Hello fellow relay operators,
My apologies as this is not related to tor relays, however, there seems to be several spammers subscribed to the relay list. Every time I am involved in a discussion on this list, I receive 3-5 emails supposedly from girls wanting to meet up (for sex). The emails in question claim they are sent from email address tor-relays@lists.torproject.org (and always have the same email subject of the discussion I was involved in).
I am somewhat in a trap as blocking them with spam filters would block all emails sent from the relay lists address. I am wondering what could be done about this (the email provider in question is Gmail).
Thank you.
On 06/08/2018 01:24 PM, Keifer Bly wrote:
Hello fellow relay operators,
My apologies as this is not related to tor relays, however, there seems to be several spammers subscribed to the relay list. Every time I am involved in a discussion on this list, I receive 3-5 emails supposedly from girls wanting to meet up (for sex). The emails in question claim they are sent from email address tor-relays@lists.torproject.org (and always have the same email subject of the discussion I was involved in).
I don't recall seeing such messages. So they must be spoofing the from address.
I am somewhat in a trap as blocking them with spam filters would block all emails sent from the relay lists address. I am wondering what could be done about this (the email provider in question is Gmail).
Maybe there's something in the headers that could be filtered on.
Also, I recall reading that Gmail doesn't actually parse headers properly. If from address is spoofed to your address, it goes in your outbox :) So maybe you need to use an old-school email client.
Thank you.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Yes, but the emails are saying that they are from the tor-relays@lists.tororoject.org email address. They must be spoofing the email address it’s coming from somehow. I just thought that I’d say something as given that they are making their emails come from that email address could mean that these spammers could have somehow gotten who is subscribed to the relay mailing list as this is my personal email and not a school or company owned google account, no one else has access to this email account but me so not sure how they would have known I am subscribed. I would supply a copy of the email but that may be tough as they contain nudity and graphically intensive language.
Sent from my iPhone
On Jun 8, 2018, at 6:18 PM, Mirimir mirimir@riseup.net wrote:
On 06/08/2018 01:24 PM, Keifer Bly wrote: Hello fellow relay operators,
My apologies as this is not related to tor relays, however, there seems to be several spammers subscribed to the relay list. Every time I am involved in a discussion on this list, I receive 3-5 emails supposedly from girls wanting to meet up (for sex). The emails in question claim they are sent from email address tor-relays@lists.torproject.org (and always have the same email subject of the discussion I was involved in).
I don't recall seeing such messages. So they must be spoofing the from address.
I am somewhat in a trap as blocking them with spam filters would block all emails sent from the relay lists address. I am wondering what could be done about this (the email provider in question is Gmail).
Maybe there's something in the headers that could be filtered on.
Also, I recall reading that Gmail doesn't actually parse headers properly. If from address is spoofed to your address, it goes in your outbox :) So maybe you need to use an old-school email client.
Thank you.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 06/08/2018 03:48 PM, Keifer Bly wrote:
Yes, but the emails are saying that they are from the tor-relays@lists.tororoject.org email address. They must be spoofing the email address it’s coming from somehow. I just thought that I’d say something as given that they are making their emails come from that email address could mean that these spammers could have somehow gotten who is subscribed to the relay mailing list as this is my personal email and not a school or company owned google account, no one else has access to this email account but me so not sure how they would have known I am subscribed. I would supply a copy of the email but that may be tough as they contain nudity and graphically intensive language.
How long have you been receiving them? I see that your first post to the list was on 2018-04-10. Anyone, whether subscribed or not, can get that from http://lists.torproject.org/pipermail/tor-relays/.
Please feel comfortable sending message source for one of them to me. Not just forwarding. Get the source text (in Thunderbird, it's just "View Source") and email as an attachment.
Sent from my iPhone
On Jun 8, 2018, at 6:18 PM, Mirimir mirimir@riseup.net wrote:
On 06/08/2018 01:24 PM, Keifer Bly wrote: Hello fellow relay operators,
My apologies as this is not related to tor relays, however, there seems to be several spammers subscribed to the relay list. Every time I am involved in a discussion on this list, I receive 3-5 emails supposedly from girls wanting to meet up (for sex). The emails in question claim they are sent from email address tor-relays@lists.torproject.org (and always have the same email subject of the discussion I was involved in).
I don't recall seeing such messages. So they must be spoofing the from address.
I am somewhat in a trap as blocking them with spam filters would block all emails sent from the relay lists address. I am wondering what could be done about this (the email provider in question is Gmail).
Maybe there's something in the headers that could be filtered on.
Also, I recall reading that Gmail doesn't actually parse headers properly. If from address is spoofed to your address, it goes in your outbox :) So maybe you need to use an old-school email client.
Thank you.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I receive them whenever I send a note to this address, starting with the first time I participated in a conversation with this thread. Thank you.
From: Mirimir Sent: Friday, June 8, 2018 8:05 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Spam Emails Received From This Mailing List
On 06/08/2018 03:48 PM, Keifer Bly wrote:
Yes, but the emails are saying that they are from the tor-relays@lists.tororoject.org email address. They must be spoofing the email address it’s coming from somehow. I just thought that I’d say something as given that they are making their emails come from that email address could mean that these spammers could have somehow gotten who is subscribed to the relay mailing list as this is my personal email and not a school or company owned google account, no one else has access to this email account but me so not sure how they would have known I am subscribed. I would supply a copy of the email but that may be tough as they contain nudity and graphically intensive language.
How long have you been receiving them? I see that your first post to the list was on 2018-04-10. Anyone, whether subscribed or not, can get that from http://lists.torproject.org/pipermail/tor-relays/.
Please feel comfortable sending message source for one of them to me. Not just forwarding. Get the source text (in Thunderbird, it's just "View Source") and email as an attachment.
Sent from my iPhone
On Jun 8, 2018, at 6:18 PM, Mirimir mirimir@riseup.net wrote:
On 06/08/2018 01:24 PM, Keifer Bly wrote: Hello fellow relay operators,
My apologies as this is not related to tor relays, however, there seems to be several spammers subscribed to the relay list. Every time I am involved in a discussion on this list, I receive 3-5 emails supposedly from girls wanting to meet up (for sex). The emails in question claim they are sent from email address tor-relays@lists.torproject.org (and always have the same email subject of the discussion I was involved in).
I don't recall seeing such messages. So they must be spoofing the from address.
I am somewhat in a trap as blocking them with spam filters would block all emails sent from the relay lists address. I am wondering what could be done about this (the email provider in question is Gmail).
Maybe there's something in the headers that could be filtered on.
Also, I recall reading that Gmail doesn't actually parse headers properly. If from address is spoofed to your address, it goes in your outbox :) So maybe you need to use an old-school email client.
Thank you.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 06/08/2018 04:06 PM, Keifer Bly wrote:
I receive them whenever I send a note to this address, starting with the first time I participated in a conversation with this thread. Thank you.
Wow, that's bizarre! I thought that you meant occasionally, not after every post. But still, someone could be watching for your posts, and then sending spam to you with tor-relays@lists.torproject.org as a spoofed from header.
I get that this is off-topic, and that most of you are rolling your eyes. But if anyone else has seen this, I'd like to know.
And as I've said, I'm happy to review some source, and see if some header could be used to block.
From: Mirimir Sent: Friday, June 8, 2018 8:05 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Spam Emails Received From This Mailing List
On 06/08/2018 03:48 PM, Keifer Bly wrote:
Yes, but the emails are saying that they are from the tor-relays@lists.tororoject.org email address. They must be spoofing the email address it’s coming from somehow. I just thought that I’d say something as given that they are making their emails come from that email address could mean that these spammers could have somehow gotten who is subscribed to the relay mailing list as this is my personal email and not a school or company owned google account, no one else has access to this email account but me so not sure how they would have known I am subscribed. I would supply a copy of the email but that may be tough as they contain nudity and graphically intensive language.
How long have you been receiving them? I see that your first post to the list was on 2018-04-10. Anyone, whether subscribed or not, can get that from http://lists.torproject.org/pipermail/tor-relays/.
Please feel comfortable sending message source for one of them to me. Not just forwarding. Get the source text (in Thunderbird, it's just "View Source") and email as an attachment.
Sent from my iPhone
On Jun 8, 2018, at 6:18 PM, Mirimir mirimir@riseup.net wrote:
On 06/08/2018 01:24 PM, Keifer Bly wrote: Hello fellow relay operators,
My apologies as this is not related to tor relays, however, there seems to be several spammers subscribed to the relay list. Every time I am involved in a discussion on this list, I receive 3-5 emails supposedly from girls wanting to meet up (for sex). The emails in question claim they are sent from email address tor-relays@lists.torproject.org (and always have the same email subject of the discussion I was involved in).
I don't recall seeing such messages. So they must be spoofing the from address.
I am somewhat in a trap as blocking them with spam filters would block all emails sent from the relay lists address. I am wondering what could be done about this (the email provider in question is Gmail).
Maybe there's something in the headers that could be filtered on.
Also, I recall reading that Gmail doesn't actually parse headers properly. If from address is spoofed to your address, it goes in your outbox :) So maybe you need to use an old-school email client.
Thank you.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I've gotten these emails as well. Since I have my own email server, I configured Postfix to block the spam address. For me, the address was consistently the same. I thought that it was just a problem with my spam filter, but looking here even Gmail users got these messages.
I also uploaded a few of these messages to SpamCop (and if you still have your emails, you should also).
IMHO we should just block emails from *.mexyst.com domains (it seems everyone got a different sending address), no matter what email we use. Gmail, Outlook, ProtonMail, Riseup, or even your own server if you're like me.
-Neel Chauhan
===
On 2018-06-09 00:08, Mirimir wrote:
On 06/08/2018 04:06 PM, Keifer Bly wrote:
I receive them whenever I send a note to this address, starting with the first time I participated in a conversation with this thread. Thank you.
Wow, that's bizarre! I thought that you meant occasionally, not after every post. But still, someone could be watching for your posts, and then sending spam to you with tor-relays@lists.torproject.org as a spoofed from header.
I get that this is off-topic, and that most of you are rolling your eyes. But if anyone else has seen this, I'd like to know.
And as I've said, I'm happy to review some source, and see if some header could be used to block.
From: Mirimir Sent: Friday, June 8, 2018 8:05 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Spam Emails Received From This Mailing List
On 06/08/2018 03:48 PM, Keifer Bly wrote:
Yes, but the emails are saying that they are from the tor-relays@lists.tororoject.org email address. They must be spoofing the email address it’s coming from somehow. I just thought that I’d say something as given that they are making their emails come from that email address could mean that these spammers could have somehow gotten who is subscribed to the relay mailing list as this is my personal email and not a school or company owned google account, no one else has access to this email account but me so not sure how they would have known I am subscribed. I would supply a copy of the email but that may be tough as they contain nudity and graphically intensive language.
How long have you been receiving them? I see that your first post to the list was on 2018-04-10. Anyone, whether subscribed or not, can get that from http://lists.torproject.org/pipermail/tor-relays/.
Please feel comfortable sending message source for one of them to me. Not just forwarding. Get the source text (in Thunderbird, it's just "View Source") and email as an attachment.
Sent from my iPhone
On Jun 8, 2018, at 6:18 PM, Mirimir mirimir@riseup.net wrote:
On 06/08/2018 01:24 PM, Keifer Bly wrote: Hello fellow relay operators,
My apologies as this is not related to tor relays, however, there seems to be several spammers subscribed to the relay list. Every time I am involved in a discussion on this list, I receive 3-5 emails supposedly from girls wanting to meet up (for sex). The emails in question claim they are sent from email address tor-relays@lists.torproject.org (and always have the same email subject of the discussion I was involved in).
I don't recall seeing such messages. So they must be spoofing the from address.
I am somewhat in a trap as blocking them with spam filters would block all emails sent from the relay lists address. I am wondering what could be done about this (the email provider in question is Gmail).
Maybe there's something in the headers that could be filtered on.
Also, I recall reading that Gmail doesn't actually parse headers properly. If from address is spoofed to your address, it goes in your outbox :) So maybe you need to use an old-school email client.
Thank you.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Le 8 juin 2018 21:18:41 GMT-04:00, Mirimir mirimir@riseup.net a écrit :
Maybe there's something in the headers that could be filtered on.
Maybe you could filter on the List-Id header (or rather on its absence).
I don't know what can be done on gmail tho.
I may be missing something, but does the domain torproject.org have DNS set SPF strict, DKIM, DMARC set up?
Gerry
-----Original Message----- From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of Johan Fleury Sent: 09 June 2018 04:51 To: tor-relays@lists.torproject.org; Mirimir mirimir@riseup.net Subject: Re: [tor-relays] Spam Emails Received From This Mailing List
Le 8 juin 2018 21:18:41 GMT-04:00, Mirimir mirimir@riseup.net a écrit :
Maybe there's something in the headers that could be filtered on.
Maybe you could filter on the List-Id header (or rather on its absence).
I don't know what can be done on gmail tho.
I also got spam as an off-list reply after sending an email to this list (starting with 2018-06-05) but there is no spoofing involved and the from is "kirstiea.lucey536805@fk.mexyst.com"
which made it easy to simply filter/delete emails from that address without causing any further annoyance until they change the address.
I also got spamed on 2018-06-05 with an email address "kirstiea.lucey464911@cz.mexyst.com" No adress spoofing involved.
On 2018 m. birželio 9 d. 11:07:00 GMT+03:00, nusenu nusenu-lists@riseup.net wrote:
I also got spam as an off-list reply after sending an email to this list (starting with 2018-06-05) but there is no spoofing involved and the from is "kirstiea.lucey536805@fk.mexyst.com"
which made it easy to simply filter/delete emails from that address without causing any further annoyance until they change the address.
-- https://mastodon.social/@nusenu twitter: @nusenu_
It seems that I am getting spam from a new email address: camrynbentley870896@ao.ovsum.com
The pattern is that the emails are from *@*.ovsum.com addresses. Just block this pattern as well, and report your emails to SpamCop.
-Neel Chauhan
===
On 2018-06-08 20:24, Keifer Bly wrote:
Hello fellow relay operators,
My apologies as this is not related to tor relays, however, there seems to be several spammers subscribed to the relay list. Every time I am involved in a discussion on this list, I receive 3-5 emails supposedly from girls wanting to meet up (for sex). The emails in question claim they are sent from email address tor-relays@lists.torproject.org (and always have the same email subject of the discussion I was involved in).
I am somewhat in a trap as blocking them with spam filters would block all emails sent from the relay lists address. I am wondering what could be done about this (the email provider in question is Gmail).
Thank you. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 06/11/2018 10:56 AM, Neel Chauhan wrote:
It seems that I am getting spam from a new email address: camrynbentley870896@ao.ovsum.com
The pattern is that the emails are from *@*.ovsum.com addresses. Just block this pattern as well, and report your emails to SpamCop.
Yeah, that's us27.axiobyte.com [104.161.37.152].
It's hosted on mellowhost.com by Input Output Flood LLC. The abuse contact is Gabriel Ramuglia (abuse@ioflood.com). I suggest that we all file abuse reports.
-Neel Chauhan
===
On 2018-06-08 20:24, Keifer Bly wrote:
Hello fellow relay operators,
My apologies as this is not related to tor relays, however, there seems to be several spammers subscribed to the relay list. Every time I am involved in a discussion on this list, I receive 3-5 emails supposedly from girls wanting to meet up (for sex). The emails in question claim they are sent from email address tor-relays@lists.torproject.org (and always have the same email subject of the discussion I was involved in).
I am somewhat in a trap as blocking them with spam filters would block all emails sent from the relay lists address. I am wondering what could be done about this (the email provider in question is Gmail).
Thank you. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 06/11/2018 10:56 AM, Neel Chauhan wrote:
It seems that I am getting spam from a new email address: camrynbentley870896@ao.ovsum.com
The pattern is that the emails are from *@*.ovsum.com addresses. Just block this pattern as well, and report your emails to SpamCop.
Oh, and it seems that each user gets mail from a distinct sender. I get it from camrynbentley963618@np.ovsum.com. So they're keeping track. I wonder if they block replies from third parties.
-Neel Chauhan
===
<SNIP>
Just to add some information:
I have started receiving these from a different (non-tor) mailing list, with addresses that look similar (and exact in the case of below)
This other list is closed, however the archives are open and we are assuming that the address harvesting is happening via the archive.
Its possible these spammers are operating similarly / could be the same ones.
On Jun 11, 2018, at 5:49 PM, Mirimir mirimir@riseup.net wrote:
On 06/11/2018 10:56 AM, Neel Chauhan wrote:
It seems that I am getting spam from a new email address: camrynbentley870896@ao.ovsum.com
The pattern is that the emails are from *@*.ovsum.com addresses. Just block this pattern as well, and report your emails to SpamCop.
Oh, and it seems that each user gets mail from a distinct sender. I get it from camrynbentley963618@np.ovsum.com. So they're keeping track. I wonder if they block replies from third parties.
-Neel Chauhan
===
<SNIP>
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Yes, I searched some of the spam domains, and find complaints on other lists about basically the same spam. So it's likely not an attack on Tor specifically. Or maybe just promotion for the linked sites.
On 06/12/2018 02:58 AM, Colin Childs wrote:
Just to add some information:
I have started receiving these from a different (non-tor) mailing list, with addresses that look similar (and exact in the case of below)
This other list is closed, however the archives are open and we are assuming that the address harvesting is happening via the archive.
Its possible these spammers are operating similarly / could be the same ones.
On Jun 11, 2018, at 5:49 PM, Mirimir mirimir@riseup.net wrote:
On 06/11/2018 10:56 AM, Neel Chauhan wrote:
It seems that I am getting spam from a new email address: camrynbentley870896@ao.ovsum.com
The pattern is that the emails are from *@*.ovsum.com addresses. Just block this pattern as well, and report your emails to SpamCop.
Oh, and it seems that each user gets mail from a distinct sender. I get it from camrynbentley963618@np.ovsum.com. So they're keeping track. I wonder if they block replies from third parties.
-Neel Chauhan
===
<SNIP>
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I note that you do not receive any spam until you post to the list. So is it a bot subscribed to the list or is it reading the piper mail?
Paul
It seems to be coming from slightly different email addresses, so that is difficult to tell. But it happens when I am posting to the list, not any other time, but I’ll receive up to ten of them within the next few minutes. What do you all think?
From: Paul Templeton Sent: Tuesday, June 12, 2018 5:07 PM To: tor-relays@lists.torproject.org. Subject: Re: [tor-relays] Spam Emails Received From This Mailing List
I note that you do not receive any spam until you post to the list. So is it a bot subscribed to the list or is it reading the piper mail?
Paul _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
There's no point in overhead of repeatedly trolling and processing out stale archives when you can get valuable live bodies delivered instantly to your parsers for far less cost and work.
There are probably spam subs in Colin's list too, he didn't say which list, what exactly "closed" means, what subcount there is going back to when, etc.
Remote clouds and rspamd have learned them already since a while, faster, before they get shutdown.
Spooks are harder to kill than a little spam, work on those ;)
Just to fill in that information, the list I was referring to has 5 people on it (same 5 since it started) and by “closed”, I mean only the 5 of us were only ever able to register.
The archive has been open since the list began, and a few of us have been experiencing similar issues to what has been reported on this list. Not saying its whats happening here, but could be a useful note.
On Jun 13, 2018, at 1:54 AM, grarpamp grarpamp@gmail.com wrote:
There's no point in overhead of repeatedly trolling and processing out stale archives when you can get valuable live bodies delivered instantly to your parsers for far less cost and work.
There are probably spam subs in Colin's list too, he didn't say which list, what exactly "closed" means, what subcount there is going back to when, etc.
Remote clouds and rspamd have learned them already since a while, faster, before they get shutdown.
Spooks are harder to kill than a little spam, work on those ;) _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
this kind of spam also happens if you post emails to tor-dev.
last spam sender address: rosegregory714756@cc.mexyst.com
On 06/14/2018 04:33 AM, nusenu wrote:
this kind of spam also happens if you post emails to tor-dev.
last spam sender address: rosegregory714756@cc.mexyst.com
It seems that they've given up on me, after some days with no reply. So is that a pattern for y'all?
I finally did review the images, in a Debian LiveCD with no network connectivity. They're not bad porn, really. Images from Becky and Camryn have no obvious watermarks, but those from Rose are marked "cherryscott". And they're clearly @CherryScott23. If I could, I'd tweet her about the ripoff.
So anyway, our spammer is clearly using stock image libraries. And maybe that was obvious.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 06/14/2018 02:18 PM, Mirimir wrote:
On 06/14/2018 04:33 AM, nusenu wrote:
this kind of spam also happens if you post emails to tor-dev.
last spam sender address: rosegregory714756@cc.mexyst.com
It seems that they've given up on me, after some days with no reply. So is that a pattern for y'all?
OK, so much for that hypothesis. Just got one from Camryn. It actually seems responsive ...
| Hey I'm glad to see someone real responding haha
... and it appeared within minutes of my post to the list. So there's apparently a human involved, who's actively watching the list.
Also, as before, the In-Reply-To header matches my Message-ID header.
But something interesting. The ultimate message source is "localhost (unknown [107.178.101.4])". From https://ipinfo.io/ I get that this is "vox21.hurters.biz". With a little work, I get to "http://hurters.biz/?domain=hurters.biz?reqp=1&qaspoofip=206.190.145.84&a..." which shows:
| Welcome to hurters.biz | This Web page is parked for FREE, courtesy of GoDaddy.com.
From https://ipinfo.io/ I get to 206.190.145.84.adsl.inet-telecom.org
which looks a lot like a home ADSL account. Botnet maybe?
And what is "qaspoofip"?
Again, this is all on mellowhost.com by Input Output Flood LLC. The abuse contact is Gabriel Ramuglia (abuse@ioflood.com).
Anyway, here's the https://ipinfo.io/ data:
Received: from us37.axiobyte.com (us37.axiobyte.com [104.161.37.171])
ip: "104.161.37.171" hostname: "us37.axiobyte.com" city: "Dhaka" region: "Dhaka Division" country: "BD" loc: "23.7231,90.4086" postal: "1000" asn: Object asn: "AS53755" name: "Input Output Flood LLC" domain: "ioflood.com" route: "104.161.32.0/20" type: "hosting" company: Object name: "Mellowhost" domain: "mellowhost.com" type: "hosting"
Received: from localhost (unknown [107.178.101.4])
ip: "107.178.101.4" hostname: "vox21.hurters.biz" city: "Dhaka" region: "Dhaka" country: "BD" loc: "23.8179,90.4103" postal: "1206" asn: Object asn: "AS53755" name: "Input Output Flood LLC" domain: "ioflood.com" route: "107.178.64.0/18" type: "hosting" company: Object name: "Mellowhost" domain: "mellowhost.com" type: "hosting"
... domain=hurters.biz ... qaspoofip=206.190.145.84 ...
ip: "206.190.145.84" hostname: "206.190.145.84.adsl.inet-telecom.org" city: "Providence" region: "Utah" country: "US" loc: "41.6929,-111.8150" postal: "84332" asn: Object asn: "AS29854" name: "WestHost, Inc." domain: "westhost.com" route: "206.190.128.0/19" type: "hosting" company: Object name: "Hosting Services, Inc." domain: "banahosting.com" type: "hosting"
I finally did review the images, in a Debian LiveCD with no network connectivity. They're not bad porn, really. Images from Becky and Camryn have no obvious watermarks, but those from Rose are marked "cherryscott". And they're clearly @CherryScott23. If I could, I'd tweet her about the ripoff.
So anyway, our spammer is clearly using stock image libraries. And maybe that was obvious.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
could be she much alone
nusenu:
this kind of spam also happens if you post emails to tor-dev.
last spam sender address: rosegregory714756@cc.mexyst.com
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Well darn if I didn't just get spammed (first time) when I replied to "metrixbot broken" email just now. (camrynbentley554167 at mv.ovsum.com, who wants to trade pics with me..)
--torix
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On June 14, 2018 11:33 AM, nusenu nusenu-lists@riseup.net wrote:
this kind of spam also happens if you post emails to tor-dev.
last spam sender address: rosegregory714756@cc.mexyst.com
https://mastodon.social/@nusenu
twitter: @nusenu_
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
The first time I got one it just said “Hey I want to talk to you”. It did not contain any pictures or anything, so I did not know what was going on. I replied and asked if she was from the list, and I got another email back asking me for my picture, etc (which I ignored). So, given by that it knows how to sword and send replies, I would surmise that there is a human that is sending them, yes.
On Jun 15, 2018, at 8:53 AM, torix@protonmail.com wrote:
Well darn if I didn't just get spammed (first time) when I replied to "metrixbot broken" email just now. (camrynbentley554167 at mv.ovsum.com, who wants to trade pics with me..)
--torix
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On June 14, 2018 11:33 AM, nusenu nusenu-lists@riseup.net wrote:
this kind of spam also happens if you post emails to tor-dev.
last spam sender address: rosegregory714756@cc.mexyst.com
https://mastodon.social/@nusenu
twitter: @nusenu_
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On June 14, 2018 8:33 AM, nusenu nusenu-lists@riseup.net wrote:
this kind of spam also happens if you post emails to tor-dev. last spam sender address: rosegregory714756@cc.mexyst.com
Confirmed. I've killfiled messages from that address, but they're still coming in.
Is anybody else getting messages that purport to have CCNs in them? Three or four out of the two dozen this week have had them.
The Doctor [412/724/301/703/415/510] PGP (new!): 4d7d 5c94 fa44 a235 WWW: https://drwho.virtadpt.net/ TOYNBEE IDEA IN KUBRICK'S 2001 RESURRECT DEAD ON PLANET JUPITER
Me too man! I have created a filter in my Gmail to automatically delete the pesky emails but I am still getting them anyway. I will file another abuse report to that email address.
From: The Doctor [412/724/301/703/415/510] Sent: Friday, June 15, 2018 11:19 AM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Spam Emails Received From This Mailing List
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On June 14, 2018 8:33 AM, nusenu nusenu-lists@riseup.net wrote:
this kind of spam also happens if you post emails to tor-dev. last spam sender address: rosegregory714756@cc.mexyst.com
Confirmed. I've killfiled messages from that address, but they're still coming in.
Is anybody else getting messages that purport to have CCNs in them? Three or four out of the two dozen this week have had them.
The Doctor [412/724/301/703/415/510] PGP (new!): 4d7d 5c94 fa44 a235 WWW: https://drwho.virtadpt.net/ TOYNBEE IDEA IN KUBRICK'S 2001 RESURRECT DEAD ON PLANET JUPITER
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 06/15/2018 07:18 AM, The Doctor [412/724/301/703/415/510] wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On June 14, 2018 8:33 AM, nusenu nusenu-lists@riseup.net wrote:
this kind of spam also happens if you post emails to tor-dev. last spam sender address: rosegregory714756@cc.mexyst.com
Confirmed. I've killfiled messages from that address, but they're still coming in.
Is anybody else getting messages that purport to have CCNs in them? Three or four out of the two dozen this week have had them.
Yes, I've received those too. I doubt that they're valid.
Upon reflection, I don't believe that there's any human management. The progression after the initial message is pretty consistent, with maybe a couple forks. Maybe I'll look carefully when I have a larger sample.
Replying is pointless, I think. All they want is traffic to the various "dating" sites.
The Doctor [412/724/301/703/415/510] PGP (new!): 4d7d 5c94 fa44 a235 WWW: https://drwho.virtadpt.net/ TOYNBEE IDEA IN KUBRICK'S 2001 RESURRECT DEAD ON PLANET JUPITER
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi all, I wanted to inform that via the emails that have been coming from yahoo mail addresses, I reported those yahoo email addresses to Yahoo via there spam report page at https://io.help.yahoo.com/contact/index?page=contactform&locale=en_US&am....
Haven’t gotten a response yet but will let know what happens, thanks yall.
Sent from my iPhone
On Jun 15, 2018, at 4:10 PM, Mirimir mirimir@riseup.net wrote:
On 06/15/2018 07:18 AM, The Doctor [412/724/301/703/415/510] wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On June 14, 2018 8:33 AM, nusenu nusenu-lists@riseup.net wrote:
this kind of spam also happens if you post emails to tor-dev. last spam sender address: rosegregory714756@cc.mexyst.com
Confirmed. I've killfiled messages from that address, but they're still coming in.
Is anybody else getting messages that purport to have CCNs in them? Three or four out of the two dozen this week have had them.
Yes, I've received those too. I doubt that they're valid.
Upon reflection, I don't believe that there's any human management. The progression after the initial message is pretty consistent, with maybe a couple forks. Maybe I'll look carefully when I have a larger sample.
Replying is pointless, I think. All they want is traffic to the various "dating" sites.
The Doctor [412/724/301/703/415/510] PGP (new!): 4d7d 5c94 fa44 a235 WWW: https://drwho.virtadpt.net/ TOYNBEE IDEA IN KUBRICK'S 2001 RESURRECT DEAD ON PLANET JUPITER
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hey, new here - long time only reading the mails:
But.. Yahoo is still alive and someone is for real using it? o.O
16. Juni 2018 16:55, "Keifer Bly" keifer.bly@gmail.com schrieb:
Hi all, I wanted to inform that via the emails that have been coming from yahoo mail addresses, I reported those yahoo email addresses to Yahoo via there spam report page at https://io.help.yahoo.com/contact/index?page=contactform&locale=en_US&am... z8ElV6Yl7dnHn67FP9aovfRkHSbpL250D%2BNv8Cir%2B2dmTfF99U40LNX4ZGpPvRgTwBV8VdzMq6qSgVYhyyV46B70bSKqkrRL dG8ZcBxl%2FVdYyq1hHKS2ih8aENLJClsrrSiVRxs4&selectedChannel=email-icon.
Haven’t gotten a response yet but will let know what happens, thanks yall.
Sent from my iPhone
On Jun 15, 2018, at 4:10 PM, Mirimir mirimir@riseup.net wrote:
On 06/15/2018 07:18 AM, The Doctor [412/724/301/703/415/510] wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On June 14, 2018 8:33 AM, nusenu nusenu-lists@riseup.net wrote:
this kind of spam also happens if you post emails to tor-dev.
last spam sender address: rosegregory714756@cc.mexyst.com
Confirmed. I've killfiled messages from that address, but they're still coming in.
Is anybody else getting messages that purport to have CCNs in them? Three or four out of the two dozen this week have had them.
Yes, I've received those too. I doubt that they're valid.
Upon reflection, I don't believe that there's any human management. The progression after the initial message is pretty consistent, with maybe a couple forks. Maybe I'll look carefully when I have a larger sample.
Replying is pointless, I think. All they want is traffic to the various "dating" sites.
The Doctor [412/724/301/703/415/510]
PGP (new!): 4d7d 5c94 fa44 a235
TOYNBEE IDEA IN KUBRICK'S 2001 RESURRECT DEAD ON PLANET JUPITER
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
It appears so, I still know a few people that use yahoo mail. Anyway I reported the spam emails to them and well we will see what they say.
Sent from my iPhone
On Jun 16, 2018, at 8:00 AM, hallo@d-ku.de wrote:
Hey, new here - long time only reading the mails:
But.. Yahoo is still alive and someone is for real using it? o.O
- Juni 2018 16:55, "Keifer Bly" keifer.bly@gmail.com schrieb:
Hi all, I wanted to inform that via the emails that have been coming from yahoo mail addresses, I reported those yahoo email addresses to Yahoo via there spam report page at https://io.help.yahoo.com/contact/index?page=contactform&locale=en_US&am... z8ElV6Yl7dnHn67FP9aovfRkHSbpL250D%2BNv8Cir%2B2dmTfF99U40LNX4ZGpPvRgTwBV8VdzMq6qSgVYhyyV46B70bSKqkrRL dG8ZcBxl%2FVdYyq1hHKS2ih8aENLJClsrrSiVRxs4&selectedChannel=email-icon.
Haven’t gotten a response yet but will let know what happens, thanks yall.
Sent from my iPhone
On Jun 15, 2018, at 4:10 PM, Mirimir mirimir@riseup.net wrote:
On 06/15/2018 07:18 AM, The Doctor [412/724/301/703/415/510] wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On June 14, 2018 8:33 AM, nusenu nusenu-lists@riseup.net wrote:
this kind of spam also happens if you post emails to tor-dev.
last spam sender address: rosegregory714756@cc.mexyst.com
Confirmed. I've killfiled messages from that address, but they're still coming in.
Is anybody else getting messages that purport to have CCNs in them? Three or four out of the two dozen this week have had them.
Yes, I've received those too. I doubt that they're valid.
Upon reflection, I don't believe that there's any human management. The progression after the initial message is pretty consistent, with maybe a couple forks. Maybe I'll look carefully when I have a larger sample.
Replying is pointless, I think. All they want is traffic to the various "dating" sites.
The Doctor [412/724/301/703/415/510]
PGP (new!): 4d7d 5c94 fa44 a235
TOYNBEE IDEA IN KUBRICK'S 2001 RESURRECT DEAD ON PLANET JUPITER
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Colin Childs -
Damien Gray -
gerard@bulger.co.uk -
grarpamp -
hallo@d-ku.de -
Johan Fleury -
Keifer Bly -
Mirimir -
Neel Chauhan -
nusenu -
Paul Templeton -
pikami -
The Doctor [412/724/301/703/415/510] -
torix@protonmail.com