper.. I have an internet connection for a reason! (and no, I'm not with Hellstra...anymore)

Telstra is Crap

[Michael's+a+Jerk!]

I'm with testra, and have had nothing but problems. Their Privacy policy allows selling your email address to advertisers. They've also got this insane capping system, that's stopped the rollout of broadband in AU.

Read more in Whirlpool. They've got the facts.

Re:Telstra is Crap

[sk0pe]

I know what you mean... at my workplace, we implemented Telstra's ADSL the first week it was available at our exchange... for about 14 months, there was no alternative either. But now we're with iiNet. Same speed, but cheaper and 6 times the download allowance. One other major reason we swapped was the spam the account's email address was receiving. Interesting to note, that since we have our own domain, this email address was NEVER, and I mean NEVER, submitted to a mailing list, a newsgroup or anywhere it may be gathered by spammers. The account name was also random enough that a dictionary attack shouldn't have worked. The address was never used to send mail, or reply to spam, but by the end of our 18 month contract, we were recieving about 6-10 spam emails per day. I realise this is not a lot for an active email address, but this wasn't used at all. The only reason I even looked at the mail box was to get Telstra mailouts regarding outages, updates etc. Not selling customer details eh? ---- All extremists should be taken out and shot.

Re:Telstra is Crap

[mikeophile]

So their service is crap and your bandwidth is capped, yet you agreed to their privacy policy and continue to shell out money to them each month?

Bitching about poor service doesn't hit a company nearly as hard as taking your business elsewhere.

Re:Telstra is Crap

[Michael's+a+Jerk!]

Bitching about poor service doesn't hit a company nearly as hard as taking your business elsewhere.

Agreed. However, did you read the Whirlpool link I posted?

Telstra makes it *very* difficult to change to a different service. This is a typical case. It's happened to people I know .

Even if that doesn't happen, there's a delay of 2 or 3 weeks without net access while you change. It's annoying, but I will change.

Re:Telstra is Crap

[G-funk]

Erm, in australia, there is no elsewhere to which you can take your business. All ADSL in australia is resold from telstra.

Re:Telstra is Crap

I'm a Telstra Bigpond cable customer, and my experience is not so bad. I use my bigpond mail account very, very rarely and never give it out to people I don't know, and I have never been spammed on that account.

I agree the volume cap is crazy. Tell them in advance how many Gig you want and if you go over they will tear your arm off. Buy 3Gb at 3c per Mb and get charged 15c for every extra Mb. The language has no term for the opposite of 'volume discount'.

Someone told me video shops make all their money on fines. Maybe it's the same for Telstra.

Re:Telstra is Crap

[mikeophile]

I see what you mean now.

Here in California, Pacific Bell was using similar tactics.

I think the only thing that has made them behave better is the competition from cable providers.

I wish you luck there.

Re:Telstra is Crap

[iamsyn]

Whirlpool is hardly an unbiased factual view on the state of broadband in Australia. Their news articles are nice and occationally a good read but the forums are generally lacking in clue.

Re:Telstra is Crap

[mister_tim]

It's not quite true that Telstra re-sells all the ADSL in Australia. I can't remember the exact break-down, but this is true for some of them, and others run their own networks over the telephone lines, which are leased from Telstra.

Regardless, you can get better prices and better service from most of the other ADSL providers.

Re:Telstra is Crap

[ToW85]

Their Privacy policy allows selling your email address to advertisers.

Is this the privacy policy you're referring to: http://www.telstra.com.au/privacy/docs/0855ppol.pd f

(If not, could you give a pointer to that privacy policy?)

I glimpsed at that PDF, and I couldn't find a paragraph that would refer to selling the addresses to the spammers.

However, I kinda wonder about Section (2)(10) -- does Telstra provide some sort of health services? If not, then WTF is it doing with anyone's health information!?

Re:Telstra is Crap

Make that about 99% --> www.transact.com.au

Re:Telstra is Crap

Telstra certainly IS crap, and ALL the CHEAPER resellers use the Layer2 offering which relies on Telstra DSLAMS and hence Telstra's support and reliability of same. Doh. The only other major DSLAM-level provider is XYZ/Optus, also used by Connect and RequestDSL, and that pricing is as business grade as the service, which is extremely good - it's just not affordable for a lot of people. Pricing start at around $300/mth for a 1.5Mbps connection, with a couple of gigs of data ( 2-3Gb ). Add extra data at 10-15c/MB and you're talking mega-dollars even for small business, and it's definately out of home user territory.
Then there's those Layer2-based providers. They're great, but suffer greatly at Telstra's hand - when support is required, Telstra services their own retail customers before the Layer2 providers' wholesale business.

One word: Monopoly.

I wish there was an uglier-sounding word that means the same thing, 'cause it sure would apply in this case.

Re:Telstra is Crap

Yes that is Telstra's privacy policy, but consistent with the extremely weak Privacy Act 1988 (Cth), there is a pretty big loophole which would permit the sale of direct marketing lists to overseas entities.

Principle 9(d) permits Telstra to transfer (ie sell) personal information about an individual to someone in a foreign country if "the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between Telstra and a third party..."

In other words, they can transfer your details to a company overseas for the purposes of direct marketing if they can claim that there is a benefit to the individual. ie We are able to provide a cheaper service by selling user details to direct marketers. This is to the benefit of the individual.

I'm not saying that its what happened, but the loophole is there.

Re:Telstra is Crap

[mabinogi]

Transact isn't ADSL - though it's better....

But it's a little more expensive than ADSL still, and only available to about 30% of Canberra...

Re:Telstra is Crap

[more+fool+you]

Telstra's incompetence should be criminal.

Fortunately for them, they lend wide-screen TV's to guys like the Prime Minister and Senator Luddite so I doubt they'll cop anything more than a slap on the wrist, as per bloody usual.

Re:Telstra is Crap

[more+fool+you]

Someone told me video shops make all their money on fines. Maybe it's the same for Telstra.

maybe that's motive for selling email addresses. every little byte helps

Re:Telstra is Crap

Not Always - The fibre belongs to telstra, however there are other DSL providers, notably Nextep and RequestDSL that have their own DSLAM's - This allows for much faster and better troubleshooting when network issues occur.
They also take into account things like overheads in their speeds, so a 1.5M/256k connection is actually data rate, not line rate. Telstra calculates on the line rate, then there are whetever low level protocol overheads are used, then telstra's PPPoE layer - Eurgh.

I work for D2P - we sell/lease managed network servers, and also resell Nextep broadband. With Linux powering our servers, and Nextep providing our network, we managed to win ATUG SME provider of the year. Good stuff :)

Re:Telstra is Crap

[Gordonjcp]

AUS$300? Ye gods! That's about 120 - in the UK, you start to get 512kbps *SDSL* for that!

Re:Telstra is Crap

[jimmyharris]

The problem here in Australia is that Telstra owns all the 'final last mile' connections on the phone network as well as owning one of two cable networks.

Even if you get ADSL off someone else you still have to pay Telstra a line rental (to have the phone line) and then your ADSL provider pays Telstra another fee to deliver ADSL to you over their line.

Think absolute bastard monopolist and you'll get the idea.

Re:Telstra is Crap

[Wild+Wizard]

A. its opt-in
B. bigpond.com is not an email address for broadband, bigpond.net.au is
C. insane caps ... er ... i have to agree with this one

Re:Telstra is Crap

[agentofchange]

Hmmm not all services, a number of companies have put in their own DSLAMS in the exchanges, yes they connect to the backbone but its reliable. Its Telstras ADSL service that sucks, and you are right, some smaller ISP's just buy wholesale Telstra ADSL. Some companies with their own, NextepNEC, iPrimus Metronet, these are only available in hi populated area's (wouldnt you if you were putting in your own nodes??).

Re:Telstra is Crap

[Tyreth]

I can confirm that my bigpond address appears to have been given out. I collect my spam in a folder (since there's not terribly much of it *yet*) in preparation for if I ever implement a bayesian filter of some sort.

I have a few e-mails in there in which all the recipients have bigpond accounts and nothing else. Sometimes the addresses span a range, sometimes they all begin with the same letter as my account.

Re:Telstra is Crap

[G-funk]

That's like 100,000 people, not exactly a large portion of the country :)

tis trivial

to create an email DB by trawling for NDRs and then only sending to some at a time

It would not be BigPond/Telestras first spam issue

[Facekhan]

I remember reading recently that Bigpond was gonna be blacklisted for allowing spammers on their service.

doesn't mean anything

[kinko]

I regularly get spam addressed to my address along with other users at the same domain. But I doubt my university sells addresses. It's probably just what some spam software does, since spam assassin can be set up to assign a higher score to messages where your address isn't in the To or Cc fields.

Sheesh, what's with jumping to conclusions? Like assuming if your new hotmail a/c gets spam, then MS must have immediately sold it to spammers who immediately spammed it....

Re:doesn't mean anything

[fliplap]

Haha, you doubt your university sells addresses? Newsflash: You university sells any info about you that they legally can.

If I hadn't filled out the form explicitly forbidding mine todo so they would have sold mine. Most colleges are strapped for cash, or can always find a place that could use more, and most will do just about anything for it.

Re:doesn't mean anything

You are completely correct. For a mailling list to work more efficiently, you would reverse sort the list of addresses so that domains are organised in groups. It makes it easier to then send the one email to the domain with the one connection to the SMTP host. Just keep going down the list until you reach a new domain then connect to the next MX for the next domain. I thought that anyone with half a brain would do this if they ran mailling lists or spam lists.

Re:doesn't mean anything

[kinko]

yes. it's one of spam assassin's signs of spam. It's worth 3.9 points out of 5.0:

SORTED_RECIPS (3.9 points) Recipient list is sorted by address

Re:doesn't mean anything

[kinko]

Uh, I don't live in America, where it seems everything is for sale. In New Zealand, and indeed the rest of the "Western world", we have privacy acts that say data may only be used for the purpose it was explicitly collected for.

This university had an internal web search thing where you could find people's email addresses given a surname (only accessible from within the university), and they decided that since they didn't mention anything about this on the enrolment form, they had to take it down to comply with our privacy act.

I sincerely doubt any university in New Zealand, or even Australia or Europe, would ever consider selling its users email addresses to spammers. Especially since NZ internet users have to pay for international traffic. Why sell addresses that will result in you paying 5 to 8 cents per megabyte of data received?

Re:doesn't mean anything

[N+Monkey]

I regularly get spam addressed to my address along with other users at the same domain. But I doubt my university sells addresses. It's probably just what some spam software does, since spam assassin can be set up to assign a higher score to messages where your address isn't in the To or Cc fields.

I get this too with a batch of email addresses with my colleagues names.

The spammers probably just sort their database so that, when they merge in newly harvested addresses, they can remove duplicates more easily.

Re:doesn't mean anything

[awol]

I too started receiving such spams all of a sudden, different domain, different country. I wondered if some kind of members list had been compromised or if one of the spam lists had started "guessing" mail addresses from some of the "larger" domains. In the same way that bigpond is the dominant email domain in Australia, so too is mine in the UK.

I guess one test would be to create a new email address that is not name related and see how long before the spam arrives.

Re:doesn't mean anything

[skaya]

Same thing here - I have my own little domain name with my own mailboxes, some dozens of users, and sometimes we get spam targetted at 3 or 4 users simultaneously (in our little domain). But I'm pretty sure that nobody did ever sell those addresses !

However, as stated before, some spam software might group the addresses by domain when sending (to save bandwidth on the sender side).

I'm not approving Telstra or anything, however ; don't jump to those conclusions, neither :-)

Re:doesn't mean anything

[GoofyBoy]

>Haha, you doubt your university sells addresses?

How dumb would this be? They would have to pay for the bandwidth/etc for handling the massive amounts of spam.

Its like selling telephone numbers and then having to pay a quarter every time a telemarketer uses it.

Telsta's ADSL Monopoly

[Michael's+a+Jerk!]

Telstra have a history of standover tactics (see Here, for instance).

I really hope they get busted under our new privacy laws. I have a telstra email address that I've never used that gets spammed constantly. If telstra didn't sell my details, then something very fishy is going on.

Re:Telsta's ADSL Monopoly

[The+Original+Yama]

Here's a more recent story (dated today). Telstra are the Microsoft of Australia.

Re:Telsta's ADSL Monopoly

[^switch]

I've also got one that I've never used but I haven't received any spam on it.

Re:Telsta's ADSL Monopoly

[cyril3]

Well then one of you is lying

Or

there is a perfectly reasonable explanation for it.

Unless you just got your adsl account my money is on the former.

I'm still getting junk mail addressed to an onaustralia account that I got when compuserve closed down and which i assumed had died when I left telstra for 6 months. No they still forward it to me.

Re:Telsta's ADSL Monopoly

[robwills]

Me too.

I setup the email address to be used as an SMS notifier, and the address has never recieved any emails except those my alert system generates.

I can safely say that my address hasn't been used for spam. I can't say it hasn't been sold... it is possible that it hasn't been used by the purchaser yet.

Re:Telsta's ADSL Monopoly

[cyril3]

No, not a troll. A bad joke maybe or lying is the wrong word. Mistaken might be better. I don't think Telstra sell lists to spammers either. I think if you get mail on an unused account it's either because you have in fact used it somewhere and forgotten (mistake) or its a dictionary attack ( reasonable explanation)

A spammer who gets a seemingly legitimate address and doesn't make use of it for some reason. I don't think that could ever happen.

I get the same on my ISP

[salty_oz]

At times I get spam that the To: header contains a list of users all on my ISP in alphabetical order. All it means is that the spammer has a sorted list and spits out the spam to groups of addresses at once. The ISP doesn't have any thing to do with it in this case.

Re:I get the same on my ISP

[fanatic]

the spammer has a sorted list and spits out the spam to groups of addresses at once

By doing this the spammer saves time on setting up conenctions to your ISP's mail server - he sends everything he has for your domain at once in one connection.

another possibility

[tankdilla]

They got hacked and don't want to admit it. Instead they play dumb when their users are getting spammed.

It could be a staff member

[Narcissus]

Just because the company doesn't sell the list doesn't mean that no-one within the company does (or someone that used to work there). I know of a few people that have taken lists of thousands of email addresses from their work on their last day, just in case they wanted to sell it.

On top of that, I know I've been offered cash more than once to get a list of the addresses in our database. If you were working in a call centre, in a country that you're just visiting, knowing that you'll only be there for a month or two, and knowing you'll never go back, wouldn't it just be too tempting to nap that list for future reference?

Re:It could be a staff member

[Fizzl]

Umm... No?

How can anyone have such bad morale?
I had access to tens of thousands of credit card details as a developer for one database application.

I left the company in very disgruntled mood. Yet I never was even slightly tempted to copy the databases or details of the communications how the details are transferred around the country.
I had some company code and documentation home because I used to work remotely at times. I erased the data and returned the dead-tree docs in mail.

Althou email addys and credit card details are in totally different categories, I think of the people who own the information. It's not like it's their fault your getting shafted.

I do not have a criminal mind. I'm prolly going to die poor :(

Re:It could be a staff member

How can anyone have such bad morale?

Clearly, you have never worked in a call center... :)

Re:It could be a staff member

How can anyone have such bad morale?

ROFL! We're talking about Telstra here! You're obviously not an Australian (or ever lived there).

Re:It could be a staff member

[jhunsake]

I do not have a criminal mind.

I prefer to think of it as a disagreement on what is right and wrong.

Re:It could be a staff member

> How can anyone have such bad morale?

By being treated badly be the company, or needing the money? If you were promised you`d be promoted and given a payrise if you worked late, weekends etc, only to be made redundant, you`d probably want to get back at them, wouldn't you? Don't piss off your workers if you can't take a joke.

Re:It could be a staff member

How can anyone have such bad morale?

Actually, most people I know who work in computer centers have poor morale. Lots of work, lots of dealing with pissed off customers, few perks, and managerial jerks.

On the other hand, most of them also have morals, which is what I hope you were referring to... Essentially you hope that someone in a position with access to personal information is a moral person, and they realize that abusing their position for monetary or other gain is wrong.

Although the more I work with the public, the more I wonder what happened to the concepts of right and wrong...

Re:It could be a staff member

[Lord_Dweomer]

"How can anyone have such bad morale?"

"I do not have a criminal mind. I'm prolly going to die poor :("

Well, cheers to you, and while I share the sentiment that just because you hate your company, you shouldn't take it out on the customers of that company...there are MANY people in IT who could care less, especially if it gets them a couple hundred bucks above their measely salary.

While sweeping generalizations are bad to make...I think it's pretty safe to say that the lower your income, the less morals will play a role in your decision to make a few quick bucks, and more to do with how risky it is that you'll be caught.

Further info is needed

[Adam9]

I'd like to know some specifics about the alleged selling of the e-mail addresses. Telstra says this:

"The most common practice is to submit a test mail list to an ISP containing thousands of randomly generated user names. Most mail servers would qualify the names and attempt to deliver a blank message to those that have been generated/guessed correctly."

I'm wondering how random some of the addresses were. Were they being sent to asmith@telstra bsmith@telstra, etc.? If so, then Telstra's reasoning makes sense. But if addresses like chalk54923@telstra are on the spam list, then I'd say that Telstra is full of it.

Re:Further info is needed

[MrOrn]

No, I have noticed the increase of spam to my unused Telstra email address. The list of addresses is not random: it specifies particular names without any pattern (aside from the alphabetization). As I have a very common surname, Kelly, you'd expect other variations on that. There were none listed.

I also noticed that the recipient names on the last spam I checked were a mixture of one initial and surname (i.e., skelly) with more-than-one initial and surname (i.e., sfkelly).

The other odd thing was that there were quite a few uncommon surnames included and few common ones (no Smith, for example).

Based on this I'd say that either they were sold or they were harvested and carefully preened.

Re:Further info is needed

I'm wondering how random some of the addresses were...

I'm a Telstra customer who has experienced exactly what the guy is talking about. My account is most definitely not susceptible to a dictionary attack (random alphanumeric) and hasn't been submitted to any person ever and yet I get spam in the account.

I started collecting the addresses from the email I received and noticed that in a lot of them I wasn't listed in any field whatsoever (can someone explain this?) and in many others the To: field was , once again, whats the deal here, is this RFC compliant?

The other addresses that I collected were pretty much random (127 in 3 weeks of spam). There were some other combination alpha-numeric names on the list too. Personally I think its more likely that someone who works there ripped a list from somewhere. Not a comprehensive list of every username, but limited in some way.

Re:Further info is needed

Dang, should have previewed. The middle paragraph should read;

I started collecting the addresses from the email I received and noticed that in a lot of them I wasn't listed in any field whatsoever (can someone explain this?) and in many others the To: field was Undisclosed Recipients, once again, whats the deal here, is this RFC compliant?

Re:Further info is needed

[Yottabyte84]

They probably just sent it to BCC'd users....

Re:Further info is needed

[Politas]

Well, my shatteredanvil address at big pond only started getting spam after I was forced to use it for Yahoo groups during the Yahoo/Excite fracas, so I don't think the addresses were sold, but harvested and sorted by domain, then username. It's a sensible way for spammers to do it. Send messages to a bunch of people at the same site, so all the routing is the same.

Also, I get some _extremely_ similar messages addressed to my excite account, using the same kind of alphabetical list. Whoever is generating these lists is almost definitely harvesting them.

I've found setting up rules which kill all messages sent to similar names does a pretty good job of clearing them.

Re:Further info is needed

[Endareth]

As an ex-Telstra Bigpond customer with an email address that was not possible to obtain with a dictionary attack, and with that email address never being used for anything other than receiving the odd bit of email from the ISP directly, I can confirm that within a month or two I was receiving half a dozen spams a day on that email address. No other email address I've used (including my main that got used for about a dozen years before having to retire) ever came even close to this much email that quickly. Combined with the behaviour otherwise exhibited by Telstra I am convinced that their email lists are made available, whether by deliberate sale or simply poorly controlled networks, I can't say.

Re:Further info is needed

[Tyreth]

Most are just normal user names (I have a telstra account with some spam archived). Some usernames are more complex. One is 4 letters followed by 4 digits. I see a few with a username followed by a single digit. Some have 2+ digits, but very rare.

In fact, looking through the list I notice when I receive spam it seems to be the same other bigpond users that are also sent it.

Heh

Lets just say I'm not surprised. Telstra are involved in every other unethical practice in the book, so why not flogging off lists of subscriber email addresses too?

Just say "no" to Telstra.

PigBond?

[mikeophile]

That's what I read at first glance.

Must have been the piggy spam graphic. Could be the beer as well.

Re:PigBond?

As an ex-subscriber to pigbond broadband, we coined that very nick name during the introduction of the 3 Gig Cap.

But I won't take credit for your dyslexia.

What a theory!

It must have happened like that! I mean no spammer could be smart enough to take a generic name like john and the domain name of Australia's largest ISP and make an email address out of it.

john@bigpond.com

That's way too difficult, Telstra MUST have sold that email address.

read the privacy statement...

[-=SteelRat=-]

I have read the telcos privacy (a few months back) statement and it makes ti clear they can give out any information they want about you to anyone they want. I think they called it partners and business associates.

I think thatâ(TM)s plain enough... don't you!

Steel

Re:read the privacy statement...

[iamsyn]

Just because they say they CAN do it, does not mean they DID. Given the lack of evidence it seems to be a slow news day over at the IT news desk.

OMFG, it's a conspiracy. Someone call slashdot!

[Moonwick]

Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain, indicating that the unsolicited mass emailings were being sent to lists of BigPond users.

Why give them the benefit of the doubt and consider that this was simply the work of some relatively intelligent spamming software, designed to maximize its connection to bigpond's SMTP server (by sending the body of the message once with a large list of bigpond address) when you can accuse the cruel corporate ISP of selling customer data?

Now why these spams included target addresses in the headers of the e-mail (something SMTP absolutely doesn't require) is up for debate, but I think we're jumping to conclusions here...

Telstra Information Minister Denies All

[DrMrLordX]

There are no email lists being sold! There is no spam in the mailboxes of bigpond accounts! Do not believe the infidels! The glorious Telstra corporation will triumph!

Re:Telstra Information Minister Denies All

[G-funk]

That'd be funny if Alston (our information minister) wasn't dumber and more full of shit that whatshisface the tale-telling-towel.

Re:Telstra Information Minister Denies All

You're going to have to try harder if you're going to be like this guy - Mohammed Al-Sahaf

Re:Telstra Information Minister Denies All

[the-build-chicken]

I am trying to pick your reference...it wreaks of animal farm...but I'm not 100% sure because I can't remember if they used the word 'infidels' in animal farm...care to elaborate? (I take it you're playing on a literary reference?)

Re:Telstra Information Minister Denies All

[Sovern]

"God will roast their stomachs in hell at the hands of Slash dot." I love the Iraqi info minister.

Telstra's response

[The+Original+Yama]

"We didn't sell it, we bartered it!"

Mass Spam to a Single Domain

[Goody]

This happens all of the time -- it's called a spam dictionary attack, as the article attempts to explain. Spammers simply use every possible username in the world and append @yourdomain.com hoping to nail every user with their offers of bigger appendages.

The part in this article about spammers testing for the validity of a dictionary-generated email addresses is a load of crap. They could care less if the address is valid or not. They simply let the bounce message go out into never never land.

I doubt Telstra sold any email addresses. Dealing with spam attacks isn't worth the meager revenue that would be derived from selling addresses.

Re:Mass Spam to a Single Domain

[Skapare]

And even if it wasn't a dictionary attack, and the spammer got all those addresses from some place else, lots of spamware does know how to bunch the same domains together so it can deliver the spam even faster by sending that mail once to one server with as many as 255 addresses on it. While I do believe Telstra is a crap ISP for many other reasons, and might well have sold the customer list (a disgruntled employee could have, and I'm sure they've had lots of those), the mere bunching of a lot of addresses with the same domain doesn't prove anything besides maybe a slightly smarter spammer.

Re:Mass Spam to a Single Domain

[gregmac]

"For all those that fail or are rejected, an 'undelivered mail item' message is sent back to the sender, in this case the sender/spammer then simply deletes the rejected names from his generated list. What is left is a list of authenticated email addresses that is then used to deliver spam messages and is also on-sold to other spammers," he said.

The part in this article about spammers testing for the validity of a dictionary-generated email addresses is a load of crap.

Actually, it's not. I have a friend that works at an ISP, and he's showed me their mail filter system (which incidentally blocks these attacks), and you can see it happening. They get attacked like this on average of once per day, and they're just a small local ISP.

Re:Mass Spam to a Single Domain

[Goody]

It's certainly the exception rather than the rule. It is much more work to validate addresses than it is just to send the spam and let the bounce go to a fake address. Consider that the spammer has to supply a real return address for these test emails and have a mail server that can accept the thousands of bounce messages that come back. Having a real return address increases the chances that they will be traced back to their network provider who will shut down their connectivity and make their lives a PITA.

Any spammer that is validating addresses isn't bound to be a very successful spammer, IMO.

Re:Mass Spam to a Single Domain

[Eric+Savage]

It's kind of sad that i had to scroll halfway down the page, even with mod threshold set at 2, to find the first post by someone with a clue (Goody). Spammers are not all dumb, and they figure if username at some domain works then they'll just add it to the list of other popular domains because at some point the person may have signed up.

Now I'm not sure if it would be a beneficial tactic for spammers, but the Cc: header means nothing, so they may not even have sent a mail to those users. Maybe they are hoping someone in cc list is a friend of yours and that will help it by pass spam filters? Or maybe some spam filters realized a while ago that Cc headers were not common in spam (not the case anymore) and used it as a flag for good mail?

Even more insidious is the spam where they send it to everyone at a domain with another valid user picked off the list at the same domain. Thus you might get a spam from your boss, or someone else you have on a whitelist.

Of course, maybe they did sell it, or someone cracked in, or an ex-employee did a select * from users. The moral of the story is that we just can't tell based on some zealot's single email.

The business plan

[zakezuke]

1. Charge extra with low monthly caps and high per megabyte charges
2. Sell off user list, resulting in increased bandwidth consumed by all customers
3. Profit!

Telstrated

[lucaschan.com]

Everyone in Australia has been Telstrated in some way shape or form. No one should find this sort of thing surprising.

Evidence??

[Cbs228]

This evidence is not credible or convincing proof that BigPond is selling customer email addresses. However, I would not put it past them.

The only way to find out for sure if an ISP sells subscriber addresses is to make a long, hard to guess address (such as jon4859493@bigpond.com) and give it to no one, just let it sit there. If you receive spam, it's a pretty good indication that your ISP is being rather loose with your contact info.

Re:Evidence??

[beoch]

I've got a bigpond email account that I only ever put on my CV. I've used this for two years and I have never once received spam on this account. If Telstra are selling email addresses then they are only selling some of them.

My yahoo account however.....

Re:Evidence??

[MattXonn]

I have three BigPond email addresses which I don't use, but still check. The only mail I ever receive through them is from BigPond advising me of service details. The addresses are not simple words so aren't easily guessable. So far I don't think BigPond is selling email addresses.

Re:Evidence??

[Jmstuckman]

Hmmm... I did this with Hotmail and I started getting spam after a week. The only way that this could have happened (besides MS selling the addresses) was a very, very extensive dictionary attack (and that e-mail address was much more random than most people's passwords.) Given that Hotmail is such a huge service, common word-three digit number-common word may have been something that spammers guess.

Re:Evidence??

[Cruciform]

Was there not a recent article about how Hotmail spammers are exploiting something on the servers to spam users without knowing their addresses?

Re:It would not be BigPond/Telestras first spam is

[Goldberg's+Pants]

This form of spamming is nothing new. Any sysadmin worth his salt should know it. It's Dictionary spamming. For example MOST of my spam comes to my ISP's OLD address, which forwards to the new one.

So blah@oldname.net goes to blah@newname.net. The spams I get routinely have CC's to a TON of other likely usernames on the service. To test this theory, I now have that account forwarding to Yahoo, and created a new, similar one, simply subtituting zeroes for the letter "O", and whereas I used to get 40 or so spam a day, I now get 1 or 2 a week, if that.

My theory is that there's a harvest trawling the net for usernames to try at various ISP's, and then spammer wakes up and goes "Okay, today I fire spam at Telstra.com" or whatever and VOILA! A whole ton of spam aimed ONLY at that ISP, and only at a particular subgroup of names. (The ones I get, because my login begins with D, are ALL names with a D at the start.)

Not saying it's NOT the ISP, but honestly, it makes no sense to sell the email address and then have to deal with the customer complaints. Bad business. (Of course, the Internet business model is built on such boneheaded techniques:))

Telstra may not be responsible...

[marko123]

Maybe Mr Edwards pissed off a support guy there, who kindly submitted his email address to several "opt-out" and assorted email collection^H^H^H^H^H^H porn sites.

does he jump off bridges too?

it sure seems likely, since he jumps to conclusions so readily:

Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain, indicating that the unsolicited mass emailings were being sent to lists of BigPond users.

i have email accounts several places where i know the admin does not sell email lists. i also have my own mail systems, and i do not sell my lists of email users either. i constantly get a ton of email addressed to lists of users, only from those domains.

i'd be more likely to believe that spammers are using smarter and smarter tools.

Why not ask the other addressees

[cyril3]

You have a list of all the other receivers in the header. So why don't you send an email to all of them asking if they are receiving a lot more unsolicited email recently. Forward the one you got as an example. I'm sure they will be pleased to hear from you.

Maybe you can offer to sell them a filter.

Oh, i see you have already done that. twice.

make that three , no four times

Umm, what's this one about penises say.

Why would I want to shrink my penis?

I get this

[Richard_at_work]

at both of my (different) ISPs email addresses. The spam turns up with only those ISPs customers addresses in the CC, usually several dozen at the same time.

I know the ISPs dont sell my addresses, as I have friends at both who have confirmed that they do not sell them, and I trust these people. As far as Im concerned, its just spammers with a list which has been sorted into ISPs and they are targetting each ISP at a time, maybe with different offers or something.

It could have been anything

[SandmanWAIX]

I dont like Telstra as much as the next guy ... but it could have been anyone with a simple bot to harvest Telstra Bigpond email addresses and then spamming. Maybe they have a grievance against the company (most people do) which is why its users were targeted .. or maybe it was because Bigpond users are traditionally the stupidest (no knowledge on broadband, computers, security etc) that they were targeted ... and perhaps spam mailers targeted Bigpond users because they obviously will buy anything no matter how reprehensible the product/pricing and treatment of customers.

Re:It would not be BigPond/Telestras first spam is

[cyril3]

Bigpond is the ISP arm of Telstra, our national telco. There have been problems with open relays for a long time. And so blocks of their addresses are continually getting stuck on block lists.

Telstra is the national carrier and does most connectivity esp overseas and so has most of the Australian ip numbers allocated to it. You gota figure if Australia is the source of a problem it will be a telstra problem.

Which reminds me

[akpcep]

I recently got a spam email with a huge list of emails in the To: field. Then shortly after I got an email from one of the other spammees, to EVERYONE on the list, telling us the previous email was spam and how irresponsible it was of them to have all the emails on full display.

I thought to myself, what a knobjockey.

This is "normal"

[erfmuffin]

Spammers are now sorting their addresses alphabetically and by domain.
AS some one who works at an ISP, I can vouch for telstra in this case.. but not usually. I despise them like many others.
But as many peple have already commented, spam comes grouped like this nowadays, and its not because the ISP is selling the address, its because they are leaving it on the net somewhere.
To prove this, we setup a dummy account on our system.. and left it there for months. In all that time it has not recieved 1 email.. spam or otherwise. This proves our system was not compromised, and that if you dont get your address out there, it wont get spam.
While users email addresses sometimes do not show up in a google search.. many people dont realise that even joke forwarding is being raped for addresses.

This proves nothing

[alonsoac]

Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain

That means nothing. I usually get some spams which are addressed to several people on my mail domain. This is a small private mail domain I know nobody sold these addresses as a group to the spammers, it just so happens that spammers group by mail domain and send the email at once to all the addresses they have on that domain.

Re:This proves nothing

[fobside]

I agree. I attended UCLA, and I would often receive e-mail from spammers with all UCLA domain address and all in alphabetical order.

Most likely reason.

Telstra itself had a problem a while back, with someone claiming they had cracked the authentication service (Telstras Heartbeat). What had happened was, this information was collected from many back orficed accounts.

The long and the short of it was, that this person had gone through and bruteforced the accounts, the scheme which they hand them out is VERY predictable.

Doing my math, there is only.. 365 (Hint) combinations of passwords that they will hand out DSL customers as a default password.

Not had to break into.

Re:OMFG, it's a conspiracy. Someone call slashdot!

[Elbereth]

I only read the YRO articles so that I can laugh at the paranoid slashbots.

ALERT! ALERT! PUT ON TIN FOIL HAT! POSSIBLE CONSPIRACY DETECTED!

Notice that the privacy geeks are usually the worst offenders in violating our privacy, too. They post our social security numbers on the web, just to show that it's possible. Corporations don't do that shit, because they know there'd be a huge public outcry. But we can't do anything to the privacy geeks.

I say we send the lot of them to Alaska. They'll be harmless there.

reminds me of USA.NET

[Natchswing]

I had an account at USA.NET for a while. "Free email for life!"

After a while I started getting lots of spam. The spam seemed to be addressed to 50 or so accounts that all started with "da" and ended with "@usa.net". Fairly obvious they were selling their lists to the highest bidder, and the second highest, and...

A few years later the whole domain closes it's free email service. Guess my life was up.

Re:Telstra is Crap - PRON is worse ;)

This has nothing to do with selling email addresses. I'm a Bigpond user. When I surf porn sites I get DELUGED with spam, without having to provide any identifying information.

The Bigpond referrer details identify your user name. You have a default eMail account which is username@bigpond.com. Therefore, any site which analyses its visitor logs can identify a pool of valid Bigpond eMail addresses.

Mate, if you don't want the junk mail, stop wanking so much!

They sold my snail mail...

a few weeks after moving into my new flat I received some snail mail spam. How was this possible, I pondered? until I noticed the mis-spelling of my name - the same mis-spelling as my telstra bill!!!

Email is dead!

[Chexsum]

Telstra uses âoecookiesâ.
Telstra uses Sensis MediaSmart Sales to supply ad-serving services for our web sites.
Telstra uses DoubleClick to supply ad-serving services for our websites.

*No personally identifiable information is collected by Sensis MediaSmart Sales from our web sites. ...thats OK, now this...

Telstra also uses Red Sheriff Measurement and Facilitate Systems to analyse usage statistics on our websites. This analysis is performed using anonymous data collected from the Telstra.com website. No personally identifiable information is collected by Red Sheriff or Facilitate Systems and we cannot link this anonymous statistical data to any personal information you may have volunteered to Telstra for registration purposes or for any other requests for products and services.

Why not, the cookies are still valid and full of information? *suspicous look* /me didnt click OK to join telstra.com. - cookies are traffic too .: can be collected by a traffic analysis agent.

WHat the hey

This makes the news on slash dot. Wow, didn't know Slash Dot had lowered it's news worthiness that much...

If you want to hear people complain all the time about telstra, got and have a look at whirlpool.net.au - the Telstra whiners playground...

dictionary attack

The mail server at our work is regularly the target of a dictionary attack.

Bounced email goes to one of our sysadmins as a matter of policy to make sure nothing important is incorrectly addressed and mail is flowing smoothly. One Monday morning earlier this month he had over 16,000 almost-identical emails waiting for him to filter through, the result of a dictionary attack. And this is a fairly regular occurance.

The net effect of this is that people with the more guessable addresses (ie: the shorter ones) will get spam regardless.

Re:Sign them up for spam

Excelent Idea!

The _REAL_ story...

[SystematicPsycho]

The Australian government recently (a day ago) announced that they will be privatising the rest (remaining 51%) of telstra. I wonder if this being on slashdot has anything to do with that?

Anyway, a day before the government's annoucement the senate was going to vote for an enquiry into broadband access in Australia.

Then later on the same day (or the next day) 4 independent senators voted against it (damn bastards, technophobics afraid of technology).

Look at these are two days in Australian politics and think, are Australians governed by morons?

Broadband enquiry likely

Broadband inquiry killed

New attempt at broadband enquiry

Re:The _REAL_ story...

[thirdrock]

Look at these are two days in Australian politics and think, are Australians governed by morons?

Short answer: Yes and No.

Long answer:
Q:Is the Government of Australia staffed with morons?
A:Not entirely.
Q:Are the elected officials of Australia our best and brightest?
A:Not even close.

Re:The _REAL_ story...

[SystematicPsycho]

Maybe I was slightly out of line with the morons remark.

There are probably only around 20-30% of politicians that are excellent at their job and understand the game well. One such politician that I think (you may not think this now) that plays the game well is Brendon Nelson (I don't even like the Liberals, but I'm being honest here). I think he comes close to a political genius, he is totally on his game, understands and reads people well and can thread an argument extremely well.

The fact is in Australia, and probably in any other democratic country is that we vote for the person/party that is least worst during election time.

I'm afraid that the Liberals will be around for the next 4 years, and that is a very long time, and a very long time for the broadband market to be suffering. I think Australia will go down as missing entirely the broadband boat and done well _not improving the I.T and Telecoms infrastructure. Instead, all the effort is going into biotechnology and experimenting on rats.

Re:The _REAL_ story...

[thirdrock]

There are probably only around 20-30% of politicians that are excellent at their job and understand the game well.

Senator Alston may understand the political game well, but that doesn't mean he's not a technological moron. Remember, this is the bloke who thought that Australians wouldn't go to overseas internet gambling sites because they wouldn't pay the long distance phone charges.

The fact is in Australia, and probably in any other democratic country is that we vote for the person/party that is least worst during election time.

Actually, in most democratic countries, of those who vote ~90% of voters vote for the exactly the same party at each election. Which means that all electioneering is basically aimed at the swinging vote (the upper middle class usually). What this would mean, if elected officials actually kept election promises, is that policy would be dictated by the small 10% of swinging voters. But we all know that policy is dictated by the rich and carried out by our 'elected officials'.

I'm afraid that the Liberals will be around for the next 4 years, and that is a very long time, and a very long time for the broadband market to be suffering. I think Australia will go down as missing entirely the broadband boat and done well _not improving the I.T and Telecoms infrastructure.

If the liberals are returned to power at the next election, I am moving to New Zealand.

Re:The _REAL_ story...

are Australians governed by morons?

They're governed by Australians. 'nuf said.

Re:The _REAL_ story...

[SystematicPsycho]

I hope you didn't think I meant Senator Alston was a political genius, no way in _the world. Brendon Nelson is who I was referring to.

Heh, I'm actually thinking of going to London or something a rather for a year or so. I just finished an Honours degree in Computing Science and can't even find a graduate job. I'm currently nightfilling at the supermarket too.

The Brain Drain will continue. These pompous arses are too busy looking after their friends and themselves. It's the Australia of tommorow that is going to suffer.

Re:The _REAL_ story...

[thirdrock]

I hope you didn't think I meant Senator Alston was a political genius, no way in _the world. Brendon Nelson is who I was referring to.

No, Richard Alston's genius is that he realises that being a genius confers no advantage in Australian politics. Quite the opposite in fact. He's not real smart, but he's a survivor.

Heh, I'm actually thinking of going to London or something a rather for a year or so. I just finished an Honours degree in Computing Science and can't even find a graduate job. I'm currently nightfilling at the supermarket too.

Well, after working for nearly 10 years in IT, I have been unemployed for 18 months. I love to code, but it looks as though I might be pulling coffees for a while.

The Brain Drain will continue. These pompous arses are too busy looking after their friends and themselves.

If only it were that simple. A staggeringly ineffecient and ineffective bureaucracy at federal, state and local levels that employs one third of the workforce and that spends a staggering percentage of GDP has been steadily growing in size and waste over the last 20 years.

To pay for this malarkey, many Australians now pay almost 60% of their income in open and hidden taxes, plus they spend nearly 25% of their time feeding the govt it's monthly diet of forms and dealing with the most convoluted and idiotic tax law in the western world.

This systematic destruction of wealth has been offset by the completely disingenuous strategy of creating a bubble economy through the 'first home owners grant scheme' and lowering interest rates. And we all know how that turned out for Japan.

Anyway, it might be time to look at immigrating to somewhere with some culture to offset the inevitable poverty.

Re:The _REAL_ story...

[SystematicPsycho]

Well, after working for nearly 10 years in IT, I have been unemployed for 18 months. I love to code, but it looks as though I might be pulling coffees for a while.

Ouch, that's cold. I've been looking for around 6 months. If you told me 3 years ago that I would be working as a nightfiller at the supermarket and will have an Honours degree I would of laughed my arse off and said you're crazy! not me no way. I look back and cannot believe the chances I've missed. I've had an awful lot of bad luck and it just keeps getting worse. I think it's time to leave the dump for greener pastures too.

All I see in the future here is more despair and hard times. This freaking sucks.

I saw a report on Fox News before (dodgy Republican Network) about 500 people with Masters degrees starting to work for free in the hope that there is a small chance it may lead to paid employment.

Anyway, we could probably talk forever. I usually am on irc.freenode.net as zen-x if you want to join, #c #vim. Alot of other Australians on #c too. If I'm not there or very idle stick around, it usually gets interesting anyway.

-Later.

I learned a lot from customer experiences

[leonbrooks]

iiNet used to be great, then the other Michael left, they went on a buying spree (Wantree, Omen, Networx, dozens of other smallish ISPs) and their tech support fell in a hole (due, I suspect to the high turnover rate of competent technicians, he says, waving to Brett, a prime example).

If you want a large ISP in WA, I recommend WestNet. They're a bit too big to still be really caring, but their reliability is a notch above iiNet's.

If you want an excellent quality smaller ISP in WA, choose ArachNet. They also have excellent colocation terms, and this bloke can sell you a dandy little rack box to colocate with (review coming soon). I use ArachNet myself. There are others.

If you want reliable DSL in Oz and damn the cost, try Request or Optus (nice picture). Everyone else has to go through Telstra to get their DSL (and these two will also if they have no DSLAM in the exchange), which costs you a big reliability hit.

Telstra account for your data as the sum of both directions. Most Oz ISPs will bill you for the max of in and out, or just bill you for in, but no, not Telstra. As a 'phone company, they're not too bad (their service actually works). As a "competitive" ISP, they suck.

Re:I learned a lot from customer experiences

[Ben+Lisle]

That other Michael decided to head over to Sydney and fix upOptusNET. iiNet's loss is OptusNET's gain.

SPAM 101 - HOWTO:

Seriously, less than a few hours ago I met a guy (in person) who helps another guy spam overseas. He reckons a simple perl script (much like a link verification tool), a modified version of procmail (to become a mega mass-mailer), and an open relay, and they're in business. Sometimes they stick their own open relay (configured to remove original IP of sender) on a particular broadband ISP and spam using it as a relay. When asked by ISP, they then say "whoops I didn't know it was an open relay". A few of these warnings, and then a boot, and then they move to another ISP.

Anyways, their personal spider can obtain 300,000 email addresses in a day. It will also do a lookup of the domain to verify if valid, and other clever things.

I wanted to choke the guy!

Solution:
As soon as ISP's email servers BLOCK emails that have the original IP address removed (easy to do), then this type of spam will stop (if all ISP's will do this). They should also instantly boot users with open relays that have been spammed from, no questions asked. Networks that harbor spammers and their relays, should be blacklisted at the ISP. Emails should be bounced. If a GENUINE email is blocked, the bounce message could show how to contact ISP for remedy.

Re:SPAM 101 - HOWTO:

[grolschie]

Very tricky indeed, using their own SMTP at one location to relay their own spam from another location. Solves the problem of them 'finding' open relays. And also makes them appear to be a victim or a stupid user, instead of the actual spammer.

Re:SPAM 101 - HOWTO:

[schon]

BLOCK emails that have the original IP address removed

Can you define "original IP address", and how it's removed?

Are you talking about the Received: header? If so, how would you tell if the IP address has been 'removed', or if the sending server never added it in the first place (which is the default on many products such as older versions of MS Exchange.)

Re:SPAM 101 - HOWTO:

[Lord_Dweomer]

"Seriously, less than a few hours ago I met a guy (in person) who helps another guy spam overseas."

And you didn't inflict bodily harm?

"I wanted to choke the guy!"

Thinking about it is nice...but seriously people, the problem isn't the few people responding to spam that makes it viable...its the people who have met spammers in person or who know people who do work for spammers and don't hunt them down, tie them up, give them many papercuts on their eyeballs, drip acid onto their genitals, launch porcupines at them from a high-velocity cannon, hang heavy weights from their nipples, ears, and remains of their genitalia, and finally have them killed by public stoning.

Seriously...sometimes I feel Slashdot is all talk and no action.

Re:SPAM 101 - HOWTO:

You can configure an SMTP server to remove all details of the sender from the header. Whereas normally you can trace emails (via the header) to the sender's IP address. With this SMTP setup, you can only trace the email back as far as the SMTP server. This should be a clear sign that the SMTP server has been set up like this on purpose, and should get them booted.

Re:SPAM 101 - HOWTO:

Well, I'd lose my job if I did anything of the sort. What he does is technically legal. It is still annoying, unethical, and the cause of mass bandwidth and enjoyment loss to many. Those who live by the sword, die by the sword. Don't worry, his mailbox will be full of 'you know what' very soon.

Re:SPAM 101 - HOWTO:

[schon]

I know that - but you didn't answer my question.

How do you know a piece of information has been removed, INSTEAD OF NEVER ADDED IN THE FIRST PLACE?

Here's an example:

Server 'A' removes the IP address.
Server 'B' never adds the IP address.

How do you tell which one happened?

Re:SPAM 101 - HOWTO:

I guess you don't. You only trace it back as far as the open relay. You then complain to ISP, and ISP warns user to secure his server. User chuckles, and ignores a few warnings, then moves to new ISP. Some lame spammers don't do this, and you can pretty much trace right back to their ISP IP address.

Re:SPAM 101 - HOWTO:

I guess you don't. You only trace it back as far as the open relay. You then complain to ISP, and ISP warns user to secure his server.

Congratulations, you've just described the status quo.

collated?

[tarquin_fim_bim]

"I would have expected that, where "collated" email address lists are used, and where multiple destination users exist within the email headers, that the destination domains are more likely to be dissimilar"

Why wouldn't the spammer collate on domain name? Sorry whole argument is flawed on this basis.

Re:Not true anymore

Quite a lot of ISPs now re-sell Comindico's ADSL now.

Their entry into the market caused a small price war with wholesale prices, leading to the number of cheaper ADSL ISP options lately.

For those not familiar.

Telstra has a habit of raising their wholesale price to be close to or in some cases higher than their retail prices to end users, after a short delay the ACCC steps in and slaps down Telstra, who then behave for a while, then repeat.

This has the effect of discouraging competition.

So far the ACCC has not given out much more then slaps on the wrist, but this is mainly because the government is trying to sell off their share of Telstra, so they want the share price to be high.

You'll note that ACCC has been showing more teeth, and Telstra has been quiet lately, because the government has sidelined their plans to sell their shares (mainly because Telstra's share price is quite low atm).

Poorly configured mail servers

[DrSkwid]

If your mail server follows the early SMTP RFCs it might well do this :

%telnet bastardface.com 25
RCPT TO: <aardvark@bastardface.com>
550 Address unknown locally
RCPT TO: <andrew@bastardface.com>
250 Recipient ok. [andrew@bastardface.com]
RCPT TO: <apple@bastardface.com>
550 Address unknown locally

[... do your whole dictionary]

QUIT

all usually without ever hitting the logs

you get a nice big list of valid addresses all at the same domain and no-one is any the wiser until it stats filling up their inboxes

I know this because it happened to us when someone followed the wrong RFC

Re:Poorly configured mail servers

[statusbar]

Exact same thing happened to me. At one point I changed to use the courier smtp server for a bit, and then mailq showed 1000 messages bouncing because of a dictionary attack. I noticed immediately because it clogged my mail server so nothing was coming through.

--jeff++

Re:Poorly configured mail servers

Yeah, that's right, typical behaviour of poorly configured or poorly implemented mail servers.

Recent mail servers do not show that behaviour - but instead, this one:

%telnet bastardface.com 25
RCPT TO: <aardvark@bastardface.com>
550 Address unknown locally - dialing directory assitance
555 Directory assistance!
555 Where you looking for:
555 [bagels@bastardface.com]
555 [bandrews@bastardface.com]
555 [bandrex@bastardface.com]
555 [bangels@bastardface.com]
555 [banjojoe@bastardface.com]
(...)
555 or use [all-b@bastardface.com]
555 to send mail to all accounts
555 starting with the letter [b]

Looks like we need better mail servers that are just more userfriendly

They DO sell their regular customer details

I signed up, and their database entry took my middle name as my last. From a month or two later, I've gotten spam addressed specifically to a man with the last name of my middle name, and to my house address. It never stops.

This is regular dead tree spam I'm talking about.

Trust?

[somethinghollow]

Everyone sounds surprised to some degree, but really... who can you trust any more? Certainly not the government, certainly not big corperations, certainly not your neighbor, and maybe not even yourself. Nothing is sacred any more. I'm surprised some government big wig didn't buy in on a system to track e-mail addresses and harvest accounts via headers, then sell them.... or maybe they did. I'm wondering if protecting privacy is even important any more since privacy may not exist in these times. (that statement was partially sarcasim, but partly genuine)

it's crappy servers - no mailice here (maybe)

[DrSkwid]

%echo matt@bigpond.com.au | /www/bin/get_mx
extmail.bigpond.com

%telnet extmail.bigpond.com 25
Trying 144.135.24.8...
Connected to extmail.bigpond.com.
Escape character is '^]'.
220 bigpond.com service ready (identifier 29/4290323)
helo numpty
250 bigpond.com
MAIL FROM:
250 ok
RCPT TO:
550 recipient unknown

so you run your dictionary attack against the server

MAIL FROM:
250 ok
RCPT TO:
550 recipient unknown
RCPT TO:
550 recipient unknown

until you some 250s

Re:it's crappy servers - no mailice here (maybe)

[dkf]

I've known mail servers which were configured to accept *everything* ('cos they forwarded to the real mail server which was behind a firewall). The technique of using RCPT TO: doesn't work very well in practice; I used to use it for email validation about 5 years ago, and gave up. The only reliable way to validate an address is to send a message containing a complex URL that the user visits.

Of course, spammers don't care. They just set the reply-to header to someone else (I've been on the receiving end of this particular spam technique. GRRR!)

Re:Not true anymore

Yep, Comindico have their own network, but they DO NOT have their own DSLAMS and as such still rely on Telstra's Layer2 crap to deliver their service. See post above ;0)

What a load of crap.

[OzTech]

In all fairness, I've got to question the claim that Mark has made. I am a self un-employable person who works from home. I have been using the Internet for about 5 years, and for the last three years have been using Telstra Bigpond cable. As part of my profession, I send and receive Email every day. I participate in a couple of "closed" mail lists. I don't run my own mail server, and simply use my Bigpond mailbox. My spam filtering software consists of absolutely nothing. On average, I receive 1 spam message a month. The simple fact is that if you do not participate in newsgroups, or other "open" forums, don't frequent porn sites, or buy stuff on the net, you won't get spam. In short, I treat my Email address as I do my mobile phone number, which means that it isn't handed out to just anyone. If the topic was the slow response times you get on Bigpond Broadband, and how a 10Mb cable-modem link still can't handle 160x120 movies in real time. Or, that surfing the net is still painful on Telstra cable, then the complaint might be valid.

Theft of eMail list

[pbjones]

I understand that a couple of years ago that a complete list of bigpond email addresses was 'stolen' from a database. And it would be easy of an employee to sell data without being caught.

no malice - now with extrans

[DrSkwid]

%host -t mx bigpond.com
bigpond.com mail is handled (pri=10) by extmail.bigpond.com

so you run your dictionary attack against the server

%telnet extmail.bigpond.com 25
Trying 144.135.24.8...
Connected to extmail.bigpond.com.
Escape character is '^]'.
220 bigpond.com service ready (identifier 29/4290323)
helo numpty
250 bigpond.com
MAIL FROM: <>
250 ok
RCPT TO: <aardvark@bigpond.com>
550 recipient <aardvark@bigpond.com> unknown
RCPT TO: <apple@bigpond.com>
550 recipient <apple@bigpond.com> unknown
RCPT TO: <mr_brianpowell@bigpond.com>
250 ok

and every 250 is a valid paid up customer

and there's not a long entry in the world that's going to find you

in fact you can visit http://www.bigpond.com/home/memservices/community/ index/

to harvest email addresses like I just did while waiting to post with EXTRANS

still it's more newsworthy if you CHARGE someone for this information !

Above Post has unintended consequences!

[weierstrass]

asmith and bsmith get even more spam.

chalk54923 gets first ever spam...

Re:Above Post has unintended consequences!

[klparrot]

Ah, but you'll note that they were @telstra, not @telstra.com.au. I doubt there are many spiders that would be smart enough to add the .com.au.

Can't be true!

[agent+dero]

A large e-mail account provider selling e-mail addresses?
NEVER! (sarcasm noted with italics)

Hotmail anyone?

Spam

[H3g3m0n]

As im reading this i'm checking my bigpond account. 329 spam. It should also be noted the bigpond have no spamfiltering stuff and include emails in the 3gb cap.

Not entirely true

[leonbrooks]

I know of Request (who actually use RUCC for all of their ISP-ish stuff) and Optus using their own DSLAMs etc, even their own copper.

What's the big deal?

[deunan_k]

Well, everyone did it.. Credit Card companies, Insurance, Finance, and why not ISPs?

A Colleague of mind, who is very paranoid when giving out his cell phone number got really pissed off when he received a call from some banks offering him credit card services. Recently he signed up for one and had no intention of signing for more. It seems that these people shared information within the industry..

I'm not trolling.. Just lamenting on the alarming trend of the marketplace.

Re:What's the big deal?

[micq]

I know it's not cure all, but I have a very satisfactory response when I get one of these calls and cut them mid-sentence to say "This is a cell phone"... They tend to get off pretty quick.

er.. off the phone, that is.

Telstra denies selling it's customers data

[Op7imus_Prim3]

Did any one else read that as Telstra denies selling data to it's customers? As a user of ADSL in australia, most of which runs off the Telstra backbone, I can say there are certainly time where you are paying for nothing. Outages are all too common. Like it goes out when it rains common. I could see how they might deny selling anything at all given the level of service they provide.

Re:Telstra denies selling it's customers data

[surprise_audit]

Be fair - at least tell us how often it rains in Australia...

I doubt it

[srn_test]

I have a Telstra Bigpond address (from having a cable modem).

I never get any mail at it at all, except for official notices from Telstra.

I've had it for about 4 years. I've mailed from it or given it out.

employee?

[Mark19960]

maybee an employee sold them to a spammer.
I have always wondered about inside jobs of this sort.
im sure it wouldnt be hard these days with the compact USB hard disks you can put on your keys.
simply plug it in, transfer all the email addresses, zip it up and send it to your favorite spammer, then collect.
sound easy? yeah... its scary.

Telsta's an ISP now?

[I+start+fires]

So Telsta invents AC power and now is working as an ISP?

Not Neccessarily...

[matth]

I administer a mail server for an ISP of about 20,000 customers. We see mail come in all the time with JUST customers addresses in them. (ie.. no outside e-mail).. but I know that we don't sell customer information. I do believe this guy is over reacting. I've actually had to explain to several customers of ours that we don't sell information, because they came to the same conclusion. I think spammers must be wising up or something and sending all the e-mails to one domain in a CC or something rather then seperate e-mails... takes less effort/bandwidth.

Re:OMFG, it's a conspiracy. Someone call slashdot!

[Gordonjcp]

Why are Americans so paranoid about their social security numbers? I've never understood the great furore over people posting them on the net, or that banks might want them.

Snail Mail

I have a friend, who a couple of years ago hooked up his telephone line but Te$tra. The catch is they misspelt his name in the billing details. Some months later he started to receive occasional junk snail mail addressed to him with you guessed it the misspelt name.
Go figure!

Alternatives

[LX.onesizebigger]

Mmmm... an Oz-centric article for once.

Just to point out that there are alternatives. Personally I'm very satisfied with TPG's dialup connection for A$50/quarter and I'm thinking of switching to their A$70/month 128/64 ADSL once my current account expires.

As far as I know, they're established pretty much all over the continent, they provide no-bullshit services. Not only that, but unlike that annoying blue bird with the annoying pie-eating chubby guy that's pestering the telly, this is not the 'tastiest' but the cheapest deal out there. At least if my survey of about 50 different ISPs in the area is anything to go by.

Oh and they better hire me as a sales representative now!

Re:Alternatives

I finally found an instance of were the UK isnt getting fucked over more than every other country. being from NZ, I have to laugh at what your poor aussies have stuck with even thought the situation in NZ isnt all the much better. Firstly blame the people that own the Southern Cross fibre.

for $90AUS, I get 512/256 DSL with effectively unlimited traffic. They say 130gb per month but I would struggle to eat this much

Re:Alternatives

why not the $80/month unlimited 512/128 ???

Re:Alternatives

[LX.onesizebigger]

Yeah, perhaps I should have mentioned the 512/128 for A$80/month (metro areas, as was the case with the other ones I mentioned) as well (and shown the other AC who replied to my post that the Kiwis are yet again the ones getting shafted). Personally I can't afford it/it's not worth it to me. I'm not a huge downloader and I'm fairly patient anyway, so I value a pseudo-permanent connection more than speed.

Don't bother with the Whirlpool link

[hayden]

They're just a bunch of whingers that can't even organise a bbq.

taking money to do the spamming themselves...

[wadiwood]

I think we have this backwards. Telstra is not selling bigpond email addresses. They are doing deals with mass marketers.

Eg Give us the stuff you want to go to all our customers, and we will send it for you.

That way Telstra can fairly truthfully claim they (as opposed to disgruntled employees) did not sell any email addresses.

I know Australia Post does it regularily. I have a PO Box and a home mail box and I get crap directly from Australia post and at the PO box I get unaddressed mail! Like only Australia Post can put stuff in there and they put junk mail.

I think it's the same with Telstra. It's all in how you phrase your request.

"Can you give us your customer database"
Answer: NO

"Can you send our marketing stuff to your customer database?"
Answer: YES!

Australian IT is definitely governed by idiots.

It kinda doesn't make sense.

[FauxReal]

Why would an ISP that's so stingy with bandwith sell its user list and open itself up even more of the massive bandwith used for spamming? But then again... maybe they hope you download enough spam that it pushes you over into the next pricing tier. hehehe

New Spidering Software

[TheBillGates]

It's most likely new spamming software that does on the fly web spidering.

I was getting spam addressed to myself and others in IT until I asked our webmaster to take off my mailto link on the IT staff directory page. Since them I've had a big decline in spams at work.

Not selling? What about swapping, renting?

[bagofbeans]

"BigPond public affairs manager Stuart Gray deined that Telstra sold email lists."

Whoopy do. There are many ways of circulating a list to 3rd parties without "selling" it. Magazines, for example, rent their lists by becoming mailing houses so the rentee can't see and therefore reuse the names. Charities swap lists.

Many site privacy policies use similar language which sounds like they will never pass on their list, but in fact they are just defining a narrow range of circumstances under which they won't. Could be clumsy English... but then I expect lawyers write these things, so maybe not.

FWIW, after 2 years of Yahoo account, used a lot, I get NO spam. Admittedly my email address will fail to succumb to a dictionary attack, but it does mean that Yahoo is not passing it on AND the traders etc (inc. Ebay) aren't either.

Sounds Like Just another Dictionary Attack

Having formerly worked for an ISP myself, I know that one test we did for finding out when a similar attack was being run on our e-mail servers was set up several e-mail addresses as "spam catchers," not advertising those addresses ANYWHERE, and just occasionally checking those boxes to see what was there, and adding any sender addresses found to our anti-spam system's block list. So does it happen? Definitely...

Ya for Tulsa!

[lonesome+phreak]

Tulsa sucks, but we get a 1.5 business cable modem with two IPs run to our apartment for $105 a month. It's had some outages, but the tech support was great. They even call back and tell you when it's back up, although we just left the TV on until the signal came back.

The fiber plant is pretty new. Most of the town was just wired for cable broadband in the last 2-3 years, so it's still pretty swift. Even with other people on the line it blows the hell out of bell.

The sweetest thing is you can call Monday and have the service deployed by Tuesday, or maybe even Monday afternoon if you call in the morning. So far, no complaints.

I _KNOW_ Telstra sells customer data, because ...

[vandan]

When I got my phone connected here, Telstra mis-spelled my name. My name is incredibly uncommon.

About a month later, I was looking through the logs on the mail server at work ( as you do ) and saw an error about an unknown user, which just happened to be made up of my first initial, and then my last name ... mis-spelled just as Telstra had ( at my company dot com dot au ).

I immeditately called Telstra and confronted them, and they denied everything. The girl was quite rude about it and implied that I might also have stories about little green men carrying experiments out on my while I was asleep.

I absolutely INSIST that Telstra sold my details, consisting of ( but not limited to ) :

- my first and last name
- my employer

The above I can deduce from the logs on the mail server at work.

this is so simple to do

[Junkhead]

"ORDER BY username GROUP BY domain"
My SQL could be bad but thats pretty close in any case

simple stuff really
whats next? decending order names as proof time is running backwards?

cheers

!me too

[jamesh]

I'll badmouth Telstra at any opportunity I get where there is some basis for it, so I guess in the interest of karma I should speak up here :)

I've received approximately 5 items of spam in the 13 months i've had my Bigpond dialup account for. Compared to the amount of real email I get, this number is insignificant to at least 3 decimal places.

If you were to ask why i'm on dialup and not broadband, _then_ you'd hear some badmouthing of telstra :)

Hmm, that explains the relative DSL reliability

[leonbrooks]

(-:

And your website probably explains why Flow is a SF download mirror. Now all we need is free connectivity between state IXes.

PS, Michael also...

[leonbrooks]

...had a hand in restarting PLUG before he left (that website served from an XboX). D'you know if he's a member of SLUG or anything over there?

While we're on the topic of spam mailouts...

[fuzza]

We had a spam problem a few weeks back. Some inkjet printer spammer was sending spam to/from one of our addresses.

At first they sent a couple of hundred _to_ our address, then they sent hundreds apparently _from_ our address (so we got all the bounces of invalid users, as well as a few "remove me from your list" types).

The weird part is, instead of using the actual valid email (eg. someone@validdomain.org), they were sticking random letters on the end (ie. someonegtwk@validdomain.org), thus making it _invalid_.

Eventually I wrote some exim and procmail rewrite rules to dump them into a file in my mail directory... they seem to have stopped at ~900. All bounce types, so who knows how many they sent...

(Before you ask, no, we're not an open relay, and they weren't coming through us. They were being sent, apparently from their system (or other people's), just with the From and Reply-To addresses set to our (invalid) address.)

Strange...

The problem's with BigPond

[surgeonsmate]

I'm a Bigpond customer - I actually have two accounts with them - and I've been seeing a lot of this stuff recently. Not your usual spam, but spam addressed to half a dozen or ten subscribers in alphabetical order. It's not spammers just picking likely addresses, neither - some of these addresses are quite specific and you'd be unlikely to guess them or find them with a brute forcer. Mind you, it's easy enough to control. I just pick the address next to mine in the list and any mail I get addressed to that chap goes in the bin. Cheers, Peter

Re:Not true anymore

[mari-pa]

Quote - You'll note that ..., the government has sidelined their plans to sell their shares.

This, too, is not true - the Gov't does plan to sell it's 50.1% stake ASAP, but Telstra must first provide "the bush" greater access/service levels/support than it currently does to those living in metro areas.

Oz is a very, very big country - far larger than the whole of Europe combined - and it will be a difficult ask for Gov't.

The Govt will now spend about $AU180M (about $US100M) to do so.

See one article about this here - http://smh.com.au/text/articles/2003/06/23/1056220 544959.htm