<div dir="ltr">The timing is suspicious but it very well could be just a coincidence. Create a few more random name accounts on the same server, don't give those out and watch for a few days for activity.<br></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Tue, Sep 2, 2014 at 8:37 PM, Alex Carver <span dir="ltr"><<a href="mailto:agcarver+ale@acarver.net" target="_blank">agcarver+ale@acarver.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I have cell service with AT&T and, in their section of the account for<br>
handling billing information, there's a spot to add an email address for<br>
billing notifications. I have long ago opted out of all marketing<br>
options offered and for many years didn't get much except notices the<br>
bill is due.<br>
<br>
Two years ago I decided to give them a new email address which was a<br>
randomly generated alias at my domain and hosted on my own server. I<br>
had done that with several other companies (bank, credit card, etc.),<br>
just hadn't gotten around to AT&T yet.<br>
<br>
Two years and all was fine. A few days ago, I suddenly start receiving<br>
tons of spam attempts (usually blocked by an RBL) and connection<br>
attempts on my server. I always have the exim logs showing on my<br>
screen, I can see emails coming in as it happens including the failures.<br>
This was the first time that any of my random aliases were used by<br>
someone other than the company that has it. Until this point no one<br>
tried these addresses because they weren't advertised anywhere by any<br>
mechanism.<br>
<br>
I never gave anyone else that particular alias, I don't use it as a<br>
username for my online account access, it's not stored in my phone or on<br>
any address books, and I don't send email from it (receive only alias).<br>
<br>
I've already called their fraud department who proceeded to spend 40<br>
minutes on the phone with me using various levels of technical jargon<br>
plus pointing fingers to shift the blame away from them (at one point<br>
they actually said "A third party must have your email address.")<br>
<br>
Do you think it was sold and they got caught with their hand in the<br>
cookie jar or stolen and they don't know there's a breach in progress?<br>
<br>
Aside from the fraud group which has advised me that they are opening an<br>
investigation (maybe) would you suggest I talk to anyone else?<br>
<br>
<br>
Exim's logs show attempts coming in from a vast array of countries<br>
including Italy, Canada, Switzerland, Brazil, Romania, Argentina,<br>
Bulgaria, Portugal, Serbia, Germany, Austria, Israel, India, Turkey,<br>
Spain, Croatia, Venezuela, Columbia, Poland, Iraq (by way of Al<br>
Jazeera's servers of all things) and quite a few servers within the US<br>
plus many, many more that I didn't spend time looking up just yet.<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div>
</div>