In message <u9e531$39kn8$1@dont-email.me>, John Rumm
<see.my.signature@nowhere.null> writes
>On 21/07/2023 14:25, Tim Lamb wrote:
>> In message <khveraFp20nU1@mid.individual.net>, Tim Streater
>><tim@streater.me.uk> writes
>>> On 21 Jul 2023 at 14:05:33 BST, "Tim Lamb" <tim@marfordfarm.demon.co.uk>
>>> wrote:
>>>
>>>> In message <u9dpb9$37gjf$1@dont-email.me>, Ottavio Caruso
>>>> <ottavio2006-usenet2012@yahoo.com> writes
>>>>> Am 21/07/2023 um 10:25 schrieb Tim Lamb:
>>>>>> In message <u9dkc8$36kct$2@dont-email.me>, Ottavio Caruso
>>>>>> <ottavio2006-usenet2012@yahoo.com> writes
>>>>>>> Am 21/07/2023 um 08:51 schrieb Tim Lamb:
>>>>>>>> Curious about an e-mail from NS&I questioning my contact details.
>>>>>>>> Looks  authentic but when I logged in normally all my details are
>>>>>>>> correct.
>>>>>>>> The only recent event is a temporary number on my mobile while O2/
>>>>>>>> Vfone  organised the transfer.
>>>>>>>>  The other unrelated event is a call back from emergency services
>>>>>>>> (pocket  dialling) where they wished me to confirm my address
>>>>>>>> details! Clearly  they would have my mobile phone number but how is
>>>>>>>> that linked to my  residential address?
>>>>>>>
>>>>>>> Check the sending SMTP server IP address in the headers (the one
>>>>>>> with  "received : from ").
>>>>>>  Hmm. outgoing@emailnsandi.com looks correct.
>>>>>>>
>>>>>>
>>>>>
>>>>> That's an email address, not an IP address.
>>>>>
>>>>> Post the full headers here (not the message)
>>>>>
>>>>> Or even better paste it to pastebin or similar.
>>>>
>>>> Er. You are dealing with the agricultural dept. here.
>>>>
>>>> T'bird *all headers selected* offers this:-
>>>>
>>>> <0.0.22.2F1.1D9BBA9665E2760.0@mta6589.mxmfb.com>
>>>>
>>>> and MXM-v5-MailEngine
>>>>
>>>> None of which means anything to me:-)
>>>
>>> We're not talking about the T'Bird headers, but those of the email
>>>you got
>>> from NS&I. Should be 20-30 lines of text.
>> I'm beginning to regret asking:-)
>> My mail is collected by Namesco. I read it using Thunderbird.
>
>In thunderbird, do CTRL+U while reading a message - it will then show
>the entire email in its raw text format without any interpretation.
>That will let you see all the original mail headers.

OK John. I have scribbled that down somewhere readily available.
And thanks for the full explanation.

--
Tim Lamb

In message <khvu2uFrdvdU1@mid.individual.net>, Andy Burns
<usenet@andyburns.uk> writes
>mm0fmf wrote:
>
>> You can be very careful about who you mail and who therefore has your
>>address. But you cannot make those recipients be careful. So when they
>>get compromised in some way then your mail address, which is in their
>>address books etc. still gets out to bad actors.
>
>But if you give out a unique email address per recipient, if/when they
>do get compromised you can just kill that one address ...

I have been online since 1993. Not happened yet... as far as I know!
>

--
Tim Lamb

Tim Lamb wrote:

> Andy Burns writes:
>
>> if you give out a unique email address per recipient, if/when they
>> do get compromised you can just kill that one address ...
>
> I have been online since 1993. Not happened yet... as far as I know!

Multiple times here, from one-man outfits to trillion-yen companies

In article <R8eIuprZ0lukFwLP@marfordfarm.demon.co.uk>,
Tim Lamb <tim@marfordfarm.demon.co.uk> wrote:
> In message <u9dkc8$36kct$2@dont-email.me>, Ottavio Caruso
> <ottavio2006-usenet2012@yahoo.com> writes
> >Am 21/07/2023 um 08:51 schrieb Tim Lamb:
> >> Curious about an e-mail from NS&I questioning my contact details.
> >>Looks authentic but when I logged in normally all my details are
> >>correct.
> >> The only recent event is a temporary number on my mobile while O2/
> >>Vfone organised the transfer.
> >> The other unrelated event is a call back from emergency services
> >>(pocket dialling) where they wished me to confirm my address details!
> >>Clearly they would have my mobile phone number but how is that linked
> >>to my residential address?
> >
> >Check the sending SMTP server IP address in the headers (the one with
> >"received : from ").

> Hmm. outgoing@emailnsandi.com looks correct.
> >

I'd have expected NSandI to use a .gov suffix not a .com one

--
from KT24 in Surrey, England - sent from my RISC OS 4té
"I'd rather die of exhaustion than die of boredom" Thomas Carlyle

On 21 Jul 2023 at 21:00:03 BST, "charles" <charles@candehope.me.uk> wrote:

> In article <R8eIuprZ0lukFwLP@marfordfarm.demon.co.uk>,
> Tim Lamb <tim@marfordfarm.demon.co.uk> wrote:
>> In message <u9dkc8$36kct$2@dont-email.me>, Ottavio Caruso
>> <ottavio2006-usenet2012@yahoo.com> writes
>>> Am 21/07/2023 um 08:51 schrieb Tim Lamb:
>>>> Curious about an e-mail from NS&I questioning my contact details.
>>>> Looks authentic but when I logged in normally all my details are
>>>> correct.
>>>> The only recent event is a temporary number on my mobile while O2/
>>>> Vfone organised the transfer.
>>>> The other unrelated event is a call back from emergency services
>>>> (pocket dialling) where they wished me to confirm my address details!
>>>> Clearly they would have my mobile phone number but how is that linked
>>>> to my residential address?
>>>
>>> Check the sending SMTP server IP address in the headers (the one with
>>> "received : from ").
>
>> Hmm. outgoing@emailnsandi.com looks correct.
>>>
>
> I'd have expected NSandI to use a .gov suffix not a .com one

Should be .co.uk really, rather than .com, and for a non-commercial outfit
..org.uk makes the most sense.

--
"I am enclosing two tickets to the first night of my new play; bring a friend.... if you have one." - GB Shaw to Churchill. "Cannot possibly attend first night, will attend second... if there is one." - Winston Churchill, in response.

In message <ojM2JJ0Q1tukFwti@marfordfarm.demon.co.uk>, Tim Lamb
<tim@marfordfarm.demon.co.uk> writes
>In message <khvu2uFrdvdU1@mid.individual.net>, Andy Burns
><usenet@andyburns.uk> writes
>>mm0fmf wrote:
>>
>>> You can be very careful about who you mail and who therefore has
>>>your address. But you cannot make those recipients be careful. So
>>>when they get compromised in some way then your mail address, which
>>>is in their address books etc. still gets out to bad actors.
>>
>>But if you give out a unique email address per recipient, if/when they
>>do get compromised you can just kill that one address ...
>
>I have been online since 1993. Not happened yet... as far as I know!
>>
>

Lucky you. It has happened several times here.

Adrian
--
To Reply :
replace "diy" with "news" and reverse the domain

If you are reading this from a web interface eg DIY Banter,
DIY Forum or Google Groups, please be aware this is NOT a forum, and
you are merely using a web portal to a USENET group. Many people block
posters coming from web portals due to perceieved SPAM or inaneness.
For a better method of access, please see:

http://wiki.diyfaq.org.uk/index.php?title=Usenet

On 21/07/2023 20:32, Tim Lamb wrote:
> In message <khvu2uFrdvdU1@mid.individual.net>, Andy Burns
> <usenet@andyburns.uk> writes
>> mm0fmf wrote:
>>
>>> You can be very careful about who you mail and who therefore has your
>>> address. But you cannot make those recipients be careful. So when
>>> they get compromised in some way then your mail address, which is in
>>> their address books etc. still gets out to bad actors.
>>
>> But if you give out a unique email address per recipient, if/when they
>> do get compromised you can just kill that one address ...
>
> I have been online since 1993. Not happened yet... as far as I know!
>>
>
Happened many times to me. Addresses that I hardly ever use receive
spam. Its no big deal.

Dealing with spam 10 - 20 times my wanted email is simply routine.

I think I lose about 70% of uk.d-i-y postings too as the posters are
killfiled

--
“It is dangerous to be right in matters on which the established
authorities are wrong.”

― Voltaire, The Age of Louis XIV

Normally they ask you where you live, I guess you could move, but where
would they say the billing address was then?

I never respond to any emails that look like they are going to ask for
details through a web site, as the real company would already know them.
Also, they often address you as your email address, I know Virgin and others
will address you by whatever name you agree with them to be, Nobody else
would know your name, though in my case they could guess it.
Brian

--

--:
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...
briang1@blueyonder.co.uk
Blind user, so no pictures please
Note this Signature is meaningless.!
"Tim Lamb" <tim@marfordfarm.demon.co.uk> wrote in message
news:E9AdOeohckukFwZp@marfordfarm.demon.co.uk...
> Curious about an e-mail from NS&I questioning my contact details. Looks
> authentic but when I logged in normally all my details are correct.
> The only recent event is a temporary number on my mobile while O2/ Vfone
> organised the transfer.
>
> The other unrelated event is a call back from emergency services (pocket
> dialling) where they wished me to confirm my address details! Clearly they
> would have my mobile phone number but how is that linked to my residential
> address?
> --
> Tim Lamb

On 21/07/2023 21:00, charles wrote:
> In article <R8eIuprZ0lukFwLP@marfordfarm.demon.co.uk>,
> Tim Lamb <tim@marfordfarm.demon.co.uk> wrote:
>> In message <u9dkc8$36kct$2@dont-email.me>, Ottavio Caruso
>> <ottavio2006-usenet2012@yahoo.com> writes
>>> Am 21/07/2023 um 08:51 schrieb Tim Lamb:
>>>> Curious about an e-mail from NS&I questioning my contact details.
>>>> Looks authentic but when I logged in normally all my details are
>>>> correct.
>>>> The only recent event is a temporary number on my mobile while O2/
>>>> Vfone organised the transfer.
>>>> The other unrelated event is a call back from emergency services
>>>> (pocket dialling) where they wished me to confirm my address details!
>>>> Clearly they would have my mobile phone number but how is that linked
>>>> to my residential address?
>>>
>>> Check the sending SMTP server IP address in the headers (the one with
>>> "received : from ").
>
>> Hmm. outgoing@emailnsandi.com looks correct.
>>>
>
> I'd have expected NSandI to use a .gov suffix not a .com one
>

Prevents the scammers from using the .com URL, whereas they
cannot use the org.uk or gov.uk ones.

On 22/07/2023 14:18, Andrew wrote:
> On 21/07/2023 21:00, charles wrote:
>>
>> I'd have expected  NSandI to use a .gov suffix not a .com one
>>
>
> Prevents the scammers from using the .com URL, whereas they
> cannot use the org.uk or gov.uk ones.
>
I too would have expected a different suffix from NS&I. However I would
also have expected them to register the .com synonyms.

No reason why they can't do both.

Andy

On 21/07/2023 20:21, Tim Lamb wrote:
> In message <u9ea6q$3antn$1@dont-email.me>, John Rumm

>> Looking at text record info from their domain:
>>
>> C:\Users\John>nslookup
>> Default Server:  dns.google
>> Address:  8.8.8.8
>>
>>> set type=txt
>>> email.nsandi.com
>> Server:  dns.google
>> Address:  8.8.8.8
>>
>> Non-authoritative answer:
>> email.nsandi.com        canonical name = maxemail.emailcenteruk.com
>> maxemail.emailcenteruk.com      text =
>
> Snip totally confusing mathematical/alphabetic diarrhoea

I will pass your appreciation of the output from their nslookup tool to
microsoft's developers :-)

(To be fair I did not need to include the full log of the command line
session, but thought it worth doing since it demonstrates how to query
other types of information from the public DNS records)

>> Did Tim miss the . in the domain?

> Yes. Humble apologies:-)

That makes likelihood that the email was legit stronger since it was
from a an actual domain associated with the organisation the message
purported to come from, rather than a non existent one.

(and getting mail delivered reliably from a non existent domain is much
harder these days - most mail systems will just drop it)

> I was anxious to get started hand harvesting 4.5 acres of Ragwort before
> the ground dries anymore

And to be fair, more fun than wading through email headers!

--
Cheers,

John.

/=================================================================\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\=================================================================/

On 21/07/2023 20:32, Tim Lamb wrote:
> In message <khvu2uFrdvdU1@mid.individual.net>, Andy Burns
> <usenet@andyburns.uk> writes
>> mm0fmf wrote:
>>
>>> You can be very careful about who you mail and who therefore has your
>>> address. But you cannot make those recipients be careful. So when
>>> they get compromised in some way then your mail address, which is in
>>> their address books etc. still gets out to bad actors.
>>
>> But if you give out a unique email address per recipient, if/when they
>> do get compromised you can just kill that one address ...
>
> I have been online since 1993. Not happened yet... as far as I know!

This might tell you:

https://haveibeenpwned.com/

--
Cheers,

John.

/=================================================================\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\=================================================================/

In message <u9j3m6$83dl$1@dont-email.me>, John Rumm
<see.my.signature@nowhere.null> writes
>On 21/07/2023 20:32, Tim Lamb wrote:
>> In message <khvu2uFrdvdU1@mid.individual.net>, Andy Burns
>><usenet@andyburns.uk> writes
>>> mm0fmf wrote:
>>>
>>>> You can be very careful about who you mail and who therefore has
>>>>your address. But you cannot make those recipients be careful. So
>>>>when they get compromised in some way then your mail address, which
>>>>is in their address books etc. still gets out to bad actors.
>>>
>>> But if you give out a unique email address per recipient, if/when
>>>they do get compromised you can just kill that one address ...
>> I have been online since 1993. Not happened yet... as far as I know!
>
>This might tell you:
>
>https://haveibeenpwned.com/

Indeed. No PWNAGE found.
>
>
>

--
Tim Lamb

Tim Lamb wrote:

>> https://haveibeenpwned.com/
>
> Indeed. No PWNAGE found.

Presumably *not* for your Demon address?

In message <ki4mm5Fjp16U3@mid.individual.net>, Andy Burns
<usenet@andyburns.uk> writes
>Tim Lamb wrote:
>
>>> https://haveibeenpwned.com/
>> Indeed. No PWNAGE found.
>
>Presumably *not* for your Demon address?

Indeed. I did enter my current mail address:-)

--
Tim Lamb