BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 04-16-2007, 09:23 AM   #1 (permalink)
Knows Where the Search Button Is
 
Join Date: Apr 2005
Location: Huntsville
Model: 8703e
Carrier: Nextel
Posts: 24
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Weird spam issue. . . with our BB's, nextel refuses to address it

Please Login to Remove!

Hello all

We run exchange 2003, and have a barracuda 300. Our spam solution is near nill, however there is one issue which is pretty odd.

We have about 15 users that have 7520 blackberry's. They receive email from our BES server. However, our BB users are constantly getting spam, but the thing is, the spam isn't directed at their real work email address:

[email address] , etc, it's instead issued to:

[email address] - -


We do NOT use the webmail client, since we use the bes server. Webmail client is for home users, or business users that are not using a desktop redirector, or a BES server. Another weird aspect is, we have verified that webmail is not enabled for the phones in question, and their respective pin's. Gave this list to nextel, so they would have a list of our 15+ phone numbers, and each w/ their respective PIN #.


what the HELL is going on here?
Offline  
Old 04-16-2007, 08:34 AM   #2 (permalink)
Knows Where the Search Button Is
 
Join Date: Nov 2005
Location: Central Florida
Model: 8130
Carrier: Verizon
Posts: 36
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

We have seen the same thing with some of our BlackBerry's. It is only for users that have registered with the BlackBerry web client (or so I thought). I called RIM Support and had a case open with them for a while. As usual, they were helpless.

Support stated that it was a problem with their system in which spammers had found a way to inject spam into their system that would then be sent out to the handhelds. At the time, we were receiving spam sent not only to our [email address] address, but also other random addresses. Support stated to put a filter on our webclient addresses which stated to only forward email that was sent directly to [email address]. This seemed to cut down on the spam (even stop it for a while). However, as of late I have begun receiving some again.

Wakefield
Offline  
Old 04-16-2007, 08:43 AM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Apr 2005
Location: Huntsville
Model: 8703e
Carrier: Nextel
Posts: 24
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Maybe their system is hacked, like TJ Maxx was hacked.



This is a serious problem, and I'll be forwarding this to the better business bureau. You stated something startling, that mail sent to random addresses are sent to specific addresses.


Yes, the users in question that receive the spam, did at ONE point register for the webmail client, but we have since "disabled" it, by making a call to nextel, however, that webmail registration client seems to leave some legacy links in their mail network, that can't seem to be severed, but who the hell knows how spammers get a hold of it. Maybe nextel is selling it to spammers for profit, but whatever the case is, they have refused to address this for 1+ year, and I will be making a complaint to the better business buraeu, because it interfeers with executives being able to conduct business on the road, when they have to take time to delete the spam.
Offline  
Old 04-16-2007, 10:10 AM   #4 (permalink)
Retired BBF Moderator
 
Pizzle's Avatar
 
Join Date: Mar 2006
Location: South Florida
Model: 8310
PIN: T + PINT = QUART
Carrier: at&t
Posts: 2,385
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Welcome ALGolfer, and Wakefield. There's another possible fix for your issue.

Delete their [email address] account from the BIS. They don't need it. Unless they're using it to actually receive mail, all it's doing is collecting spam for you.

Good luck.
Offline  
Old 04-16-2007, 10:53 AM   #5 (permalink)
Knows Where the Search Button Is
 
Join Date: Apr 2005
Location: Huntsville
Model: 8703e
Carrier: Nextel
Posts: 24
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I will try that, but this seems like it gets 'nextel' off the hook , because obviously something in their system stays residue/legacy when a user disables webmail for their respective phone/pin, it stays active in their network.

During the course of time when a user had their webmail account, through normal internet use, and email use ,their webmail address may have gotten in the hold of spammers, through newsletter signups etc, this is the only other viable way that a spammer could have gotten a hold of these addresses legitimately, instead of having a trojan inside of nextels network.


I will do what you recommend, or look for that setting on the bes server, but the fact remains that its active in nextels network, and they refuse to address this active legacy address issue in relation to old disabled webmail accounts.
Offline  
Old 04-16-2007, 10:55 AM   #6 (permalink)
Knows Where the Search Button Is
 
Join Date: Apr 2005
Location: Huntsville
Model: 8703e
Carrier: Nextel
Posts: 24
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by Pizzle View Post
Welcome ALGolfer, and Wakefield. There's another possible fix for your issue.

Delete their [email address] account from the BIS. They don't need it. Unless they're using it to actually receive mail, all it's doing is collecting spam for you.

Good luck.


Pizzle, where on the bes server would i find the entry related to their old dormant webmail address, we run bes 4.0
Offline  
Old 04-16-2007, 06:02 PM   #7 (permalink)
Thumbs Must Hurt
 
zaakir's Avatar
 
Join Date: Oct 2004
Model: 8830
PIN: 32CA3124
Carrier: Sprint
Posts: 102
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

yeah, i cant even use my direct bb email address anymore, i have it blocked/filtered. I only use my hotmail ans gmail mail accounts.
__________________
Support the 2nd Amendment. The Democrats can have my guns when midgets rule the earth.

1. 7280
2. 7520
3. 8830
Offline  
Old 04-16-2007, 06:18 PM   #8 (permalink)
CrackBerry Addict
 
ladydi's Avatar
 
Join Date: Jun 2005
Location: Washington
Model: 8800
Carrier: T-mobile
Posts: 848
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by ALGolfer View Post
Pizzle, where on the bes server would i find the entry related to their old dormant webmail address, we run bes 4.0
For Nextel, you have to log into the BIS (NOT BES) account that the user set up and kill the service.

you can also call Nextel and have them reset the account - I do this when I have a new user on an existing 7520.
__________________
~Di~
Windows 2003
Exchange 2003
BES 4.1
Offline  
Old 04-16-2007, 06:32 PM   #9 (permalink)
Retired BBF Moderator
 
Pizzle's Avatar
 
Join Date: Mar 2006
Location: South Florida
Model: 8310
PIN: T + PINT = QUART
Carrier: at&t
Posts: 2,385
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

ALGolfer...check here:

https://bis.na.blackberry.com/html?brand=nextel

If you don't know the login, you'll have to call the carrier and have them remove the address.
Offline  
Old 04-16-2007, 07:49 PM   #10 (permalink)
Thumbs Must Hurt
 
Join Date: Apr 2006
Model: 8800
Carrier: m
Posts: 108
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Okay, I gotta step in here because this
Quote:
During the course of time when a user had their webmail account, through normal internet use, and email use ,their webmail address may have gotten in the hold of spammers, through newsletter signups etc, this is the only other viable way that a spammer could have gotten a hold of these addresses legitimately, instead of having a trojan inside of nextels network.
is one of the most ridiculous things I've ever read.

The majority of spam is not sent directly to users. It is sent using a auto increment blind carbon copy. Ever notice that most spam usually isn't addressed directly to you but to something similar to your email address?

Spammers get ahold of a domin, say @nextel.blackberry.net, and send to [email address], [email address], [email address], and so on and so forth. Since it's almost always done from a hacked / open mail server they don't care how much bandwidth it takes or how much bounces back. It's not their problem. The net result is that eventually some of those addresses are going to match. Since it's all automated it takes ZERO effort. All you need to convincing spoof is an open relay.

Try this sucker on for size: BlackBerry Search Results

I'm willing to bet each of these accounts has an active BIS account and hosted address still associated to them.
Offline  
Old 04-18-2007, 04:29 PM   #11 (permalink)
Knows Where the Search Button Is
 
jophes49087's Avatar
 
Join Date: Oct 2005
Location: Schoolcraft MI
Model: 8330
OS: v4.5.0.13
PIN: 30AC3009
Carrier: verizon
Posts: 30
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

phetish phil:

I knew I could count on this group. Thank You. I tried the Antair Spam filter (free trial, fortunately) and still got 2/3 of the spam. Your solution seems to be working great!!! More than worth the zero dollars I spent on it, too. I will not be buying the $45 Antair filter.
__________________
PIN 4006C1A7
Offline  
Old 04-18-2007, 07:51 PM   #12 (permalink)
BlackBerry Mensa
 
takeshi's Avatar
 
Join Date: Jan 2005
Location: Houston
Model: 8310
Carrier: at&t
Posts: 7,741
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by ALGolfer View Post
I will try that, but this seems like it gets 'nextel' off the hook , because obviously something in their system stays residue/legacy when a user disables webmail for their respective phone/pin, it stays active in their network.
How exactly are these users disabling their BIS mail? If you dont log into the BIS site and delete the account or have your carrier remove the BIS account entirely then the service books for BIS will be pushed to the device even if you delete the service books on the BB (or wipe the handheld). This is how all Blackberries work -- it's not "letting Nextel off the hook".
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.