EmailDiscussions.com - View Single Post

jarland · 21 Aug 2022, 03:09 AM

I took a second look at all of the data here, in reaction to "I didn't get the ticket notice in my admin email" and I had some things to add and some modifications to what I'd previously said.

It was in fact your email account Bamb0 that I accused of being compromised and sending spam. If I was mistaken it would be interesting, as it very much matches a recent trend that currently has me on high alert. That trend has to do with users reusing passwords that are not secure, are easily guessed, or are stolen from other places that they've used them which were compromised. Then their accounts are of course used to send spam. It would be an unusual false positive if your email was not compromised, however, your emails to me over the last few days are making me second guess it. Your writing style is fairly unique, and considering the email subjects and recipients (the only data logged/reviewed for this), I can see how it's possible that I made a mistake. I can also see how I wouldn't have second guessed it for a second, prior to our personal email conversations, as I have zero other cases which look so similar to the trend in question that have not all been exactly as I thought they were: Compromised accounts sending spam.

The latter, the one "Hey buddy" (or whatever, paraphrasing that subject not copy/pasting) email that made me think yet another had likely been compromised after yours, which I thought was what you were referring to, was in fact someone else. Which is odd, because that was the email to SMS one and I don't see an email to SMS one that matches for you? Did you have two email accounts on the domain? We'll figure it out, you don't have to answer that. I have to ride some lines here to even talk this much about it, but keeping it all very conceptual and not excessively detailed keeps me from violating anyone's privacy, which is one of the most important factors to me.

That said, had I made a mistake, we could clear up fine via ticket but I already knew from the ticket that had been sitting open for so long that this user wasn't going to be engaging me and in my mind I'd spent enough time dealing with an account that at this point was negative revenue (after including time/effort not reciprocated) and from my perspective the customer just didn't seem interested in keeping it. So I considered an ignored abuse complaint over a month old to be fairly long notice, as it's pretty standard in the companies I consider peers to remove customers that aren't responding to abuse complaints.

As for the account owner not receiving mails to their AT&T-backed email, that I can't do much about but I can say this:

250 2.0.0 27CMiuYU076811 Message accepted for delivery

250 2.0.0 27CLwcGq030783 Message accepted for delivery

250 2.0.0 27CLsZFs103444 Message accepted for delivery

250 2.0.0 27E2LCci055066 Message accepted for delivery

250 2.0.0 26OI5RCv116159 Message accepted for delivery

To be clear, those are not response codes from my systems. those are acceptance responses from a remote email system to which I sent emails for the account in question.

Bamb0 I will do my best to figure out a way that I can feel comfortable providing you with your emails, in a way that satisfies my need to protect the integrity of your data and ensure that at no point am I doing anything which provides an unauthorized third party with access to anything more than my little story above. We'll figure something out, but it'll probably be Monday before I dive any more into that.

21 Aug 2022, 03:09 AM	#84
jarland Essential Contributor Join Date: Apr 2014 Posts: 399 Representative of: MXRoute.com	I took a second look at all of the data here, in reaction to "I didn't get the ticket notice in my admin email" and I had some things to add and some modifications to what I'd previously said. It was in fact your email account Bamb0 that I accused of being compromised and sending spam. If I was mistaken it would be interesting, as it very much matches a recent trend that currently has me on high alert. That trend has to do with users reusing passwords that are not secure, are easily guessed, or are stolen from other places that they've used them which were compromised. Then their accounts are of course used to send spam. It would be an unusual false positive if your email was not compromised, however, your emails to me over the last few days are making me second guess it. Your writing style is fairly unique, and considering the email subjects and recipients (the only data logged/reviewed for this), I can see how it's possible that I made a mistake. I can also see how I wouldn't have second guessed it for a second, prior to our personal email conversations, as I have zero other cases which look so similar to the trend in question that have not all been exactly as I thought they were: Compromised accounts sending spam. The latter, the one "Hey buddy" (or whatever, paraphrasing that subject not copy/pasting) email that made me think yet another had likely been compromised after yours, which I thought was what you were referring to, was in fact someone else. Which is odd, because that was the email to SMS one and I don't see an email to SMS one that matches for you? Did you have two email accounts on the domain? We'll figure it out, you don't have to answer that. I have to ride some lines here to even talk this much about it, but keeping it all very conceptual and not excessively detailed keeps me from violating anyone's privacy, which is one of the most important factors to me. That said, had I made a mistake, we could clear up fine via ticket but I already knew from the ticket that had been sitting open for so long that this user wasn't going to be engaging me and in my mind I'd spent enough time dealing with an account that at this point was negative revenue (after including time/effort not reciprocated) and from my perspective the customer just didn't seem interested in keeping it. So I considered an ignored abuse complaint over a month old to be fairly long notice, as it's pretty standard in the companies I consider peers to remove customers that aren't responding to abuse complaints. As for the account owner not receiving mails to their AT&T-backed email, that I can't do much about but I can say this: 250 2.0.0 27CMiuYU076811 Message accepted for delivery 250 2.0.0 27CLwcGq030783 Message accepted for delivery 250 2.0.0 27CLsZFs103444 Message accepted for delivery 250 2.0.0 27E2LCci055066 Message accepted for delivery 250 2.0.0 26OI5RCv116159 Message accepted for delivery To be clear, those are not response codes from my systems. those are acceptance responses from a remote email system to which I sent emails for the account in question. Bamb0 I will do my best to figure out a way that I can feel comfortable providing you with your emails, in a way that satisfies my need to protect the integrity of your data and ensure that at no point am I doing anything which provides an unauthorized third party with access to anything more than my little story above. We'll figure something out, but it'll probably be Monday before I dive any more into that.