[ale] OT(ish) Sold or stolen?

Tue Sep 2 21:42:29 EDT 2014

I did change the alias at AT&T to a newly generated one.  I have several
dozen other aliases on the server and none of them are being hit with
attempts.  All the activity is confined to that single alias I had given
to AT&T.  I'm certain nothing has happened to my server, already triple
checked all the logs just in case and there is nothing out of the
ordinary beyond the increased attempts to use that particular email alias.

On 2014-09-02 18:28, Jim Kinney wrote:
> The timing is suspicious but it very well could be just a coincidence.
> Create a few more random name accounts on the same server, don't give those
> out and watch for a few days for activity.
> 
> 
> On Tue, Sep 2, 2014 at 8:37 PM, Alex Carver <agcarver+ale at acarver.net>
> wrote:
> 
>> I have cell service with AT&T and, in their section of the account for
>> handling billing information, there's a spot to add an email address for
>> billing notifications.  I have long ago opted out of all marketing
>> options offered and for many years didn't get much except notices the
>> bill is due.
>>
>> Two years ago I decided to give them a new email address which was a
>> randomly generated alias at my domain and hosted on my own server.  I
>> had done that with several other companies (bank, credit card, etc.),
>> just hadn't gotten around to AT&T yet.
>>
>> Two years and all was fine.  A few days ago, I suddenly start receiving
>> tons of spam attempts (usually blocked by an RBL) and connection
>> attempts on my server.  I always have the exim logs showing on my
>> screen, I can see emails coming in as it happens including the failures.
>>  This was the first time that any of my random aliases were used by
>> someone other than the company that has it.  Until this point no one
>> tried these addresses because they weren't advertised anywhere by any
>> mechanism.
>>
>> I never gave anyone else that particular alias, I don't use it as a
>> username for my online account access, it's not stored in my phone or on
>> any address books, and I don't send email from it (receive only alias).
>>
>> I've already called their fraud department who proceeded to spend 40
>> minutes on the phone with me using various levels of technical jargon
>> plus pointing fingers to shift the blame away from them (at one point
>> they actually said "A third party must have your email address.")
>>
>> Do you think it was sold and they got caught with their hand in the
>> cookie jar or stolen and they don't know there's a breach in progress?
>>
>> Aside from the fraud group which has advised me that they are opening an
>> investigation (maybe) would you suggest I talk to anyone else?
>>
>>
>> Exim's logs show attempts coming in from a vast array of countries
>> including Italy, Canada, Switzerland, Brazil, Romania, Argentina,
>> Bulgaria, Portugal, Serbia, Germany, Austria, Israel, India, Turkey,
>> Spain, Croatia, Venezuela, Columbia, Poland, Iraq (by way of Al
>> Jazeera's servers of all things) and quite a few servers within the US
>> plus many, many more that I didn't spend time looking up just yet.