Ok, I really need some help on this one folks. I have had our site, on our own dedicated server, hosted at a local company for several years now. Our site has never had problems with dissapearing emails, until recently. The company that hosts our server started their own site, in which they were reselling our servers and equipment. As soon as their site was up, my leads started dissapearing.
I am not one to accuse or slander a business relation, until I have hard evidence, but it doesn't look good. Several times, I have had customers call me and say that they kept emailing us for quotes, but nobody answered the mail. Of course, our provider can find nothing wrong. In addition, two of my customers have been contacted by this new company shortly after they sent an inquiry to us (that we never recieved).
Of course, I tried it myself. I tried it from my home, from a friends home, and then called two of my good customers and asked them to email me via the "contact us" on our site. Two got through to me, two did not. None bounced back. Noone was contacted for about a week, so I asked everyone to do it again. Once again, 1 went through and 3 did not.
Sure enough, one of my friends got a spam from our hosting companies new "ASP" division shortly thereafter. I don't want to move my server over to our place just yet. I need to know how I can prove that they are intercepting my emails. Is it possible?? I am really hot about this, to say the least. I will never be content to just walk away and take my losses.

Advice?
:angry:

If their reselling your equipment you should have had a non compete agreement in place with them. If their going after your own customers I would drop them like a bat thats the worst business practice of all.

But anyways to make a long story short there is no way to reroute your mail unless they have access to your server.

Originally posted by IPC PRO


[SNIP]

I need to know how I can prove that they are intercepting my emails. Is it possible?? I am really hot about this, to say the least. I will never be content to just walk away and take my losses.

Advice?
:angry:

Seems suspicious, that's for sure. Obviously this prodiver has no legal or ethical business reading your email, let alone removing them. Check your system's logs (telnet, ssh, etc.) and have your email program log (if it doesn't already) who connects to what POP account and when, and check those logs. If you see accesses from a server that isn't you, and if there's no "bad password" type of error logged with it, then you should find out who it is (and, of course, you should even if they do get a bad password).

That is unusual.....

I will suggest to charge the password first.

Set a forwarder so each email sent to that email address is also forwarded to your personal hotmail or yahoo account.

Put some notice on your site that if any one is not replied within certain period please try contacting over the phone or send email to different email address (use any hotmail or yahoo mail).

Keep sending emails to your self with different email address (you can create new with hotmail, yahoo etc.. everytime) with request for qoute and see if they contacts you with their offer.

Hope these suggestions will help you.

Side Note: this is my 100th post.

Originally posted by m6.net
I will suggest to charge the password first.

Set a forwarder so each email sent to that email address is also forwarded to your personal hotmail or yahoo account.

Put some notice on your site that if any one is not replied within certain period please try contacting over the phone or send email to different email address (use any hotmail or yahoo mail).

Keep sending emails to your self with different email address (you can create new with hotmail, yahoo etc.. everytime) with request for qoute and see if they contacts you with their offer.

Hope these suggestions will help you.

Side Note: this is my 100th post.

I was also going to suggest a password change, but assumed that was obvious.. however, it might not have been as much as I thought. I'd then too, suggest changing not only your email passwords, but your root and other important passwords as well -- to something not easily cracked. For your provider to gain access to check your email, they'd have to get the password (the new one) and they'd have to basically change an important password and you'd definitely notice a changed password!

They might be able to change it, but they'd not know what to change it back to. Further, you'd force them to log in to make this change, which wouldn't work out too well for them anyway. And, the idea of setting up a forwarded copy to a remote address (with a password they don't know too), is a good idea. Between those ideas and logging, you should definitely be able to tell or set your mind at ease.

Also on a side note, I just noticed this is my 400th post... Do I get that free 1978 TSR80 I was promised?

Thanks guys. They do, indeed, have access to everything in our server. Like I said, it has been there for a couple of years and we never felt there was any reason to change anything. I have changed passwords, and will see if this changes anything. My major screwup was the fact that this is a MS-based server. We have upgraded the OS a couple of times, but it remains Microsoft-based. If it were a Linux box, I would know exactly how to find out what I need to know.
It is currently running W2K Server, and I have no idea how to view the logins and such. Any W2K specific advise out there?
;)

OK, we have done a little more research and it appears that we have been the victim of selective interceptions... :(
If any of you have a couple of minutes on your hands, please help me out by going to the following link:
http://www.aproimage.com/contact.asp
fill out the form as if you were truly interested. Please don't put your real contact info, or they will probably spam the hell out of you. (i.e. ABC Hosting, 3333 whatthe heck street, etc.). I am interested to see how many get through. Please post on this site to let us know you sent one.

THANK YOU ALL VERY MUCH!!!

I filled it out.

Problem is when they see that these are all test they prob. will let all of them go through and only delete the actual sales submittions....

I realize that, cbaker17. Problem is that they are already tipped off. They are swearing it is a programming issue with my site. I am not making any changes to it, but am going to keep a running log of how many get posted, and how many get through. We have posted this request on about 20 other sites. 3 of us will sit in front of a monitor, watching every email that hits our server, so that it can't be deleted. We are going to do this for 5 days, 24 hours a day. Then we are going to get nasty..... Thanks.

I filled it out.

First thing I would do is jump on the server and check the logs. They may have left a trail. Check every possible thing. Its somewhat easy to see the trail of evidence.

Also, I recommend you lock them out of your systems.

About a year ago, I was a technical consultant for this law firm who we worked with my company. They had a client who ran into this same problem. The company the client was at was reading and deleting their emails. It was selective. They ended up winning a big settlement.

The law is on your end IF (and only IF) you can prove they are doing what we all think they are doing. Good luck proving it though, if there smart enough to delete log files, the only way to prove it is to setup sniffers on your own network. But then again, who's going to read the HUGE log files a sniffer creates :)

I have filled the form and name given was Sanjay Sharma.

I filled out the form with my real name (Colin Percival), a fake (but not obviously so) address, and a unique email address.

If any email arrives at that address, I'll know why.

Red alert! A big part of your problem is security. You can never overreact when there is a security problem. This is when it is highly recommended to be paranoid, or at least imagine paranoia. They are out to get you, now what do you do about it?

There's been some good advice and I'll repeat some of it. Change all passwords and make sure they do not have access (see a discussion about ***** having access to dedicated servers).

Set up your mail file so that a copy is sent to you at an address not on your server. In sendmail, this is done in the aliases file. I suppose other mail transport programs have similar capabilities.

Have an alternate address with a message to potential customers to use it if they do not get a response within a specified amount of time.

Alternately, move your e-mail off site, at least temporarily. You could use one of the hundreds of free e-mail services and have your messages forwarded to you elsewhere.

All of the above are solutions, albeit temporary ones, to your loss of business. Obviously, you need to move your server as soon as feasible. Your present hosts are not trustworthy.

I concur that you need to document their theft and be able to prove it conclusively. We can help a bit by using new e-mail addresses either on our own domains, or at the free e-mail services and then filling out the form on your site. If a new and previously unused address is spammed by them and you never received the message intended for you, it is string circumstantial evidence that they are intercepting your e-mail. Server logs may provide the more conclusive evidence.

I hope you :smash: the fargin bastages, the cork suckers! *








* See Johnny Dangerously if you don't get it!

One further bit of advice. Don't get nasty. For one thing, if it should end up in court, and it may, you need to remember the principle of going in with clean hands, meaning you did nothing wrong anywhere along the way, even in reaction to their misdeeds. You want to create no doubt that they are all black and you are all white, metaphorically speaking.

Remember too Teddy Roosevelt's philosophy, "speak softly and carry a big stick". Do your research. Assuming you are in the U.S., check with the FBI and the FCC. Those ice holes may have very well violated a few laws. It helps that computer crimes are being taken more seriously now.

So, instead of getting angry, get even, or, better yet, get ahead and put an end to them. Revenge is a dish best served cold.

DO your work, make your case, and then calll in the authorities. With a smile on your face, you might be able to say, tauntingly, "you're in BIG trouble" " na nah na nah nahh" :P :stickout

Thanks, I called a few folks from a local LUG to see if anyone was up to the task. Not surprisingly, :D , I found a few takers. It seems we have a few racing stripes left in the dirty laundry. We are acumulating info.
Also, thanks all of you for posting. They have all been getting through. This is utterly amazing, since the hosting company swears that it is a programming issue with our server....... Let's see who is amazed at the end of all of this...:cool:

You're welcome. There's one more thing you need to do, document everything. Start a journal of all your actions and the results. including implementing the advice you've been give here. Think in terms of legal action. If there is a criminal trial, you need to be able to prove beyond any resonable doubt, that they invaded your system and intercepted your mail. If a civil action, the requirements are lesser, you need a preponderance of evidence to indicate their guilt.

I would suggest you pin down the details and have incontrovertible proof. Criminals are stupid and they are most assuredly criminals. With patience and perseverence you can help render the fate they deserve and will have brought upon themselves.

Duster's comments are invaluable. Listen to them. Also, don't tip the company that your investigating or trying to catch them in the act. Just play it like you agree with them. Meanwhile, do your traces and investigations.

Skye,

If you can obtain the needed proof, contact your attorney if you have not yet done so. This is a criminal case if it were to go to court. This is the same thing as your neighbors taking your mail from your mailbox in the legal systems eyes.