Telstra Denies Selling BigPond Customers' Data

Red Wolf writes "The Age reports that allegations that Telstra sells email addresses of BigPond customers have been denied by the telco. Melbourne-based IT worker Mark Edwards had doubts in this direction when he began receiving unusually large amounts of spam at his bigpond email address. Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain, indicating that the unsolicited mass emailings were being sent to lists of BigPond users."

Telstra is Crap

[Michael's+a+Jerk!]

I'm with testra, and have had nothing but problems. Their Privacy policy allows selling your email address to advertisers. They've also got this insane capping system, that's stopped the rollout of broadband in AU.

Read more in Whirlpool. They've got the facts.

Re:Telstra is Crap

[sk0pe]

I know what you mean... at my workplace, we implemented Telstra's ADSL the first week it was available at our exchange... for about 14 months, there was no alternative either. But now we're with iiNet. Same speed, but cheaper and 6 times the download allowance. One other major reason we swapped was the spam the account's email address was receiving. Interesting to note, that since we have our own domain, this email address was NEVER, and I mean NEVER, submitted to a mailing list, a newsgroup or anywhere it may be gathered by spammers. The account name was also random enough that a dictionary attack shouldn't have worked. The address was never used to send mail, or reply to spam, but by the end of our 18 month contract, we were recieving about 6-10 spam emails per day. I realise this is not a lot for an active email address, but this wasn't used at all. The only reason I even looked at the mail box was to get Telstra mailouts regarding outages, updates etc. Not selling customer details eh? ---- All extremists should be taken out and shot.

Re:Telstra is Crap

[Michael's+a+Jerk!]

Bitching about poor service doesn't hit a company nearly as hard as taking your business elsewhere.

Agreed. However, did you read the Whirlpool link I posted?

Telstra makes it *very* difficult to change to a different service. This is a typical case. It's happened to people I know .

Even if that doesn't happen, there's a delay of 2 or 3 weeks without net access while you change. It's annoying, but I will change.

Telsta's ADSL Monopoly

[Michael's+a+Jerk!]

Telstra have a history of standover tactics (see Here, for instance).

I really hope they get busted under our new privacy laws. I have a telstra email address that I've never used that gets spammed constantly. If telstra didn't sell my details, then something very fishy is going on.

Mass Spam to a Single Domain

[Goody]

This happens all of the time -- it's called a spam dictionary attack, as the article attempts to explain. Spammers simply use every possible username in the world and append @yourdomain.com hoping to nail every user with their offers of bigger appendages.

The part in this article about spammers testing for the validity of a dictionary-generated email addresses is a load of crap. They could care less if the address is valid or not. They simply let the bounce message go out into never never land.

I doubt Telstra sold any email addresses. Dealing with spam attacks isn't worth the meager revenue that would be derived from selling addresses.

Evidence??

[Cbs228]

This evidence is not credible or convincing proof that BigPond is selling customer email addresses. However, I would not put it past them.

The only way to find out for sure if an ISP sells subscriber addresses is to make a long, hard to guess address (such as jon4859493@bigpond.com) and give it to no one, just let it sit there. If you receive spam, it's a pretty good indication that your ISP is being rather loose with your contact info.

Re:It could be a staff member

[Fizzl]

Umm... No?

How can anyone have such bad morale?
I had access to tens of thousands of credit card details as a developer for one database application.

I left the company in very disgruntled mood. Yet I never was even slightly tempted to copy the databases or details of the communications how the details are transferred around the country.
I had some company code and documentation home because I used to work remotely at times. I erased the data and returned the dead-tree docs in mail.

Althou email addys and credit card details are in totally different categories, I think of the people who own the information. It's not like it's their fault your getting shafted.

I do not have a criminal mind. I'm prolly going to die poor :(

Re:Telstra is Crap - PRON is worse ;)

This has nothing to do with selling email addresses. I'm a Bigpond user. When I surf porn sites I get DELUGED with spam, without having to provide any identifying information.

The Bigpond referrer details identify your user name. You have a default eMail account which is username@bigpond.com. Therefore, any site which analyses its visitor logs can identify a pool of valid Bigpond eMail addresses.

Mate, if you don't want the junk mail, stop wanking so much!

Poorly configured mail servers

[DrSkwid]

If your mail server follows the early SMTP RFCs it might well do this :

%telnet bastardface.com 25
RCPT TO: <aardvark@bastardface.com>
550 Address unknown locally
RCPT TO: <andrew@bastardface.com>
250 Recipient ok. [andrew@bastardface.com]
RCPT TO: <apple@bastardface.com>
550 Address unknown locally

[... do your whole dictionary]

QUIT

all usually without ever hitting the logs

you get a nice big list of valid addresses all at the same domain and no-one is any the wiser until it stats filling up their inboxes

I know this because it happened to us when someone followed the wrong RFC