E-mail security problems and the Canadian ISPs that are ignoring them

Bookmark This (opens in new window)

Over one year ago, days apart, I began to receive e-mail messages addressed to others. For weeks I worked diligently to try and put a stop to it. My requests fell on deaf ears. I receive regular reminders that it is happening still.

I began to receive many (or all) e-mail messages addressed to someone named Sandy, who lives in Ontario Province, Canada. The domain name is Eastlink.ca, a broadband access provider.  It didn’t take long to figure out that I was receiving all of Sandy’s e-mail. I wrote to Sandy, suggesting she complain to her ISP. And of course I also received a copy of the message in my own inbox. I wrote to Sandy a couple of times and never heard from her. I guess she doesn’t care – or maybe she did not receive them.  I also complained to Eastlink.ca, and heard nothing from them.

I also receive all of Brian’s e-mail, and his ISP is ica.net, another broadband access provider in eastern Canada.  I complianed to ica.net, several times, and never received a response.  I wrote to Brian also, and he responded and suggested I change my e-mail address. As if!

I also receive messages to someone at charter.net, but this user’s e-mail address does not indicate their name. I wrote to them and to Charter.net – you guessed it: no response.

Soon after this began, I wrote inbox rules to immediately delete all e-mail messages addressed *to* these user accounts that ended up in my inbox.  Now and then I look in my Trash Bin (where deleted e-mails go), and sure enough, there are still scores of e-mail messages: thank you’s for online merchant orders, FaceBook invites, e-cards, and personal correspondence.  I don’t read these messages.

Some of these messages still come to my inbox – this includes messages where the recipient is in the BCC (blind carbon copy) list. My inbox rules don’t know how to respond to these.

I wish this would stop. I’m going to write to ica.net, Charter.net, and eastlink.ca again, but I’m not expecting any response, not to mention action.

I cannot imagine that this is happening only to me. If some malevolent (or even accidental) action is behind this, then chances are that hundreds or thousands of other users’ e-mail messages are also being forwarded without their permission.

This also makes me wonder if this is happening to MY incoming e-mail: could some other user out there be receiving messages sent to me?  I sure don’t relish that idea: sometimes I receive “reset your password by clicking on this URL” messages. What if someone else receives these and decides to click the one-time link before I do? Some online account of mine could be compromised as a result.

I’m also worried about my own liability in this matter.  I’m receiving e-mail messages that are supposed to be sent to others. I don’t want them, I don’t read them, and I delete them when I see them. But what if I receive messages containing personal medical information, for instance?

There are several possible causes for this inadvertent e-mail forwarding:

  • Malware, tampering, or compromise of ISP e-mail server.
  • Compromise of individual users’ e-mail accounts, where attacker inserts rules to forward mail to me (and maybe others).
  • Malare or compromise on individual users’ computers; this may be true if users use workstation-based e-mail software such as Outlook, Outlook Express, or Thunderbird.

There may be other potential causes, but I cannot think of any more.

If malware or a human intruder were behind this, what is their gain? What is the benefit for an intruder if someone’s e-mail is forwarded to someone who lives 3,000 miles away?  If the intent is to harm someone, who does it harm? If the intent is to harm the individuals whose e-mail messages are being forwarded to me, then I can think of several more malicious ways to harm them.  If the intent is to harm me, I don’t see how this harms me.

Advertisements

One thought on “E-mail security problems and the Canadian ISPs that are ignoring them

  1. ciphercore

    Try telling their sales department that you were interested in a business account, but are concerned about email security as you read (and then link to this site). Sales people will be all over that to get a sale. Trust me.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s