+JoergWausW Posted January 7, 2018 Share Posted January 7, 2018 The notification email for new messages can be answered directly from your email-program. Sadly, I did this a couple times, instead of opening the message center in the browser. Problem is: Sadly, my email account was hacked some time ago, and - next to a lot more others - some email addresses that were created to answer to the message center are used now to send spam. This spam now shows up in the message center in my geocaching account, and, of course, in the accounts of those people I used the reply by email feature with. They even get a notification email with a copy of the spam included - resulting in spam "provided" by geocaching.com... and I didn't even send it - plus I'm not aware of it as long as I don't open my message center in the browser. So I'm looking for a solution that this spam stops. Is it possible to disable those specific message center email addresses from working? I would not have a problem communicating to the affected people browser only or app only, because I hardly ever used the reply to email option at all... (or is this email address used in the app?) (yes, I know that it was not a good idea to be hacked. I must have used the same password for some internet service that I also used for my email account - this some-service was hacked, and the evil guys got my account-password combination... I'll never know what service that was... ) Quote Link to comment
+on4bam Posted January 7, 2018 Share Posted January 7, 2018 I hope you changed your password(s) that way nothing can be send from your own account anymore by the spammers. Quote Link to comment
+Viajero Perdido Posted January 7, 2018 Share Posted January 7, 2018 (edited) The least Groundspeak could do* is disable the Message Center for cachers known to be dead. I received spam from someone I was sure I'd never hear from again. Groundspeak knows he's dead; their bot auto-disabled all his caches, even the ones reported as being in fine shape, and the reviewer has dutifully since archived them all. Hey! But that's another story for another thread. I've mentioned it. (* A much better solution would be to allow all members - customers - to disable the Message Center. Dream on.) Edited January 7, 2018 by Viajero Perdido Quote Link to comment
+TriciaG Posted January 7, 2018 Share Posted January 7, 2018 I find this confusing. The email you use for the Message Center was hacked? I'd say, get a new email address and update your account here with the new email. Or are you saying the email program/client you used was hacked, so no matter what email you use for the Message Center, it'll be used for spam? In that case... I don't know. Get a new email client? Quote Link to comment
+on4bam Posted January 7, 2018 Share Posted January 7, 2018 As I understand it, the account was hacked. So login/pass for the mailbox is in a hackers hands. Change password = problem solved. Quote Link to comment
+The A-Team Posted January 8, 2018 Share Posted January 8, 2018 (edited) On 1/7/2018 at 11:36 AM, on4bam said: As I understand it, the account was hacked. So login/pass for the mailbox is in a hackers hands. Change password = problem solved. ...or, if the hackers changed the password and this can't be done, change the primary email address associated with the geocaching.com account like TriciaG suggested. Only emails coming from the primary email address will be processed by the Message Center. Edited January 8, 2018 by The A-Team Quote Link to comment
+JoergWausW Posted January 10, 2018 Author Share Posted January 10, 2018 Ok, maybe I wasn't clear enough. Nobody is sending spam using my actual email account anymore - I changed the password immediately. They can still fake the sender's email address (as in real life everyone can write a letter and put their neighbor's address as sender info on the envelope), but this is not what I'm talking about here: This is how Groundspeak's Service works, as far as I understand: 1) You get a notification email about a new message in your email programm. 2) You hit "reply to this email" in your email programm. 3) Your write your answer with your email programm and hit "send". 4) Your message appears in the message center with correct sender and recipient. In step 3) your email is sent to an email address at Groundspeak/geocaching.com. The user name of this email address is a code that contains information about sender and recipient. This coded email address was stolen during the hacking of my email account. The spammers are now mailing spam to this address. To do this they don't need any access to anything that is related to me or the other cacher I was in contact with. The Groundspeak server interprets the spammers' email address and routes the message to the sender/recipient combination it was created for, and voilá it appears in the message center. If these spammers' emails were carefully checked whether they were really sent by my email account, it wouldn't happen. Shutting down my email account would not help, because the spammers will continue using this coded email address as long as they are in their evil spammer business... Quote Link to comment
+rkedge Posted July 2, 2020 Share Posted July 2, 2020 It's 2020 and this is still an issue. I know it's convenient to reply to the email instead of opening the app or website, but this makes man-in-the-middle attacks trivial. I really think they should disable this behavior. To respond to a message in Message Center you should have to log in to your geocaching.com account. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.