email support

Hi Gondola

Thank you for your response, however, with respect, I am not sure why you have responded in the way you have, as it detracts from the primary issue. I accept that you're a huge TalkTalk fan with a good working knowledge of the platform, but clearly, we are talking about the impact of a security breach (whether by TalkTalk or one of its "trusted-partner), the root cause of which TalkTalk are aware of. (see response from Ady-TalkTalk.

By the way... I accept that even spam emails originate from 'genuine email addresses', they have to be, to be accepted onto the relevant platform. However, often the details used to create them are false and the emails that are then issued are used for an illegitimate purpose. Often an examination of meta-data will identify complex email address formats with a front-facing pseudonym to fool recipients into believing the emails are genuine.

Please refer to the conversation between Ady and I, on this subject matter.

Thanks

RA

Hi Ady

Thank you for your responses on this matter.

It is worrying to hear that your company's 'trusted' Google/Gmail domains' security failures have been allowed to impact TalkTalk servers to the point where they cause a security breach (severe influx of phishing emails) that allows scammers to actively target your customers. The scenario you explain tends to suggest that TalkTalk, lowered its security screening for 'trusted' Google/Gmail domains, which if correct, suggests a failure of your risk assessment and strategy. The key issue is that TalkTalk servers should have identified the security breach or at least the possibility of a breach and either automatically blocked the security breaching emails or severed the connection between your server and the 'trusted' domain(s). Furthermore, considering the scale of the incident TalkTalk/Tiscali should have issued a specific security warning (maintaining a general security/scam page on your website is insufficient) to each customer providing them with;

1. Details of the security breach, which accounts are affected, warning of an enhanced risk of receiving scam emails purporting to be from particular companies.

2. Detail what TalkTalk are doing to remedy the issue and an indication of how long the matter will take to resolve,

3. Warn of the need for increased vigilance

4. Detail what action should be taken by customers including, the implementation of emailing processing rules should be implemented to divert suspicious emails to spam but warn that this may not prevent scam emails from entering their inboxes.

This is important, as I should not have to raise the matter on a blog to establish why my inbox is receiving increased spam and that your filters are ineffectual as it is a server security problem. After all, we are not talking about simple advertising spam emails, they are all phishing emails/scams targeting your customers to get them to click on links that then take them to fraudulent websites that steal their data, fool them into fraudulent purchases and the hacking of their computers to steal thousands of pound from bank accounts. So it's not an issue that should be taken lightly by TalkTalk. There are also the legal ramifications attached to your company's failure to disclose the incident(s)/risk which clearly from your response your company is aware of. If a TalkTalk account holder suffers financial loss as a result of one of the scam emails and your company knowing of the enhanced risk, failed to advise your customers, potentially TalkTalk could be held liable for some or all losses suffered.

It's about time that server managers take responsibility for the extent of fraud that costs the economy hundreds of millions of pounds each year, as it's the consumer who becomes the victims as banks remain highly reluctant to repay victims who fall for the scam emails such as those passing through your server!

Regards

RA

I'm told additional filters have been put in place to try to limit the impact. 

Ady

Thank you Ady. That is very helpful to have an explanation/diagnosis. It is always good to know what it is you are dealing with. Any idea of a timeline for adj the filters? Please keep us in touch with progress. Thanks

What's going on at the TalkTalk end is that we have Google/Gmail domains as trusted senders due to their excellent MTA as they normally manage their outgoing mail very well. However, at present they've failed to control the spam coming out of their domain so we're being hit by it. Cloudmark are adjusting the filters to cope with the new influx of spam from Google. 

Ady

Replies from Gondola are like getting spam, full of largely irrelevant information and veering us off what is the main problem ie something going on at the TalkTalk end.

Occams razor - look forf the most obviosu cause. If laods of tiscali customers are all getting spam, when for years they haven't is it all of a sudden down to them and their IT habits. Of course its not.

Can we please have some transparency TalkTalk and what action you are taking. Even if it is a don't know at the moment, that's fine; at least it demonstrates you are trying. Thank you.

TalkTalk are blocking some of the spam content that's been fingerprinted as a consequence of TalkTalk users marking as spam.

The email addresses are perfectly valid and genuine mail services also use similar techniques of user+detail@domain in order to identify and filter mail responses from their customers that are identified by what you call the "convoluted" detail part after the + symbol.

Even if sent from the same user mailbox the detail part of the local part email address can change with every message so there's no point in trying to filter on the whole sending address.

Hi Gondola

I have responded to your initial response. As for your last one;

I'd be confident that TalkTalk email admins have asked Gmail email admins to stop spam sending at source. The issue was being investigated by TalkTalk.

Response: The TalkTalk system should be able to cope with obviously fraudulent emails from the Gmail servers.

Spammers frequently change sending email addresses so how is it possible in your opinion for a recipient mail server to know that you haven't solicited mail from a particular source.

Response: Legitimate email addresses are simple and not convoluted. Convoluted email addresses are often linked to fraud.

Have you blocked all Gmail and Googlemail? Or should TalkTalk do that for you?

Response: Blocking all gmail/Google-generated emails is not a convenient  option

I'd be confident that TalkTalk email admins have asked Gmail email admins to stop spam sending at source. The issue was being investigated by TalkTalk.

Spammers frequently change sending email addresses so how is it possible in your opinion for a recipient mail server to know that you haven't solicited mail from a particular source.

Have you blocked all Gmail and Googlemail? Or should TalkTalk do that for you?