Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Serious security flaw in mail.btconnect.com mail relay. Are you receving multiple NDRs?

bobdonkey
Member

on ‎21-04-2012 06:27 PM

I am posting this here as support have so far been absolutely no use in resolving my issue.

 

My client has an account on btconnect.com which is receiving hundreds of non delivery reports. I can see in the email header that they are authenticating using the account. But changing the password for the account makes no difference.

 

So I setup the account in Outlook and tried other passwords.

 

Guess what? The old password was a simple word, but still works to authenticate. But even worse, anything added at the end of the password also works. So, say the old password was hello. Even though I changed that ages ago on btconnect.com, I can still send email using that account. But I can use hello1, hello99 hello1234812304 and so on.

 

Top notch security BT. And thanks for ignoring this issue for several weeks.

0 Kudos
12 REPLIES 12

Seraphsailor
Grand Master
In response to bobdonkey

‎26-04-2012 08:41 AM - edited ‎26-04-2012 09:01 AM

Bob; if you truely believe you have exhausted the routine BT support routes and feel you need to get the attention at the highest level in BT then message me and I'll give you the email address of BT top level management and the Executive Level Support Team.

 

Two other options:

 

If you are on "Linkedin" then you can find BT Managers on there whom you can contact/lobby.

 

Or get in touch with the Guardian (newspaper) Technical Reporting Team and talk to them! LOL

 

 

Edit: take a look at this link: found it whilst looking for BT Data Protection Officer. Whilst it's BT Compliance at least it gives personal email  addresses:

 

http://www.btplc.com/Thegroup/RegulatoryandPublicaffairs/Regulatorycompliancepolicy/Regulatorycompli...

 

Bob!    fill this form in and shake 'em up!

 

http://globalservices.bt.com/Feedback.do?method=VIEW&recordId=Managed_Security_Services_solutions_uk...

 

0 Kudos

bobdonkey
Member
In response to Seraphsailor

‎26-04-2012 10:12 AM - edited ‎26-04-2012 10:15 AM

Actually I am thinking of submitting mail.btconnect.com to some SMTP blacklists, that should get them to fix it pretty quickly.

 

I'll also give details to the register or someone if this doesnt get sorted.

 

 

0 Kudos

gugaguga
Power User
In response to bobdonkey

on ‎29-04-2012 04:13 PM

SMTP blacksit like spamhaus would autmatically block an SMTP server. They will also assess if it really needs to be blocked. At this point, I don't think they will be able to do that since all the mail traffic from their end would come up clean.

0 Kudos