Slashdot Mirror
Telstra Denies Selling BigPond Customers' Data
Red Wolf writes "The Age reports that allegations that Telstra sells email addresses of BigPond customers have been denied by the telco. Melbourne-based IT worker Mark Edwards had doubts in this direction when he began receiving unusually large amounts of spam at his bigpond email address. Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain, indicating that the unsolicited mass emailings were being sent to lists of BigPond users."
I regularly get spam addressed to my address along with other users at the same domain. But I doubt my university sells addresses. It's probably just what some spam software does, since spam assassin can be set up to assign a higher score to messages where your address isn't in the To or Cc fields.
Sheesh, what's with jumping to conclusions? Like assuming if your new hotmail a/c gets spam, then MS must have immediately sold it to spammers who immediately spammed it....
I'd like to know some specifics about the alleged selling of the e-mail addresses. Telstra says this:
"The most common practice is to submit a test mail list to an ISP containing thousands of randomly generated user names. Most mail servers would qualify the names and attempt to deliver a blank message to those that have been generated/guessed correctly."
I'm wondering how random some of the addresses were. Were they being sent to asmith@telstra bsmith@telstra, etc.? If so, then Telstra's reasoning makes sense. But if addresses like chalk54923@telstra are on the spam list, then I'd say that Telstra is full of it.
Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain, indicating that the unsolicited mass emailings were being sent to lists of BigPond users.
Why give them the benefit of the doubt and consider that this was simply the work of some relatively intelligent spamming software, designed to maximize its connection to bigpond's SMTP server (by sending the body of the message once with a large list of bigpond address) when you can accuse the cruel corporate ISP of selling customer data?
Now why these spams included target addresses in the headers of the e-mail (something SMTP absolutely doesn't require) is up for debate, but I think we're jumping to conclusions here...
Only on slashdot can a posting be rated "Score -1, Insightful".
This happens all of the time -- it's called a spam dictionary attack, as the article attempts to explain. Spammers simply use every possible username in the world and append @yourdomain.com hoping to nail every user with their offers of bigger appendages.
The part in this article about spammers testing for the validity of a dictionary-generated email addresses is a load of crap. They could care less if the address is valid or not. They simply let the bounce message go out into never never land.
I doubt Telstra sold any email addresses. Dealing with spam attacks isn't worth the meager revenue that would be derived from selling addresses.
Tired of being "punished" by the Slashdot $rtbl since 2002. I'm now over at http://soylentnews.org/ .
Umm... No?
:(
How can anyone have such bad morale?
I had access to tens of thousands of credit card details as a developer for one database application.
I left the company in very disgruntled mood. Yet I never was even slightly tempted to copy the databases or details of the communications how the details are transferred around the country.
I had some company code and documentation home because I used to work remotely at times. I erased the data and returned the dead-tree docs in mail.
Althou email addys and credit card details are in totally different categories, I think of the people who own the information. It's not like it's their fault your getting shafted.
I do not have a criminal mind. I'm prolly going to die poor
Bot Assisted Blogging
I dont like Telstra as much as the next guy ... but it could have been anyone with a simple bot to harvest Telstra Bigpond email addresses and then spamming. Maybe they have a grievance against the company (most people do) which is why its users were targeted .. or maybe it was because Bigpond users are traditionally the stupidest (no knowledge on broadband, computers, security etc) that they were targeted ... and perhaps spam mailers targeted Bigpond users because they obviously will buy anything no matter how reprehensible the product/pricing and treatment of customers.
Just because they say they CAN do it, does not mean they DID. Given the lack of evidence it seems to be a slow news day over at the IT news desk.
"I would have expected that, where "collated" email address lists are used, and where multiple destination users exist within the email headers, that the destination domains are more likely to be dissimilar"
Why wouldn't the spammer collate on domain name? Sorry whole argument is flawed on this basis.
I run a system with about 1400 users and I see dictionary attacks all the time. I ended up directing the domain of "domainnameharvesting.com" (or something very similar to it) to 127.0.0.1 because they were sending hundreds of spams to addresses that are not on our system and don't even conform to our standard. It was looking for what bounced and what didn't. Once it didn't receive any bounces at all for a few days, the spams from this particular domain stopped. Maybe it would have stopped anyway. Maybe now they are selling all the addresses as "confirmed".
But why is the rum gone?
Actually, most people I know who work in computer centers have poor morale. Lots of work, lots of dealing with pissed off customers, few perks, and managerial jerks.
On the other hand, most of them also have morals, which is what I hope you were referring to... Essentially you hope that someone in a position with access to personal information is a moral person, and they realize that abusing their position for monetary or other gain is wrong.
Although the more I work with the public, the more I wonder what happened to the concepts of right and wrong...