Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Spam Your Rights Online

Telstra Denies Selling BigPond Customers' Data 190

Red Wolf writes "The Age reports that allegations that Telstra sells email addresses of BigPond customers have been denied by the telco. Melbourne-based IT worker Mark Edwards had doubts in this direction when he began receiving unusually large amounts of spam at his bigpond email address. Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain, indicating that the unsolicited mass emailings were being sent to lists of BigPond users."
This discussion has been archived. No new comments can be posted.

Telstra Denies Selling BigPond Customers' Data

Comments Filter:
  • Dictionary Attack (Score:3, Informative)

    by wukie ( 684014 ) on Wednesday June 25, 2003 @01:27AM (#6291919)
    Hello, I get these all the time on accounts with my first name.
    • Re:Dictionary Attack (Score:3, Informative)

      by NerdENerd ( 660369 )
      Yes, when I used a common name on my Telstra cable account it was spammed continually, but since I have changed it to something obscure I don't get anymore spam at all.
  • I sure as heck bought a few. I've got some Jones, some Smith, you name it. It's like having a friggin phone book, but it costs a lot more.
    • It's like having a friggin phone book

      I even got a phone book from them! And Yellow Pages too! ;-)
      Wish they'd stop wasting the paper.. I have an internet connection for a reason! (and no, I'm not with Hellstra...anymore)

  • Telstra is Crap (Score:5, Interesting)

    by Michael's a Jerk! ( 668185 ) on Wednesday June 25, 2003 @01:28AM (#6291921) Homepage Journal
    I'm with testra, and have had nothing but problems. Their Privacy policy allows selling your email address to advertisers. They've also got this insane capping system, that's stopped the rollout of broadband in AU.

    Read more in Whirlpool [whirlpool.net.au]. They've got the facts.
    • Re:Telstra is Crap (Score:5, Informative)

      by sk0pe ( 614508 ) on Wednesday June 25, 2003 @01:40AM (#6291963) Homepage
      I know what you mean... at my workplace, we implemented Telstra's ADSL the first week it was available at our exchange... for about 14 months, there was no alternative either. But now we're with iiNet. Same speed, but cheaper and 6 times the download allowance. One other major reason we swapped was the spam the account's email address was receiving. Interesting to note, that since we have our own domain, this email address was NEVER, and I mean NEVER, submitted to a mailing list, a newsgroup or anywhere it may be gathered by spammers. The account name was also random enough that a dictionary attack shouldn't have worked. The address was never used to send mail, or reply to spam, but by the end of our 18 month contract, we were recieving about 6-10 spam emails per day. I realise this is not a lot for an active email address, but this wasn't used at all. The only reason I even looked at the mail box was to get Telstra mailouts regarding outages, updates etc. Not selling customer details eh? ---- All extremists should be taken out and shot.
      • iiNet [ii.net] used to be great, then the other Michael left, they went on a buying spree (Wantree, Omen, Networx, dozens of other smallish ISPs) and their tech support fell in a hole (due, I suspect to the high turnover rate of competent technicians, he says, waving to Brett [nuance.net.au], a prime example).

        If you want a large ISP in WA, I recommend WestNet [westnet.com.au]. They're a bit too big to still be really caring, but their reliability is a notch above iiNet's.

        If you want an excellent quality smaller ISP in WA, choose ArachNet [arach.net.au]. They also have excellent colocation terms [arach.net.au], and this bloke [motium.com.au] can sell you a dandy little rack box to colocate with (review coming soon). I use ArachNet myself. There are others.

        If you want reliable DSL in Oz and damn the cost, try Request [rucc.net.au] or Optus [optusbusiness.com.au] (nice picture). Everyone else has to go through Telstra to get their DSL (and these two will also if they have no DSLAM in the exchange), which costs you a big reliability hit.

        Telstra account for your data as the sum of both directions. Most Oz ISPs will bill you for the max of in and out, or just bill you for in, but no, not Telstra. As a 'phone company, they're not too bad (their service actually works). As a "competitive" ISP, they suck.

      • I can confirm that my bigpond address appears to have been given out. I collect my spam in a folder (since there's not terribly much of it *yet*) in preparation for if I ever implement a bayesian filter of some sort.

        I have a few e-mails in there in which all the recipients have bigpond accounts and nothing else. Sometimes the addresses span a range, sometimes they all begin with the same letter as my account.
    • So their service is crap and your bandwidth is capped, yet you agreed to their privacy policy and continue to shell out money to them each month?

      Bitching about poor service doesn't hit a company nearly as hard as taking your business elsewhere.

      • Re:Telstra is Crap (Score:5, Informative)

        by Michael's a Jerk! ( 668185 ) on Wednesday June 25, 2003 @01:46AM (#6291992) Homepage Journal
        Bitching about poor service doesn't hit a company nearly as hard as taking your business elsewhere.

        Agreed. However, did you read the Whirlpool link I posted?

        Telstra makes it *very* difficult to change to a different service. This [whirlpool.net.au] is a typical case. It's happened to people I know .

        Even if that doesn't happen, there's a delay of 2 or 3 weeks without net access while you change. It's annoying, but I will change.
        • I see what you mean now.

          Here in California, Pacific Bell was using similar tactics.

          I think the only thing that has made them behave better is the competition from cable providers.

          I wish you luck there.

      • Re:Telstra is Crap (Score:5, Interesting)

        by G-funk ( 22712 ) <josh@gfunk007.com> on Wednesday June 25, 2003 @01:47AM (#6291998) Homepage Journal
        Erm, in australia, there is no elsewhere to which you can take your business. All ADSL in australia is resold from telstra.
        • It's not quite true that Telstra re-sells all the ADSL in Australia. I can't remember the exact break-down, but this is true for some of them, and others run their own networks over the telephone lines, which are leased from Telstra.

          Regardless, you can get better prices and better service from most of the other ADSL providers.
          • Re:Telstra is Crap (Score:4, Informative)

            by Anonymous Coward on Wednesday June 25, 2003 @02:58AM (#6292176)
            Telstra certainly IS crap, and ALL the CHEAPER resellers use the Layer2 offering which relies on Telstra DSLAMS and hence Telstra's support and reliability of same. Doh. The only other major DSLAM-level provider is XYZ/Optus, also used by Connect and RequestDSL, and that pricing is as business grade as the service, which is extremely good - it's just not affordable for a lot of people. Pricing start at around $300/mth for a 1.5Mbps connection, with a couple of gigs of data ( 2-3Gb ). Add extra data at 10-15c/MB and you're talking mega-dollars even for small business, and it's definately out of home user territory.
            Then there's those Layer2-based providers. They're great, but suffer greatly at Telstra's hand - when support is required, Telstra services their own retail customers before the Layer2 providers' wholesale business.

            One word: Monopoly.

            I wish there was an uglier-sounding word that means the same thing, 'cause it sure would apply in this case.
            • AUS$300? Ye gods! That's about 120 - in the UK, you start to get 512kbps *SDSL* for that!
            • Tulsa sucks, but we get a 1.5 business cable modem with two IPs run to our apartment for $105 a month. It's had some outages, but the tech support was great. They even call back and tell you when it's back up, although we just left the TV on until the signal came back.

              The fiber plant is pretty new. Most of the town was just wired for cable broadband in the last 2-3 years, so it's still pretty swift. Even with other people on the line it blows the hell out of bell.

              The sweetest thing is you can call Mon
        • Re:Not true anymore (Score:4, Interesting)

          by Anonymous Coward on Wednesday June 25, 2003 @03:15AM (#6292211)
          Quite a lot of ISPs now re-sell Comindico's ADSL now.

          Their entry into the market caused a small price war with wholesale prices, leading to the number of cheaper ADSL ISP options lately.

          For those not familiar.

          Telstra has a habit of raising their wholesale price to be close to or in some cases higher than their retail prices to end users, after a short delay the ACCC steps in and slaps down Telstra, who then behave for a while, then repeat.

          This has the effect of discouraging competition.

          So far the ACCC has not given out much more then slaps on the wrist, but this is mainly because the government is trying to sell off their share of Telstra, so they want the share price to be high.

          You'll note that ACCC has been showing more teeth, and Telstra has been quiet lately, because the government has sidelined their plans to sell their shares (mainly because Telstra's share price is quite low atm).
        • Re:Telstra is Crap (Score:4, Informative)

          by Anonymous Coward on Wednesday June 25, 2003 @04:18AM (#6292349)
          Not Always - The fibre belongs to telstra, however there are other DSL providers, notably Nextep and RequestDSL that have their own DSLAM's - This allows for much faster and better troubleshooting when network issues occur.
          They also take into account things like overheads in their speeds, so a 1.5M/256k connection is actually data rate, not line rate. Telstra calculates on the line rate, then there are whetever low level protocol overheads are used, then telstra's PPPoE layer - Eurgh.

          I work for D2P - we sell/lease managed network servers, and also resell Nextep broadband. With Linux powering our servers, and Nextep providing our network, we managed to win ATUG SME provider of the year. Good stuff :)
        • I know of Request [requestdsl.com.au] (who actually use RUCC [rucc.net.au] for all of their ISP-ish stuff) and Optus [optusbusiness.com.au] using their own DSLAMs etc, even their own copper.
    • Whirlpool is hardly an unbiased factual view on the state of broadband in Australia. Their news articles are nice and occationally a good read but the forums are generally lacking in clue.
    • by Anonymous Coward on Wednesday June 25, 2003 @02:23AM (#6292099)
      This has nothing to do with selling email addresses. I'm a Bigpond user. When I surf porn sites I get DELUGED with spam, without having to provide any identifying information.

      The Bigpond referrer details identify your user name. You have a default eMail account which is username@bigpond.com. Therefore, any site which analyses its visitor logs can identify a pool of valid Bigpond eMail addresses.

      Mate, if you don't want the junk mail, stop wanking so much!
    • They're just a bunch of whingers that can't even organise a bbq.
  • by Facekhan ( 445017 ) on Wednesday June 25, 2003 @01:29AM (#6291927)
    I remember reading recently that Bigpond was gonna be blacklisted for allowing spammers on their service.
    • This form of spamming is nothing new. Any sysadmin worth his salt should know it. It's Dictionary spamming. For example MOST of my spam comes to my ISP's OLD address, which forwards to the new one.

      So blah@oldname.net goes to blah@newname.net. The spams I get routinely have CC's to a TON of other likely usernames on the service. To test this theory, I now have that account forwarding to Yahoo, and created a new, similar one, simply subtituting zeroes for the letter "O", and whereas I used to get 40 or so sp
    • Bigpond is the ISP arm of Telstra, our national telco. There have been problems with open relays for a long time. And so blocks of their addresses are continually getting stuck on block lists.

      Telstra is the national carrier and does most connectivity esp overseas and so has most of the Australian ip numbers allocated to it. You gota figure if Australia is the source of a problem it will be a telstra problem.

  • by kinko ( 82040 ) on Wednesday June 25, 2003 @01:30AM (#6291931)
    I regularly get spam addressed to my address along with other users at the same domain. But I doubt my university sells addresses. It's probably just what some spam software does, since spam assassin can be set up to assign a higher score to messages where your address isn't in the To or Cc fields.

    Sheesh, what's with jumping to conclusions? Like assuming if your new hotmail a/c gets spam, then MS must have immediately sold it to spammers who immediately spammed it....

    • Haha, you doubt your university sells addresses? Newsflash: You university sells any info about you that they legally can.

      If I hadn't filled out the form explicitly forbidding mine todo so they would have sold mine. Most colleges are strapped for cash, or can always find a place that could use more, and most will do just about anything for it.
      • by kinko ( 82040 ) on Wednesday June 25, 2003 @02:30AM (#6292119)
        Uh, I don't live in America, where it seems everything is for sale. In New Zealand, and indeed the rest of the "Western world", we have privacy acts that say data may only be used for the purpose it was explicitly collected for.

        This university had an internal web search thing where you could find people's email addresses given a surname (only accessible from within the university), and they decided that since they didn't mention anything about this on the enrolment form, they had to take it down to comply with our privacy act.

        I sincerely doubt any university in New Zealand, or even Australia or Europe, would ever consider selling its users email addresses to spammers. Especially since NZ internet users have to pay for international traffic. Why sell addresses that will result in you paying 5 to 8 cents per megabyte of data received?
      • >Haha, you doubt your university sells addresses?

        How dumb would this be? They would have to pay for the bandwidth/etc for handling the massive amounts of spam.

        Its like selling telephone numbers and then having to pay a quarter every time a telemarketer uses it.
    • I regularly get spam addressed to my address along with other users at the same domain. But I doubt my university sells addresses. It's probably just what some spam software does, since spam assassin can be set up to assign a higher score to messages where your address isn't in the To or Cc fields.

      I get this too with a batch of email addresses with my colleagues names.

      The spammers probably just sort their database so that, when they merge in newly harvested addresses, they can remove duplicates more eas
    • I too started receiving such spams all of a sudden, different domain, different country. I wondered if some kind of members list had been compromised or if one of the spam lists had started "guessing" mail addresses from some of the "larger" domains. In the same way that bigpond is the dominant email domain in Australia, so too is mine in the UK.

      I guess one test would be to create a new email address that is not name related and see how long before the spam arrives.
  • by Michael's a Jerk! ( 668185 ) on Wednesday June 25, 2003 @01:32AM (#6291938) Homepage Journal
    Telstra have a history of standover tactics (see Here [whirlpool.net.au], for instance).

    I really hope they get busted under our new privacy laws. I have a telstra email address that I've never used that gets spammed constantly. If telstra didn't sell my details, then something very fishy is going on.
    • Here's [whirlpool.net.au] a more recent story (dated today). Telstra are the Microsoft of Australia.
    • I've also got one that I've never used but I haven't received any spam on it.

      • Well then one of you is lying

        Or

        there is a perfectly reasonable explanation for it.

        Unless you just got your adsl account my money is on the former.

        I'm still getting junk mail addressed to an onaustralia account that I got when compuserve closed down and which i assumed had died when I left telstra for 6 months. No they still forward it to me.

  • At times I get spam that the To: header contains a list of users all on my ISP in alphabetical order. All it means is that the spammer has a sorted list and spits out the spam to groups of addresses at once. The ISP doesn't have any thing to do with it in this case.
    • the spammer has a sorted list and spits out the spam to groups of addresses at once

      By doing this the spammer saves time on setting up conenctions to your ISP's mail server - he sends everything he has for your domain at once in one connection.
  • another possibility (Score:5, Interesting)

    by tankdilla ( 652987 ) on Wednesday June 25, 2003 @01:33AM (#6291943) Homepage Journal
    They got hacked and don't want to admit it. Instead they play dumb when their users are getting spammed.
  • by Narcissus ( 310552 ) on Wednesday June 25, 2003 @01:33AM (#6291944) Homepage
    Just because the company doesn't sell the list doesn't mean that no-one within the company does (or someone that used to work there). I know of a few people that have taken lists of thousands of email addresses from their work on their last day, just in case they wanted to sell it.

    On top of that, I know I've been offered cash more than once to get a list of the addresses in our database. If you were working in a call centre, in a country that you're just visiting, knowing that you'll only be there for a month or two, and knowing you'll never go back, wouldn't it just be too tempting to nap that list for future reference?
    • by Fizzl ( 209397 ) <`ten.lzzif' `ta' `lzzif'> on Wednesday June 25, 2003 @01:48AM (#6292002) Homepage Journal
      Umm... No?

      How can anyone have such bad morale?
      I had access to tens of thousands of credit card details as a developer for one database application.

      I left the company in very disgruntled mood. Yet I never was even slightly tempted to copy the databases or details of the communications how the details are transferred around the country.
      I had some company code and documentation home because I used to work remotely at times. I erased the data and returned the dead-tree docs in mail.

      Althou email addys and credit card details are in totally different categories, I think of the people who own the information. It's not like it's their fault your getting shafted.

      I do not have a criminal mind. I'm prolly going to die poor :(
  • by Adam9 ( 93947 ) on Wednesday June 25, 2003 @01:35AM (#6291950) Journal
    I'd like to know some specifics about the alleged selling of the e-mail addresses. Telstra says this:

    "The most common practice is to submit a test mail list to an ISP containing thousands of randomly generated user names. Most mail servers would qualify the names and attempt to deliver a blank message to those that have been generated/guessed correctly."

    I'm wondering how random some of the addresses were. Were they being sent to asmith@telstra bsmith@telstra, etc.? If so, then Telstra's reasoning makes sense. But if addresses like chalk54923@telstra are on the spam list, then I'd say that Telstra is full of it.
    • No, I have noticed the increase of spam to my unused Telstra email address. The list of addresses is not random: it specifies particular names without any pattern (aside from the alphabetization). As I have a very common surname, Kelly, you'd expect other variations on that. There were none listed.

      I also noticed that the recipient names on the last spam I checked were a mixture of one initial and surname (i.e., skelly) with more-than-one initial and surname (i.e., sfkelly).

      The other odd thing was that t

    • Most are just normal user names (I have a telstra account with some spam archived). Some usernames are more complex. One is 4 letters followed by 4 digits. I see a few with a username followed by a single digit. Some have 2+ digits, but very rare.

      In fact, looking through the list I notice when I receive spam it seems to be the same other bigpond users that are also sent it.
  • That's what I read at first glance.

    Must have been the piggy spam graphic. Could be the beer as well.

  • by -=SteelRat=- ( 34541 ) on Wednesday June 25, 2003 @01:40AM (#6291965)
    I have read the telcos privacy (a few months back) statement and it makes ti clear they can give out any information they want about you to anyone they want. I think they called it partners and business associates.

    I think thatâ(TM)s plain enough... don't you!

    Steel
  • by Moonwick ( 6444 ) on Wednesday June 25, 2003 @01:41AM (#6291966) Homepage
    Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain, indicating that the unsolicited mass emailings were being sent to lists of BigPond users.

    Why give them the benefit of the doubt and consider that this was simply the work of some relatively intelligent spamming software, designed to maximize its connection to bigpond's SMTP server (by sending the body of the message once with a large list of bigpond address) when you can accuse the cruel corporate ISP of selling customer data?

    Now why these spams included target addresses in the headers of the e-mail (something SMTP absolutely doesn't require) is up for debate, but I think we're jumping to conclusions here...
  • by DrMrLordX ( 559371 ) on Wednesday June 25, 2003 @01:41AM (#6291971)
    There are no email lists being sold! There is no spam in the mailboxes of bigpond accounts! Do not believe the infidels! The glorious Telstra corporation will triumph!
  • "We didn't sell it, we bartered it!"
  • by Goody ( 23843 ) on Wednesday June 25, 2003 @01:44AM (#6291981) Journal
    This happens all of the time -- it's called a spam dictionary attack, as the article attempts to explain. Spammers simply use every possible username in the world and append @yourdomain.com hoping to nail every user with their offers of bigger appendages.

    The part in this article about spammers testing for the validity of a dictionary-generated email addresses is a load of crap. They could care less if the address is valid or not. They simply let the bounce message go out into never never land.

    I doubt Telstra sold any email addresses. Dealing with spam attacks isn't worth the meager revenue that would be derived from selling addresses.
    • "For all those that fail or are rejected, an 'undelivered mail item' message is sent back to the sender, in this case the sender/spammer then simply deletes the rejected names from his generated list. What is left is a list of authenticated email addresses that is then used to deliver spam messages and is also on-sold to other spammers," he said.

      The part in this article about spammers testing for the validity of a dictionary-generated email addresses is a load of crap.

      Actually, it's not. I have a fr

      • It's certainly the exception rather than the rule. It is much more work to validate addresses than it is just to send the spam and let the bounce go to a fake address. Consider that the spammer has to supply a real return address for these test emails and have a mail server that can accept the thousands of bounce messages that come back. Having a real return address increases the chances that they will be traced back to their network provider who will shut down their connectivity and make their lives a P
    • It's kind of sad that i had to scroll halfway down the page, even with mod threshold set at 2, to find the first post by someone with a clue (Goody). Spammers are not all dumb, and they figure if username at some domain works then they'll just add it to the list of other popular domains because at some point the person may have signed up.

      Now I'm not sure if it would be a beneficial tactic for spammers, but the Cc: header means nothing, so they may not even have sent a mail to those users. Maybe they are
  • 1. Charge extra with low monthly caps and high per megabyte charges
    2. Sell off user list, resulting in increased bandwidth consumed by all customers
    3. Profit!
  • Everyone in Australia has been Telstrated in some way shape or form. No one should find this sort of thing surprising.
  • Evidence?? (Score:5, Interesting)

    by Cbs228 ( 596164 ) on Wednesday June 25, 2003 @01:48AM (#6292000)
    This evidence is not credible or convincing proof that BigPond is selling customer email addresses. However, I would not put it past them.

    The only way to find out for sure if an ISP sells subscriber addresses is to make a long, hard to guess address (such as jon4859493@bigpond.com) and give it to no one, just let it sit there. If you receive spam, it's a pretty good indication that your ISP is being rather loose with your contact info.

    • Re:Evidence?? (Score:4, Informative)

      by beoch ( 678420 ) on Wednesday June 25, 2003 @01:59AM (#6292039)

      I've got a bigpond email account that I only ever put on my CV. I've used this for two years and I have never once received spam on this account. If Telstra are selling email addresses then they are only selling some of them.

      My yahoo account however.....

  • by marko123 ( 131635 ) on Wednesday June 25, 2003 @01:50AM (#6292008) Homepage
    Maybe Mr Edwards pissed off a support guy there, who kindly submitted his email address to several "opt-out" and assorted email collection^H^H^H^H^H^H porn sites.
  • by cyril3 ( 522783 ) on Wednesday June 25, 2003 @01:52AM (#6292016)
    You have a list of all the other receivers in the header. So why don't you send an email to all of them asking if they are receiving a lot more unsolicited email recently. Forward the one you got as an example. I'm sure they will be pleased to hear from you.

    Maybe you can offer to sell them a filter.

    Oh, i see you have already done that. twice.

    make that three , no four times

    Umm, what's this one about penises say.

    Why would I want to shrink my penis?

  • at both of my (different) ISPs email addresses. The spam turns up with only those ISPs customers addresses in the CC, usually several dozen at the same time.

    I know the ISPs dont sell my addresses, as I have friends at both who have confirmed that they do not sell them, and I trust these people. As far as Im concerned, its just spammers with a list which has been sorted into ISPs and they are targetting each ISP at a time, maybe with different offers or something.
  • by SandmanWAIX ( 674838 ) on Wednesday June 25, 2003 @01:58AM (#6292033)
    I dont like Telstra as much as the next guy ... but it could have been anyone with a simple bot to harvest Telstra Bigpond email addresses and then spamming. Maybe they have a grievance against the company (most people do) which is why its users were targeted .. or maybe it was because Bigpond users are traditionally the stupidest (no knowledge on broadband, computers, security etc) that they were targeted ... and perhaps spam mailers targeted Bigpond users because they obviously will buy anything no matter how reprehensible the product/pricing and treatment of customers.
  • Spammers are now sorting their addresses alphabetically and by domain.
    AS some one who works at an ISP, I can vouch for telstra in this case.. but not usually. I despise them like many others.
    But as many peple have already commented, spam comes grouped like this nowadays, and its not because the ISP is selling the address, its because they are leaving it on the net somewhere.
    To prove this, we setup a dummy account on our system.. and left it there for months. In all that time it has not recieved 1 emai
  • Edwards grew suspicious because some of the spam being issued to him was also addressed only to a number of users within the bigpond.com domain

    That means nothing. I usually get some spams which are addressed to several people on my mail domain. This is a small private mail domain I know nobody sold these addresses as a group to the spammers, it just so happens that spammers group by mail domain and send the email at once to all the addresses they have on that domain.
  • The _REAL_ story... (Score:5, Interesting)

    by SystematicPsycho ( 456042 ) on Wednesday June 25, 2003 @02:41AM (#6292143)
    The Australian government recently (a day ago) announced that they will be privatising the rest (remaining 51%) of telstra. I wonder if this being on slashdot has anything to do with that?

    Anyway, a day before the government's annoucement the senate was going to vote for an enquiry into broadband access in Australia.

    Then later on the same day (or the next day) 4 independent senators voted against it (damn bastards, technophobics afraid of technology).

    Look at these are two days in Australian politics and think, are Australians governed by morons?
    [news.com.au]
    Broadband enquiry likely

    Broadband inquiry killed [news.com.au]

    New attempt at broadband enquiry [news.com.au]
    • Look at these are two days in Australian politics and think, are Australians governed by morons?

      Short answer: Yes and No.

      Long answer:
      Q:Is the Government of Australia staffed with morons?
      A:Not entirely.
      Q:Are the elected officials of Australia our best and brightest?
      A:Not even close.
      • Maybe I was slightly out of line with the morons remark.

        There are probably only around 20-30% of politicians that are excellent at their job and understand the game well. One such politician that I think (you may not think this now) that plays the game well is Brendon Nelson (I don't even like the Liberals, but I'm being honest here). I think he comes close to a political genius, he is totally on his game, understands and reads people well and can thread an argument extremely well.

        The fact is in Australia
    • I think we have this backwards. Telstra is not selling bigpond email addresses. They are doing deals with mass marketers.

      Eg Give us the stuff you want to go to all our customers, and we will send it for you.

      That way Telstra can fairly truthfully claim they (as opposed to disgruntled employees) did not sell any email addresses.

      I know Australia Post does it regularily. I have a PO Box and a home mail box and I get crap directly from Australia post and at the PO box I get unaddressed mail! Like only Aus
  • SPAM 101 - HOWTO: (Score:3, Informative)

    by Anonymous Coward on Wednesday June 25, 2003 @02:57AM (#6292174)
    Seriously, less than a few hours ago I met a guy (in person) who helps another guy spam overseas. He reckons a simple perl script (much like a link verification tool), a modified version of procmail (to become a mega mass-mailer), and an open relay, and they're in business. Sometimes they stick their own open relay (configured to remove original IP of sender) on a particular broadband ISP and spam using it as a relay. When asked by ISP, they then say "whoops I didn't know it was an open relay". A few of these warnings, and then a boot, and then they move to another ISP.

    Anyways, their personal spider can obtain 300,000 email addresses in a day. It will also do a lookup of the domain to verify if valid, and other clever things.

    I wanted to choke the guy!

    Solution:
    As soon as ISP's email servers BLOCK emails that have the original IP address removed (easy to do), then this type of spam will stop (if all ISP's will do this). They should also instantly boot users with open relays that have been spammed from, no questions asked. Networks that harbor spammers and their relays, should be blacklisted at the ISP. Emails should be bounced. If a GENUINE email is blocked, the bounce message could show how to contact ISP for remedy.
    • Very tricky indeed, using their own SMTP at one location to relay their own spam from another location. Solves the problem of them 'finding' open relays. And also makes them appear to be a victim or a stupid user, instead of the actual spammer.
    • BLOCK emails that have the original IP address removed

      Can you define "original IP address", and how it's removed?

      Are you talking about the Received: header? If so, how would you tell if the IP address has been 'removed', or if the sending server never added it in the first place (which is the default on many products such as older versions of MS Exchange.)

  • collated? (Score:3, Insightful)

    by tarquin_fim_bim ( 649994 ) on Wednesday June 25, 2003 @03:09AM (#6292194)
    "I would have expected that, where "collated" email address lists are used, and where multiple destination users exist within the email headers, that the destination domains are more likely to be dissimilar"

    Why wouldn't the spammer collate on domain name? Sorry whole argument is flawed on this basis.
  • by DrSkwid ( 118965 ) on Wednesday June 25, 2003 @03:31AM (#6292251) Journal
    %echo matt@bigpond.com.au | /www/bin/get_mx
    extmail.bigpond.com

    %telnet extmail.bigpond.com 25
    Trying 144.135.24.8...
    Connected to extmail.bigpond.com.
    Escape character is '^]'.
    220 bigpond.com service ready (identifier 29/4290323)
    helo numpty
    250 bigpond.com
    MAIL FROM:
    250 ok
    RCPT TO:
    550 recipient unknown

    so you run your dictionary attack against the server

    MAIL FROM:
    250 ok
    RCPT TO:
    550 recipient unknown
    RCPT TO:
    550 recipient unknown

    until you some 250s

  • What a load of crap. (Score:2, Interesting)

    by OzTech ( 524154 )
    In all fairness, I've got to question the claim that Mark has made. I am a self un-employable person who works from home. I have been using the Internet for about 5 years, and for the last three years have been using Telstra Bigpond cable. As part of my profession, I send and receive Email every day. I participate in a couple of "closed" mail lists. I don't run my own mail server, and simply use my Bigpond mailbox. My spam filtering software consists of absolutely nothing. On average, I receive 1 spam
  • by DrSkwid ( 118965 ) on Wednesday June 25, 2003 @03:42AM (#6292270) Journal
    %host -t mx bigpond.com
    bigpond.com mail is handled (pri=10) by extmail.bigpond.com

    so you run your dictionary attack against the server

    %telnet extmail.bigpond.com 25
    Trying 144.135.24.8...
    Connected to extmail.bigpond.com.
    Escape character is '^]'.
    220 bigpond.com service ready (identifier 29/4290323)
    helo numpty
    250 bigpond.com
    MAIL FROM: <>
    250 ok
    RCPT TO: <aardvark@bigpond.com>
    550 recipient <aardvark@bigpond.com> unknown
    RCPT TO: <apple@bigpond.com>
    550 recipient <apple@bigpond.com> unknown
    RCPT TO: <mr_brianpowell@bigpond.com>
    250 ok

    and every 250 is a valid paid up customer

    and there's not a long entry in the world that's going to find you

    in fact you can visit http://www.bigpond.com/home/memservices/community/ index/

    to harvest email addresses like I just did while waiting to post with EXTRANS

    still it's more newsworthy if you CHARGE someone for this information !
  • What's the big deal? (Score:2, Informative)

    by deunan_k ( 637851 )
    Well, everyone did it.. Credit Card companies, Insurance, Finance, and why not ISPs?

    A Colleague of mind, who is very paranoid when giving out his cell phone number got really pissed off when he received a call from some banks offering him credit card services. Recently he signed up for one and had no intention of signing for more. It seems that these people shared information within the industry..

    I'm not trolling.. Just lamenting on the alarming trend of the marketplace.

    • I know it's not cure all, but I have a very satisfactory response when I get one of these calls and cut them mid-sentence to say "This is a cell phone"... They tend to get off pretty quick.

      er.. off the phone, that is.
  • Did any one else read that as Telstra denies selling data to it's customers? As a user of ADSL in australia, most of which runs off the Telstra backbone, I can say there are certainly time where you are paying for nothing. Outages are all too common. Like it goes out when it rains common. I could see how they might deny selling anything at all given the level of service they provide.
  • I doubt it (Score:3, Informative)

    by srn_test ( 27835 ) on Wednesday June 25, 2003 @06:38AM (#6292662) Homepage
    I have a Telstra Bigpond address (from having a cable modem).

    I never get any mail at it at all, except for official notices from Telstra.

    I've had it for about 4 years. I've mailed from it or given it out.
  • employee? (Score:4, Interesting)

    by Mark19960 ( 539856 ) <{moc.gnillibyrtnuocwol} {ta} {kraM}> on Wednesday June 25, 2003 @06:46AM (#6292678) Journal
    maybee an employee sold them to a spammer.
    I have always wondered about inside jobs of this sort.
    im sure it wouldnt be hard these days with the compact USB hard disks you can put on your keys.
    simply plug it in, transfer all the email addresses, zip it up and send it to your favorite spammer, then collect.
    sound easy? yeah... its scary.
  • Not Neccessarily... (Score:4, Interesting)

    by matth ( 22742 ) * on Wednesday June 25, 2003 @06:56AM (#6292709) Homepage
    I administer a mail server for an ISP of about 20,000 customers. We see mail come in all the time with JUST customers addresses in them. (ie.. no outside e-mail).. but I know that we don't sell customer information. I do believe this guy is over reacting. I've actually had to explain to several customers of ours that we don't sell information, because they came to the same conclusion. I think spammers must be wising up or something and sending all the e-mails to one domain in a CC or something rather then seperate e-mails... takes less effort/bandwidth.
  • Mmmm... an Oz-centric article for once.

    Just to point out that there are alternatives. Personally I'm very satisfied with TPG [tpg.com.au]'s dialup connection for A$50/quarter and I'm thinking of switching to their A$70/month 128/64 ADSL once my current account expires.

    As far as I know, they're established pretty much all over the continent, they provide no-bullshit services. Not only that, but unlike that annoying blue bird with the annoying pie-eating chubby guy that's pestering the telly, this is not the 'tastiest

  • by vandan ( 151516 ) on Wednesday June 25, 2003 @04:07PM (#6297646) Homepage
    When I got my phone connected here, Telstra mis-spelled my name. My name is incredibly uncommon.

    About a month later, I was looking through the logs on the mail server at work ( as you do ) and saw an error about an unknown user, which just happened to be made up of my first initial, and then my last name ... mis-spelled just as Telstra had ( at my company dot com dot au ).

    I immeditately called Telstra and confronted them, and they denied everything. The girl was quite rude about it and implied that I might also have stories about little green men carrying experiments out on my while I was asleep.

    I absolutely INSIST that Telstra sold my details, consisting of ( but not limited to ) :

    - my first and last name
    - my employer

    The above I can deduce from the logs on the mail server at work.

"How to make a million dollars: First, get a million dollars." -- Steve Martin

Working...