Menu
Reply
  • 4
  • 0
  • 0
ostberry
Tuning in
460 Views
Message 1 of 14
Flag for a moderator

letter from vm sending spam from email address

I have had several letters from vm about my internet connection sending a high number of spam emails. Each time i have scanned all devices with my kaspersky protection with nothing found. I have then changed passwords etc. as recommended by vm. Is it possible that the ‘funny’emails that my wife receives and then forwards to her contacts is being interpreted as spam by vm and these are letters are sent automatically.

 

 

 

 

0 Kudos
Reply

Helpful Answers
  • 420
  • 12
  • 352
malsiluk
Fibre optic
873 Views
Message 2 of 14
Flag for a moderator
Helpful Answer

Re: letter from vm sending spam from email address


ostberry wrote:

I have had several letters from vm about my internet connection sending a high number of spam emails. Each time i have scanned all devices with my kaspersky protection with nothing found. I have then changed passwords etc. as recommended by vm. Is it possible that the ‘funny’emails that my wife receives and then forwards to her contacts is being interpreted as spam by vm and these are letters are sent automatically.

 

 


Nothing as simple as that. Virgin send loads of these letters out, as you will see from many threads in this forum over the last year.

They say that they can detect spam emails being sent from authenticated login sessions from your email account. Funny thing is that I've not seen anyone who has had this letter find proof of this spam sending and Virgin Media do not/will not say what they have on record.

I'm also not aware of anyone who has scanned their computer and found malware on there that looks responsible for the supposed email 'hack'. Nor has anyone changed their password at Virgin's request and found that the spamming has stopped overnight.

Have you had any rejected emails that you haven't sent to friends/contacts which had dodgy links in them? Many hundreds of VM customers started having spoofed spam sent to all their contacts over a year ago (myself included) I have had 2 of these sorts of letters from Virgin in the last 15 months, but not one for ages, despite the fact the spoofing still happens. I ignored them both.

0 Kudos
Reply
  • 12.48K
  • 353
  • 1.45K
Forum Team
Forum Team
315 Views
Message 13 of 14
Flag for a moderator
Helpful Answer

Re: letter from vm sending spam from email address

Hi ostberry,

Hope you don't mind but Nic asked me to keep an eye on this as she finished work early on Saturday.

I have taken a look at the email logs dated 7th of December, which is the date the onnet spam sending alert was triggered.

The subject of the trigger email was 'this cannot continue'  (the letter sent to you would imply that 'cat mag' was the subject but I believe this to be an error) and seems to have been flagged as spam, most likely by the end-user. There are 80 of these, all marked as spam.

I wonder if the recipients may be flagging as spam due to the wording of the subject?

I've looked at what you've said with regards to your wife being in receipt of mail titled 'this cannot continue' but our spam policy is only activated when spam is sent from your email address, sent from your IP address or authenticated using your email login details. Receiving spam is a different matter entirely.

I wonder therefore, in light of what you've said, whether your wife did respond to that email? That could have caused the spam to be forwarded from her account. This type of account hijacking is not uncommon and would certainly explain what's happened. 

Please read our help article on this subject.

If you have any further instances of this please let me know (or let Nic know) and I (or she) will be happy to investigate further. 


Jen
Forum Team




All Replies
  • 420
  • 12
  • 352
malsiluk
Fibre optic
874 Views
Message 2 of 14
Flag for a moderator
Helpful Answer

Re: letter from vm sending spam from email address


ostberry wrote:

I have had several letters from vm about my internet connection sending a high number of spam emails. Each time i have scanned all devices with my kaspersky protection with nothing found. I have then changed passwords etc. as recommended by vm. Is it possible that the ‘funny’emails that my wife receives and then forwards to her contacts is being interpreted as spam by vm and these are letters are sent automatically.

 

 


Nothing as simple as that. Virgin send loads of these letters out, as you will see from many threads in this forum over the last year.

They say that they can detect spam emails being sent from authenticated login sessions from your email account. Funny thing is that I've not seen anyone who has had this letter find proof of this spam sending and Virgin Media do not/will not say what they have on record.

I'm also not aware of anyone who has scanned their computer and found malware on there that looks responsible for the supposed email 'hack'. Nor has anyone changed their password at Virgin's request and found that the spamming has stopped overnight.

Have you had any rejected emails that you haven't sent to friends/contacts which had dodgy links in them? Many hundreds of VM customers started having spoofed spam sent to all their contacts over a year ago (myself included) I have had 2 of these sorts of letters from Virgin in the last 15 months, but not one for ages, despite the fact the spoofing still happens. I ignored them both.

0 Kudos
Reply
  • 13.8K
  • 733
  • 4.8K
Superuser
Superuser
424 Views
Message 3 of 14
Flag for a moderator

Re: letter from vm sending spam from email address

@malsiluk

Once again you post the same flannel.  Once again I'll post the same rebuttals.

1.  The letter doesn't say the emails are coming from the OP's computer they say they are using the OP's account details to authenticate.

2. SMTP DOES NOT COPY SENT MAILS TO THE SENT OBJECTS FOLDER - If you want proof - I'll show you how to send a mail manually with authentication through Virgin's servers using telnet.  The mail will be sent but you won't find it in sent objects.  This is an undeniable fact.

3. Virgin do see a lot in the logs.  I sent an email using Virgin's servers and challenged @Nicola_C to find out which address the mail was sent from and which address was used to authenticate.  She gave me the correct information.  She also sent me the log excerpt - on condition I did not share it.

You may think you're being helpful with your post - in fact you are being quite the opposite.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

  • 4
  • 0
  • 0
ostberry
Tuning in
413 Views
Message 4 of 14
Flag for a moderator

Re: letter from vm sending spam from email address

 Now i’m confused. To clarify, the letter say’s  your virgin media internet connection has been identified as sending a high number of spam emails.I have had no notification from anyone in my address book saying they have received spam from me. I have used kasperskey to carry out a full scan on all connected devices, nothing found.I have changed passwords.Do I really need to pay F-SecureSAFE £25 per  year to stop receiving these letters?

0 Kudos
Reply
  • 7.45K
  • 841
  • 3.14K
Superuser
Superuser
409 Views
Message 5 of 14
Flag for a moderator

Re: letter from vm sending spam from email address

No you don't. But you could take the further precaution of doing a scan with the free trial version of malwarebytes (download only from the authentic site and nowhere else). There is the possibility that some malware has crept onto your devices which your standard protection is not detecting. You need to rule out that possibility.

ravenstar68 has explained the situation correctly to you.

One thing you might bear in mind is that the spammers are pretty good at guessing new passwords which can explain what you are seeing.

-----------------------

Superuser 2017/18
Use Kudos to say thanks
Mark answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
  • 9.18K
  • 305
  • 986
Forum Team
Forum Team
392 Views
Message 6 of 14
Flag for a moderator

Re: letter from vm sending spam from email address

Thanks for your help Howard and Tim really appreciate it.

 

Hello ostberry

 

I am sorry you are receiving these letters,  it would be really nice to get to the bottom of it. I would like to gather a bit more sensitive information please so will send you a forum private message. Please reply when you have a moment.

 

Many thanks

 

Nicola

Virgin Media Forum Team
  • 13.8K
  • 733
  • 4.8K
Superuser
Superuser
389 Views
Message 7 of 14
Flag for a moderator

Re: letter from vm sending spam from email address

Posting the actual wording of the letter - minus any personal information would be useful here as would any reference used on the letter itself.

Ravenstar68

Edit - re F-Secure safe.  No you don't need to install that.  It's a recommendation only, there are other products out there that do just as good a job, if not better.

________________________________________


Only use Helpful answer if your problems been solved.

  • 13.8K
  • 733
  • 4.8K
Superuser
Superuser
373 Views
Message 8 of 14
Flag for a moderator

Re: letter from vm sending spam from email address


ostberry wrote:

 Now i’m confused. To clarify, the letter say’s  your virgin media internet connection has been identified as sending a high number of spam emails.I have had no notification from anyone in my address book saying they have received spam from me. I have used kasperskey to carry out a full scan on all connected devices, nothing found.I have changed passwords.Do I really need to pay F-SecureSAFE £25 per  year to stop receiving these letters?


BTW if the letters say the spam is coming from your IP address then most likely it will have an ONNET reference

Virgin use the following terms to identify where spam is coming from.

ONNET - originating from a Virgin Media IP address.
OFFNET - originating from an address outside of the Virgin Media network.

If the spam is coming from a Virgin IP address then the letter should be sent to the subscriber who is allocated that public IP as the mail is coming from one or more systems on their network.  Note that while Virgin IP's are dynamically assigned, users can have the same IP for months or years, because of the way DHCP works.

Would definitely be interesting to find out more.  But if your wife does forward those funny emails to enough people I can indeed see it being misinterpreted as spam.

Anyway Nicola's on the case now so you're in good hands.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

  • 420
  • 12
  • 352
malsiluk
Fibre optic
359 Views
Message 9 of 14
Flag for a moderator

Re: letter from vm sending spam from email address


ravenstar68 wrote:

@malsiluk

Once again you post the same flannel.  Once again I'll post the same rebuttals.

1.  The letter doesn't say the emails are coming from the OP's computer they say they are using the OP's account details to authenticate.

2. SMTP DOES NOT COPY SENT MAILS TO THE SENT OBJECTS FOLDER - If you want proof - I'll show you how to send a mail manually with authentication through Virgin's servers using telnet.  The mail will be sent but you won't find it in sent objects.  This is an undeniable fact.

3. Virgin do see a lot in the logs.  I sent an email using Virgin's servers and challenged @Nicola_C to find out which address the mail was sent from and which address was used to authenticate.  She gave me the correct information.  She also sent me the log excerpt - on condition I did not share it.

You may think you're being helpful with your post - in fact you are being quite the opposite.

Ravenstar68


 

 

Ravenstar,

I had a feeling you might disagree!

Firstly, let me quote what I said in reply to your point No. !   "They say that they can detect spam emails being sent from authenticated login sessions from your email account."  That does not say coming from the customers own computer.

I do not disagree with your point No. 2 either. What I said was that I have not seen a post from anyone who has actually found/seen/been given proof of the spam emails that have been sent using their email account. The problem is that Virgin Media 'spam' customers with loads of these letters. (I have had 2 myself) They tell the customers that they need to change their password, which suggests THEY think the customer has allowed their email password to be harvested by spammers. So how do the spammers get these passwords? To once again quote my first post "I'm also not aware of anyone who has scanned their computer and found malware on there that looks responsible for the supposed email 'hack".

All our email passwords are on our computers (mostly saved, some not saved) but they are also on the Virgin Media email servers. So there are 2 places that the email passwords could have been obtained from. Why is everyone at VM so certain that the 'leak' is not from their end? Remember, I am one of the many hundreds of people who had all our email data lost to the spoofers around 15 months ago. There is very little doubt that this data loss came during the time VM were migrating the email accounts from Google. If they lost data then, why shouldn't they also be losing data now - like passwords? There are plenty of examples of people getting letter after letter from VM on this subject. They change their password and shortly afterwards, the same thing happens again. I believe these people when they say they have scanned their computers for malware that could allow somebody to get an email password, but nobody says they have found that. Does that mean these people have found a way of harvesting passwords from people's computers that the likes of Malwarebytes and similar cannot detect? I doubt that.

We come back to an old issue with Virgin Media - the one where they keep everything secret. Why can't they say that an email session sending spam from account xxxxxxxxxx@virginmedia.com took place on ??/??/2016 from IP address xxx.xxx.xxx which is located in Russia/ Brazil/UK/whereever and a password of xxxxxxxxxx was used to authenticate this login session. If they know this, as you say, then why keep it a secret?

I guess we won't ever fully agree on this - but this still think you are a good egg (mostly) so I'm not going to hold a grudge. Smiley Wink

0 Kudos
Reply
  • 13.8K
  • 733
  • 4.8K
Superuser
Superuser
345 Views
Message 10 of 14
Flag for a moderator

Re: letter from vm sending spam from email address

For one thing - the logs that security see's doesn't necessarily give a blow by blow account of the exchange.  Meaning thay don't see the password in the logs

So what they tend to see.

IP address of sender.
Whether ONNET of OFFNET - see post above.
username used to authenticate - if present (smtp.blueyonder.co.uk smtp.ntlworld.net and smtp.virgin.net don't need to authenticate when using a Virgin IP)
email address used in the mail from: command
email address used in the rcpt to: command
time of send.

And much more besides.

I stand corrected btw in this case, based on what the OP is saying the mails are definitely coming from his home network.  Whether or not this is a false positive or otherwise has yet to be determined.  But the OP needs to respond to Nicola's private message so she can assist further.

Ravenstar68

Edit BTW I know Wrock has posted that IP addresses can be spoofed - that is true but only in certain circumstances.  IP spoofing is used in DDOS attacks, when hackers want to swamp a target machine with data.  They typically send a load of DNS, NTP or UPnP requests with a source IP field set to the target machine.  This doesn't work when you are sending an email, because you need the replies to come back to your machine to complete the send.  So IP addresses used in SMTP transactions cannot be spoofed.

________________________________________


Only use Helpful answer if your problems been solved.