So, for me, it appears that the jerk spammers have advanced, Instead of sending spam to the tor-relays@lists.torproject.org email address, they are now directly sending spam to specific addresses subscribed to the list. I got one today from colemanrosettad@gmail.com, and have been receiving some over the last few days that were sent directly to this email address. I did not think they were related, but the other email addresses the one I received today was also sent to the addresses below, which I believe are addresses that are subscribed to the list. I have reported it to Google via their abuse report email address which is registrar-abuse@google.com, so I will see what they say (and forward it to the list if requested).
The other addresses were: johndalton289@gmail.com, and teor2345@gmail.com. I tried attaching a photo of the "to" field but it was rejected due to size limitations.
Just thought I'd give a heads up.
On Thu, Sep 20, 2018 at 9:10 PM Keifer Bly keifer.bly@gmail.com wrote:
So, for me, it appears that the jerk spammers have advanced, Instead of sending spam to the tor-relays@lists.torproject.org email address, they are now directly sending spam to specific addresses subscribed to the list. I got one today from colemanrosettad@gmail.com, and have been receiving some over the last few days that were sent directly to this email address. I did not think they were related, but the other email addresses the one I received today was also sent to the addresses in the attached photo, which I believe are addresses that are subscribed to the list. I have reported it to Google via their abuse report email address which is registrar-abuse@google.com, so I will see what they say (and forward it to the list if requested).
Just thought I'd give a heads up.
On Fri, Jul 13, 2018 at 7:47 PM Keifer Bly keifer.bly@gmail.com wrote:
I looked it up. You can forward the spams that the Gmail address are sending to registrar-abuse@google.com, which reports spam emails and inappropriate content being sent by Gmail users to Google. Try that.
*From: *Mirimir mirimir@riseup.net *Sent: *Friday, July 13, 2018 7:41 PM *To: *tor-relays@lists.torproject.org *Subject: *Re: [tor-relays] Jerk spammers on tor-relays (was Re: Fwd: Tor GuardRelay)
On 07/13/2018 03:07 PM, Keifer Bly wrote:
Dang. I stopped getting them for a while due to the SPAM filter I
configured in Gmail, however they are now coming through again. These
spammers are trying to be smart by sending these spam messages from
different domains; they are now coming from
scarlettsofia710182@it.argmx.com
Anyone else getting these?
Thanks.
I haven't received those after posts since June 27. And nothing from
*.argmx.com. But I am getting sex spam from a few Gmail addresses, with
blank subject lines. New, and perhaps related.
On Sat, Jun 9, 2018 at 10:38 PM Roger Dingledine arma@mit.edu wrote:
<SNIP>
Maybe there is a mailman module that lets you send a different
watermarked
mail to each subscriber, or to send mails out with different timing
patterns to do a binary search over the list, in order to discover
which
addresses are triggering the spam? But I don't know of an easy way to
do it.
That would be a bad precedent, I think ;)
Also, I hear from at least one person that some tor-dev subscribers are
getting spams too. :(
Searching for the spam addresses, I found reports from other mail lists.
So it's not just Tor lists.
<SNIP>
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 09/20/2018 09:33 PM, Keifer Bly wrote:
So, for me, it appears that the jerk spammers have advanced, Instead of sending spam to the tor-relays@lists.torproject.org email address, they are now directly sending spam to specific addresses subscribed to the list. I got one today from colemanrosettad@gmail.com, and have been receiving some over the last few days that were sent directly to this email address. I did not think they were related, but the other email addresses the one I received today was also sent to the addresses below, which I believe are addresses that are subscribed to the list. I have reported it to Google via their abuse report email address which is registrar-abuse@google.com, so I will see what they say (and forward it to the list if requested).
I've also been getting sex spam from Gmail addresses. Some of it's from Google Kik users. I reported a bunch to registrar-abuse@google.com, and got this:
| Hi there, | | My team specifically covers Google Domains and questions and issues | that are related to domain names that users have registered using | this service. | Since this issue is unrelated to Google Domains, let me point you | to the right spot to make sure you reach out to the correct team | directly. | | You may report Gmail abuse using this form | https://support.google.com/mail/contact/abuse. | | Thanks, | | The Google Domains Support Team
The other addresses were: johndalton289@gmail.com, and teor2345@gmail.com. I tried attaching a photo of the "to" field but it was rejected due to size limitations.
Just thought I'd give a heads up.
On Thu, Sep 20, 2018 at 9:10 PM Keifer Bly keifer.bly@gmail.com wrote:
So, for me, it appears that the jerk spammers have advanced, Instead of sending spam to the tor-relays@lists.torproject.org email address, they are now directly sending spam to specific addresses subscribed to the list. I got one today from colemanrosettad@gmail.com, and have been receiving some over the last few days that were sent directly to this email address. I did not think they were related, but the other email addresses the one I received today was also sent to the addresses in the attached photo, which I believe are addresses that are subscribed to the list. I have reported it to Google via their abuse report email address which is registrar-abuse@google.com, so I will see what they say (and forward it to the list if requested).
Just thought I'd give a heads up.
On Fri, Jul 13, 2018 at 7:47 PM Keifer Bly keifer.bly@gmail.com wrote:
I looked it up. You can forward the spams that the Gmail address are sending to registrar-abuse@google.com, which reports spam emails and inappropriate content being sent by Gmail users to Google. Try that.
*From: *Mirimir mirimir@riseup.net *Sent: *Friday, July 13, 2018 7:41 PM *To: *tor-relays@lists.torproject.org *Subject: *Re: [tor-relays] Jerk spammers on tor-relays (was Re: Fwd: Tor GuardRelay)
On 07/13/2018 03:07 PM, Keifer Bly wrote:
Dang. I stopped getting them for a while due to the SPAM filter I
configured in Gmail, however they are now coming through again. These
spammers are trying to be smart by sending these spam messages from
different domains; they are now coming from
scarlettsofia710182@it.argmx.com
Anyone else getting these?
Thanks.
I haven't received those after posts since June 27. And nothing from
*.argmx.com. But I am getting sex spam from a few Gmail addresses, with
blank subject lines. New, and perhaps related.
On Sat, Jun 9, 2018 at 10:38 PM Roger Dingledine arma@mit.edu wrote:
<SNIP>
Maybe there is a mailman module that lets you send a different
watermarked
mail to each subscriber, or to send mails out with different timing
patterns to do a binary search over the list, in order to discover
which
addresses are triggering the spam? But I don't know of an easy way to
do it.
That would be a bad precedent, I think ;)
Also, I hear from at least one person that some tor-dev subscribers are
getting spams too. :(
Searching for the spam addresses, I found reports from other mail lists.
So it's not just Tor lists.
<SNIP>
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
It would be fantastic if the list operators were to track this down and kill it off. My guess is that there is an address subscribed which receives the list and triggers the spam to be sent (at least based on seeing this type of thing on a few other lists over the years).
Dave Warren:
It would be fantastic if the list operators were to track this down and kill it off. My guess is that there is an address subscribed which receives the list and triggers the spam to be sent (at least based on seeing this type of thing on a few other lists over the years).
Quirky idea, and totally one I've quietly thought about for a while with various lists...
Especially if we could correlate spam with posts.. but then that can be a lot of work partially because of spam filters.
Spam/UCE is a hard never-ending war.. what you could do with reverse DNS lookups twenty years ago was such a dream.
The smartest option for mailing list participants is to use a separate address for mailing list(s).. if you aren't in a position to control your MTA.
g
On 21.09.18 16:40, Dave Warren wrote:
It would be fantastic if the list operators were to track this down and kill it off.
Imagine an address A subscribed to this mailing list in a read-only fashion (a.k.a. "lurker"). A uses list posts as triggers to send spam from address B, which does not even need to be subscribed. How would the list admins ever be able to connect A to B?
-Ralph
On Fri, 21 Sep 2018 16:57:29 +0000, Ralph Seichter wrote: ...
Imagine an address A subscribed to this mailing list in a read-only fashion (a.k.a. "lurker"). A uses list posts as triggers to send spam from address B, which does not even need to be subscribed. How would the list admins ever be able to connect A to B?
Traffic modulation and analysis. Unfortunately that requires that every spam addressee to respond quickly, and that mails to the subscribers are either selectively suppressed or greatly delayed (both not very acceptable), to correlate resulting spams with list adressees.
Don't want to enumerate obvious countermeasures by spammer here - at the end it still can just resubscribe with a different address.
Probably only acceptably doable by only using postings made by agreeing 'spamtrap' posters, and letting the mailing list randomly delay only those postings.
- Andreas
On 21.09.18 17:43, Andreas Krey wrote:
On Fri, 21 Sep 2018 16:57:29 +0000, Ralph Seichter wrote:
How would the list admins ever be able to connect A to B?
Traffic modulation and analysis. Unfortunately that requires that every spam addressee to respond quickly [...]
I'm not sure what type of spam you are referring to, but when I post to this mailing list I see spamming attempts that are directly targeting my MX, without using the mailing list infrastructure. The list admins would not be able to reliably correlate which subscribed address is "A" even if I shared my mail logs.
-Ralph
On Fri, 21 Sep 2018 18:23:48 +0000, Ralph Seichter wrote: ...
I'm not sure what type of spam you are referring to, but when I post to this mailing list I see spamming attempts that are directly targeting my MX, without using the mailing list infrastructure. The list admins would not be able to reliably correlate which subscribed address is "A" even if I shared my mail logs.
Create a dummy mail address. Make the list server send out mails from that address very slowly at random times to the recipients. See when the spam arrives on the dummy address. Repeat as many times as needed to get sufficient correlation between spam arrival and mail distribution timepoints.
- Andreas
On 09/21/2018 10:50 AM, Andreas Krey wrote:
On Fri, 21 Sep 2018 18:23:48 +0000, Ralph Seichter wrote: ...
I'm not sure what type of spam you are referring to, but when I post to this mailing list I see spamming attempts that are directly targeting my MX, without using the mailing list infrastructure. The list admins would not be able to reliably correlate which subscribed address is "A" even if I shared my mail logs.
Create a dummy mail address. Make the list server send out mails from that address very slowly at random times to the recipients. See when the spam arrives on the dummy address. Repeat as many times as needed to get sufficient correlation between spam arrival and mail distribution timepoints.
- Andreas
Cool idea :)
But then we'd all be getting spammed by those test messages ;)
I don't see that as a great improvement. Sex spam doesn't bother me.
Another alternative is tracking down and killing the spam sources. It'd be a huge project, and maybe a little morally iffy. But as Marv says in "Sin City": "I love hitmen. No matter what you do to them, you don't feel bad." So hey. There are lots of technical folk on these tor lists. There ought to be at least a few who'd enjoy killing some spam servers.
➢ There are lots of technical folk on these tor lists. There ought to be at least a few who'd enjoy killing some spam servers.
What exactly do you mean by “killing them”? If you are referring to forcibly taking the servers offline, that would most likely be illegal. Not to mention an amount of the spamming addresses are using Gmail and Yahoo mail accounts, and we can’t “kill” those sources.
Of course, one approach we could try to get rid of the spammers is the same approach that tor uses to distribute bridge relays (somewhat) as in we all report back to the list email addresses we are currently receiving spam from and then report to the list administrator to block those email addresses. Of course, the fact that the spammers are now attacking our personal email addresses would mean we would have to block the spamming addresses in our email accounts as well. Gmail, as well is I’m sure most to all of the other big name email providers allow to block emails from certain email addresses by creating a filter to automatically delete emails from that email address by going into the settings and filters. This may be a bit of a pain for those running personal mail servers, and I know it is a far from perfect stop, but it is something.
➢ I don't see that as a great improvement. Sex spam doesn't bother me.
The content isn’t “deeply disturbing” me either, but I use this email address and it is annoying to have it getting spam. And the spammers are being smart to bypass email providers spam filters by sending them from email domains that are legitimate email providers (gmail.com, yahoo.com, etc).
What do you all think of this solution? From: Mirimir Sent: Friday, September 21, 2018 11:47 AM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Jerk spammers on tor-relays
On 09/21/2018 10:50 AM, Andreas Krey wrote:
On Fri, 21 Sep 2018 18:23:48 +0000, Ralph Seichter wrote: ...
I'm not sure what type of spam you are referring to, but when I post to this mailing list I see spamming attempts that are directly targeting my MX, without using the mailing list infrastructure. The list admins would not be able to reliably correlate which subscribed address is "A" even if I shared my mail logs.
Create a dummy mail address. Make the list server send out mails from that address very slowly at random times to the recipients. See when the spam arrives on the dummy address. Repeat as many times as needed to get sufficient correlation between spam arrival and mail distribution timepoints.
- Andreas
Cool idea :)
But then we'd all be getting spammed by those test messages ;)
I don't see that as a great improvement. Sex spam doesn't bother me.
Another alternative is tracking down and killing the spam sources. It'd be a huge project, and maybe a little morally iffy. But as Marv says in "Sin City": "I love hitmen. No matter what you do to them, you don't feel bad." So hey. There are lots of technical folk on these tor lists. There ought to be at least a few who'd enjoy killing some spam servers. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I just had another thought. Is it possible to block certain keywords on the list? I just thought one thing that could be worth doing is filtering emails sent to the list that contain words like "sex", cusswords and words that are names of body parts, etc. Again this wouldn't do much in terms of them attacking our personal email addresses :-(.
On Fri, Sep 21, 2018 at 1:25 PM Keifer Bly keifer.bly@gmail.com wrote:
- There are lots of technical folk on these tor lists.
There ought to be at least a few who'd enjoy killing some spam servers.
What exactly do you mean by “killing them”? If you are referring to forcibly taking the servers offline, that would most likely be illegal. Not to mention an amount of the spamming addresses are using Gmail and Yahoo mail accounts, and we can’t “kill” those sources.
Of course, one approach we could try to get rid of the spammers is the same approach that tor uses to distribute bridge relays (somewhat) as in we all report back to the list email addresses we are currently receiving spam from and then report to the list administrator to block those email addresses. Of course, the fact that the spammers are now attacking our personal email addresses would mean we would have to block the spamming addresses in our email accounts as well. Gmail, as well is I’m sure most to all of the other big name email providers allow to block emails from certain email addresses by creating a filter to automatically delete emails from that email address by going into the settings and filters. This may be a bit of a pain for those running personal mail servers, and I know it is a far from perfect stop, but it is something.
- I don't see that as a great improvement. Sex spam doesn't bother me.
The content isn’t “deeply disturbing” me either, but I use this email address and it is annoying to have it getting spam. And the spammers are being smart to bypass email providers spam filters by sending them from email domains that are legitimate email providers (gmail.com, yahoo.com, etc).
What do you all think of this solution?
*From: *Mirimir mirimir@riseup.net *Sent: *Friday, September 21, 2018 11:47 AM *To: *tor-relays@lists.torproject.org *Subject: *Re: [tor-relays] Jerk spammers on tor-relays
On 09/21/2018 10:50 AM, Andreas Krey wrote:
On Fri, 21 Sep 2018 18:23:48 +0000, Ralph Seichter wrote:
...
I'm not sure what type of spam you are referring to, but when I post to
this mailing list I see spamming attempts that are directly targeting my
MX, without using the mailing list infrastructure. The list admins would
not be able to reliably correlate which subscribed address is "A" even
if I shared my mail logs.
Create a dummy mail address. Make the list server send out mails from
that address very slowly at random times to the recipients. See when
the spam arrives on the dummy address. Repeat as many times as needed
to get sufficient correlation between spam arrival and mail distribution
timepoints.
- Andreas
Cool idea :)
But then we'd all be getting spammed by those test messages ;)
I don't see that as a great improvement. Sex spam doesn't bother me.
Another alternative is tracking down and killing the spam sources. It'd
be a huge project, and maybe a little morally iffy. But as Marv says in
"Sin City": "I love hitmen. No matter what you do to them, you don't
feel bad." So hey. There are lots of technical folk on these tor lists.
There ought to be at least a few who'd enjoy killing some spam servers.
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I use Google’s G Suite with my personal domain name for email. They let you drop emails or send them to spam if they contain certain words or phrases. Beyond that disable conversation view and press report spam on the individual emails and hope the spam filter improves to the point you no longer get these emails.
On Fri, Sep 21, 2018 at 4:41 PM Keifer Bly keifer.bly@gmail.com wrote:
I just had another thought. Is it possible to block certain keywords on the list? I just thought one thing that could be worth doing is filtering emails sent to the list that contain words like "sex", cusswords and words that are names of body parts, etc. Again this wouldn't do much in terms of them attacking our personal email addresses :-(.
On Fri, Sep 21, 2018 at 1:25 PM Keifer Bly keifer.bly@gmail.com wrote:
- There are lots of technical folk on these tor lists.
There ought to be at least a few who'd enjoy killing some spam servers.
What exactly do you mean by “killing them”? If you are referring to forcibly taking the servers offline, that would most likely be illegal. Not to mention an amount of the spamming addresses are using Gmail and Yahoo mail accounts, and we can’t “kill” those sources.
Of course, one approach we could try to get rid of the spammers is the same approach that tor uses to distribute bridge relays (somewhat) as in we all report back to the list email addresses we are currently receiving spam from and then report to the list administrator to block those email addresses. Of course, the fact that the spammers are now attacking our personal email addresses would mean we would have to block the spamming addresses in our email accounts as well. Gmail, as well is I’m sure most to all of the other big name email providers allow to block emails from certain email addresses by creating a filter to automatically delete emails from that email address by going into the settings and filters. This may be a bit of a pain for those running personal mail servers, and I know it is a far from perfect stop, but it is something.
- I don't see that as a great improvement. Sex spam doesn't bother me.
The content isn’t “deeply disturbing” me either, but I use this email address and it is annoying to have it getting spam. And the spammers are being smart to bypass email providers spam filters by sending them from email domains that are legitimate email providers (gmail.com, yahoo.com, etc).
What do you all think of this solution?
*From: *Mirimir mirimir@riseup.net *Sent: *Friday, September 21, 2018 11:47 AM *To: *tor-relays@lists.torproject.org *Subject: *Re: [tor-relays] Jerk spammers on tor-relays
On 09/21/2018 10:50 AM, Andreas Krey wrote:
On Fri, 21 Sep 2018 18:23:48 +0000, Ralph Seichter wrote:
...
I'm not sure what type of spam you are referring to, but when I post to
this mailing list I see spamming attempts that are directly targeting
my
MX, without using the mailing list infrastructure. The list admins
would
not be able to reliably correlate which subscribed address is "A" even
if I shared my mail logs.
Create a dummy mail address. Make the list server send out mails from
that address very slowly at random times to the recipients. See when
the spam arrives on the dummy address. Repeat as many times as needed
to get sufficient correlation between spam arrival and mail distribution
timepoints.
- Andreas
Cool idea :)
But then we'd all be getting spammed by those test messages ;)
I don't see that as a great improvement. Sex spam doesn't bother me.
Another alternative is tracking down and killing the spam sources. It'd
be a huge project, and maybe a little morally iffy. But as Marv says in
"Sin City": "I love hitmen. No matter what you do to them, you don't
feel bad." So hey. There are lots of technical folk on these tor lists.
There ought to be at least a few who'd enjoy killing some spam servers.
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 09/21/2018 01:40 PM, Keifer Bly wrote:
I just had another thought. Is it possible to block certain keywords on the list? I just thought one thing that could be worth doing is filtering emails sent to the list that contain words like "sex", cusswords and words that are names of body parts, etc. Again this wouldn't do much in terms of them attacking our personal email addresses :-(.
Those spam messages aren't going through the list server. They just use subject lines from list messages, and reply by Message-ID. For example, one of my recent posts to tor-talk:
Message-ID: 382f20c5-fe74-49d4-0f0f-1e5a35fd8d98@riseup.net
And the triggered spam:
Message-ID: 664f41dc19a32065d9acce123812367c@app09.jetlumen.com In-Reply-To: 382f20c5-fe74-49d4-0f0f-1e5a35fd8d98@riseup.net
And the pre-Riseup routing headers:
Received: from m41.bytekeys.com (m41.bytekeys.com [107.189.161.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 \ (256/256 bits)) (Client did not present a certificate) by mx1.riseup.net (Postfix) with ESMTPS id 561A81A1A74 for mirimir@riseup.net; Wed, 12 Sep 2018 12:22:55 -0700 (PDT) Received: from app09.jetlumen.com (unknown [107.167.93.24]) by m41.bytekeys.com (Postfix) with ESMTPSA id 1552022B4C for mirimir@riseup.net; Wed, 12 Sep 2018 18:48:53 +0000 (UTC)
No header contains "*.torproject.org".
On Fri, Sep 21, 2018 at 1:25 PM Keifer Bly keifer.bly@gmail.com wrote:
- There are lots of technical folk on these tor lists.
There ought to be at least a few who'd enjoy killing some spam servers.
What exactly do you mean by “killing them”? If you are referring to forcibly taking the servers offline, that would most likely be illegal. Not to mention an amount of the spamming addresses are using Gmail and Yahoo mail accounts, and we can’t “kill” those sources.
Of course, one approach we could try to get rid of the spammers is the same approach that tor uses to distribute bridge relays (somewhat) as in we all report back to the list email addresses we are currently receiving spam from and then report to the list administrator to block those email addresses. Of course, the fact that the spammers are now attacking our personal email addresses would mean we would have to block the spamming addresses in our email accounts as well. Gmail, as well is I’m sure most to all of the other big name email providers allow to block emails from certain email addresses by creating a filter to automatically delete emails from that email address by going into the settings and filters. This may be a bit of a pain for those running personal mail servers, and I know it is a far from perfect stop, but it is something.
- I don't see that as a great improvement. Sex spam doesn't bother me.
The content isn’t “deeply disturbing” me either, but I use this email address and it is annoying to have it getting spam. And the spammers are being smart to bypass email providers spam filters by sending them from email domains that are legitimate email providers (gmail.com, yahoo.com, etc).
What do you all think of this solution?
*From: *Mirimir mirimir@riseup.net *Sent: *Friday, September 21, 2018 11:47 AM *To: *tor-relays@lists.torproject.org *Subject: *Re: [tor-relays] Jerk spammers on tor-relays
On 09/21/2018 10:50 AM, Andreas Krey wrote:
On Fri, 21 Sep 2018 18:23:48 +0000, Ralph Seichter wrote:
...
I'm not sure what type of spam you are referring to, but when I post to
this mailing list I see spamming attempts that are directly targeting my
MX, without using the mailing list infrastructure. The list admins would
not be able to reliably correlate which subscribed address is "A" even
if I shared my mail logs.
Create a dummy mail address. Make the list server send out mails from
that address very slowly at random times to the recipients. See when
the spam arrives on the dummy address. Repeat as many times as needed
to get sufficient correlation between spam arrival and mail distribution
timepoints.
- Andreas
Cool idea :)
But then we'd all be getting spammed by those test messages ;)
I don't see that as a great improvement. Sex spam doesn't bother me.
Another alternative is tracking down and killing the spam sources. It'd
be a huge project, and maybe a little morally iffy. But as Marv says in
"Sin City": "I love hitmen. No matter what you do to them, you don't
feel bad." So hey. There are lots of technical folk on these tor lists.
There ought to be at least a few who'd enjoy killing some spam servers.
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 09/21/2018 01:24 PM, Keifer Bly wrote:
➢ There are lots of technical folk on these tor lists. There ought to be at least a few who'd enjoy killing some spam servers.
What exactly do you mean by “killing them”? If you are referring to forcibly taking the servers offline, that would most likely be illegal.
As Marv says, "I love hitmen. No matter what you do to them, you don't feel bad." So I don't care so much about "illegal". Indeed, there is effectively no law that protects us from jerks like this. Maybe they're just sex spammers, but you gotta treat them like malicious attackers, because they might be. That's especially so because they're targeting Tor Project lists. So it comes down to the right of self-defense.
Not to mention an amount of the spamming addresses are using Gmail and Yahoo mail accounts, and we can’t “kill” those sources.
Sure. For those, you just keep filing abuse reports. Just automate it, so every message triggers a report. If enough list members do that, there'll be lots of abuse reports.
<SNIP>
I do agree. I had said before that this could possibly be an attempted attack on the network by trying to infect relay operators machines with spyware, etc.
Sure. For those, you just keep filing abuse reports. Just automate it,
so every message triggers a report. If enough list members do that, there'll be lots of abuse reports.
How would you suggest we do that? thank you.
On Fri, Sep 21, 2018 at 2:35 PM Mirimir mirimir@riseup.net wrote:
On 09/21/2018 01:24 PM, Keifer Bly wrote:
➢ There are lots of technical folk on these tor lists. There ought to be at least a few who'd enjoy killing some spam servers.
What exactly do you mean by “killing them”? If you are referring to
forcibly taking the servers offline, that would most likely be illegal.
As Marv says, "I love hitmen. No matter what you do to them, you don't feel bad." So I don't care so much about "illegal". Indeed, there is effectively no law that protects us from jerks like this. Maybe they're just sex spammers, but you gotta treat them like malicious attackers, because they might be. That's especially so because they're targeting Tor Project lists. So it comes down to the right of self-defense.
Not to mention an amount of the spamming addresses are using Gmail and
Yahoo mail accounts, and we can’t “kill” those sources.
Sure. For those, you just keep filing abuse reports. Just automate it, so every message triggers a report. If enough list members do that, there'll be lots of abuse reports.
<SNIP> _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 09/21/2018 02:42 PM, Keifer Bly wrote:
I do agree. I had said before that this could possibly be an attempted attack on the network by trying to infect relay operators machines with spyware, etc.
Sure. For those, you just keep filing abuse reports. Just automate it,
so every message triggers a report. If enough list members do that, there'll be lots of abuse reports.
How would you suggest we do that? thank you.
First you get all of the spam from addresses. I did that by exporting from Thunderbird to text files, and then using grep to grab all of the "From:" lines. Then I massaged the data in gnumeric, to pull unique "foo@bar.baz". I have 43 so far, and 65% are Gmail.
In Thunderbird, one can create a filter on Inbox that selects messages by from address, forwards them somewhere, and then puts them wherever you like, or deletes them. So you configure a filter for each one, and forward messages to the appropriate abuse address.
On Fri, Sep 21, 2018 at 2:35 PM Mirimir mirimir@riseup.net wrote:
On 09/21/2018 01:24 PM, Keifer Bly wrote:
➢ There are lots of technical folk on these tor lists. There ought to be at least a few who'd enjoy killing some spam servers.
What exactly do you mean by “killing them”? If you are referring to
forcibly taking the servers offline, that would most likely be illegal.
As Marv says, "I love hitmen. No matter what you do to them, you don't feel bad." So I don't care so much about "illegal". Indeed, there is effectively no law that protects us from jerks like this. Maybe they're just sex spammers, but you gotta treat them like malicious attackers, because they might be. That's especially so because they're targeting Tor Project lists. So it comes down to the right of self-defense.
Not to mention an amount of the spamming addresses are using Gmail and
Yahoo mail accounts, and we can’t “kill” those sources.
Sure. For those, you just keep filing abuse reports. Just automate it, so every message triggers a report. If enough list members do that, there'll be lots of abuse reports.
<SNIP> _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
In Thunderbird, one can create a filter on Inbox that selects messages
by from address, forwards them somewhere, and then puts them wherever you like, or deletes them. So you configure a filter for each one, and forward messages to the appropriate abuse address.
Yes, Gmail allows to create filters to automatically forward emails from certain email addresses to other email addresses. But what would be an appropriate way to forward the spamming addresses to the Google and Yahoo abuse teams without reporting legitimate contacts using Gmail and Yahoo addresses? I guess we could create a filter that if it has the word sex in it, then it will forward it to the Google or Yahoo account abuse team, but unfortunately, upon looking into it, neither google nor yahoo have email addreses to report spamming accounts to, only their forms at https://support.google.com/mail/contact/abuse?hl=en and https://io.help.yahoo.com/contact/index?y=PROD_MAIL_ML&token=w5FCchB1dWF... ,
Dang, if only yahoo and google had an email adress to forward sappming addresses to, then I suggested we could try create filters in our email accounts to forward the spam emails to. What else could we do?
On Fri, Sep 21, 2018 at 4:33 PM Mirimir mirimir@riseup.net wrote:
On 09/21/2018 02:42 PM, Keifer Bly wrote:
I do agree. I had said before that this could possibly be an attempted attack on the network by trying to infect relay operators machines with spyware, etc.
Sure. For those, you just keep filing abuse reports. Just automate it,
so every message triggers a report. If enough list members do that, there'll be lots of abuse reports.
How would you suggest we do that? thank you.
First you get all of the spam from addresses. I did that by exporting from Thunderbird to text files, and then using grep to grab all of the "From:" lines. Then I massaged the data in gnumeric, to pull unique "foo@bar.baz". I have 43 so far, and 65% are Gmail.
In Thunderbird, one can create a filter on Inbox that selects messages by from address, forwards them somewhere, and then puts them wherever you like, or deletes them. So you configure a filter for each one, and forward messages to the appropriate abuse address.
On Fri, Sep 21, 2018 at 2:35 PM Mirimir mirimir@riseup.net wrote:
On 09/21/2018 01:24 PM, Keifer Bly wrote:
➢ There are lots of technical folk on these tor lists. There ought to be at least a few who'd enjoy killing some spam servers.
What exactly do you mean by “killing them”? If you are referring to
forcibly taking the servers offline, that would most likely be illegal.
As Marv says, "I love hitmen. No matter what you do to them, you don't feel bad." So I don't care so much about "illegal". Indeed, there is effectively no law that protects us from jerks like this. Maybe they're just sex spammers, but you gotta treat them like malicious attackers, because they might be. That's especially so because they're targeting Tor Project lists. So it comes down to the right of self-defense.
Not to mention an amount of the spamming addresses are using Gmail and
Yahoo mail accounts, and we can’t “kill” those sources.
Sure. For those, you just keep filing abuse reports. Just automate it, so every message triggers a report. If enough list members do that, there'll be lots of abuse reports.
<SNIP> _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 09/21/2018 05:17 PM, Keifer Bly wrote:
In Thunderbird, one can create a filter on Inbox that selects messages
by from address, forwards them somewhere, and then puts them wherever you like, or deletes them. So you configure a filter for each one, and forward messages to the appropriate abuse address.
Yes, Gmail allows to create filters to automatically forward emails from certain email addresses to other email addresses. But what would be an appropriate way to forward the spamming addresses to the Google and Yahoo abuse teams without reporting legitimate contacts using Gmail and Yahoo addresses?
You need a separate filter for each spam address. So one filter would grab messages from "aayushinfo132@gmail.com" and forward them to Google abuse. Another for "alisteraustin037@gmail.com" would do the same. But ones for "brisasarai235@yahoo.com" and "donaghy.kelly@yahoo.com" would go to Yahoo abuse. And so on. And whenever you got sex spam from a new address, you create a filter for that. It can probably be at least partially automated.
I guess we could create a filter that if it has the word sex in it, then it will forward it to the Google or Yahoo account abuse team, but unfortunately, upon looking into it, neither google nor yahoo have email addreses to report spamming accounts to, only their forms at https://support.google.com/mail/contact/abuse?hl=en and https://io.help.yahoo.com/contact/index?y=PROD_MAIL_ML&token=w5FCchB1dWF... ,
You might be able to dump your spam into an iMacros (or whatever) browser script that completed those forms.
Dang, if only yahoo and google had an email adress to forward sappming addresses to, then I suggested we could try create filters in our email accounts to forward the spam emails to. What else could we do?
Well, Google does -- registrar-abuse@google.com -- but staff monitoring it got tired of all my forwarded spam, and told me to use the form ;) But that's too much work. Maybe I'll see if I can script it.
On Fri, Sep 21, 2018 at 4:33 PM Mirimir mirimir@riseup.net wrote:
On 09/21/2018 02:42 PM, Keifer Bly wrote:
I do agree. I had said before that this could possibly be an attempted attack on the network by trying to infect relay operators machines with spyware, etc.
Sure. For those, you just keep filing abuse reports. Just automate it,
so every message triggers a report. If enough list members do that, there'll be lots of abuse reports.
How would you suggest we do that? thank you.
First you get all of the spam from addresses. I did that by exporting from Thunderbird to text files, and then using grep to grab all of the "From:" lines. Then I massaged the data in gnumeric, to pull unique "foo@bar.baz". I have 43 so far, and 65% are Gmail.
In Thunderbird, one can create a filter on Inbox that selects messages by from address, forwards them somewhere, and then puts them wherever you like, or deletes them. So you configure a filter for each one, and forward messages to the appropriate abuse address.
On Fri, Sep 21, 2018 at 2:35 PM Mirimir mirimir@riseup.net wrote:
On 09/21/2018 01:24 PM, Keifer Bly wrote:
➢ There are lots of technical folk on these tor lists. There ought to be at least a few who'd enjoy killing some spam servers.
What exactly do you mean by “killing them”? If you are referring to
forcibly taking the servers offline, that would most likely be illegal.
As Marv says, "I love hitmen. No matter what you do to them, you don't feel bad." So I don't care so much about "illegal". Indeed, there is effectively no law that protects us from jerks like this. Maybe they're just sex spammers, but you gotta treat them like malicious attackers, because they might be. That's especially so because they're targeting Tor Project lists. So it comes down to the right of self-defense.
Not to mention an amount of the spamming addresses are using Gmail and
Yahoo mail accounts, and we can’t “kill” those sources.
Sure. For those, you just keep filing abuse reports. Just automate it, so every message triggers a report. If enough list members do that, there'll be lots of abuse reports.
<SNIP> _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 09/21/2018 04:33 PM, Mirimir wrote:
<SNIP>
First you get all of the spam from addresses. I did that by exporting from Thunderbird to text files, and then using grep to grab all of the "From:" lines. Then I massaged the data in gnumeric, to pull unique "foo@bar.baz". I have 43 so far, and 65% are Gmail.
The list is at https://keybase.pub/mirimir/tor-sex-spam-from.txt :)
<SNIP>
On 21.09.18 19:50, Andreas Krey wrote:
Create a dummy mail address. Make the list server send out mails from that address very slowly at random times to the recipients.
Ah, now you're changing the whole situation. We were talking about using existing ("real") subscribers, and relying on them passing information to the list admins. You wrote yourself: "Unfortunately that requires that every spam addressee to respond quickly".
If you're changing the game, then let me put on my (purely fictional) spammer hat to see where that gets us. :-) Let's imagine I'll subscribe not only a single trigger account A, but a set A1-An. I only react to list posts once a random subset of m <= n accounts (with m varying over time) has received any particular message. Messages can be uniquely identified after all. Also, I can add random delays before spamming, and/or spam after collecting a randomly varying number of addresses before sending out a batch of spam.
That's just what immediately comes to my mind, I'm sure there are more effective methods of erasing one's tracks. The long and short of it is, in my opinion, that all spam recipients need to implement their own spam detection/prevention, and that the mailing list admins would have a very hard time trying to identify spammers when the originating address is not a list subscriber.
-Ralph
On 2018-09-21 08:57, Ralph Seichter wrote:
On 21.09.18 16:40, Dave Warren wrote:
It would be fantastic if the list operators were to track this down and kill it off.
Imagine an address A subscribed to this mailing list in a read-only fashion (a.k.a. "lurker"). A uses list posts as triggers to send spam from address B, which does not even need to be subscribed. How would the list admins ever be able to connect A to B?
Send a message through the list's outbound SMTP server that looks like a list message, but comes from bob-$identifier@some-domain.example where $identifier is unique to each post.
Then wait a bit and see what address receives spam, determine which address received the message and deal with it.
On 09/21/2018 08:32 PM, Dave Warren wrote:
On 2018-09-21 08:57, Ralph Seichter wrote:
On 21.09.18 16:40, Dave Warren wrote:
It would be fantastic if the list operators were to track this down and kill it off.
Imagine an address A subscribed to this mailing list in a read-only fashion (a.k.a. "lurker"). A uses list posts as triggers to send spam from address B, which does not even need to be subscribed. How would the list admins ever be able to connect A to B?
Send a message through the list's outbound SMTP server that looks like a list message, but comes from bob-$identifier@some-domain.example where $identifier is unique to each post.
Then wait a bit and see what address receives spam, determine which address received the message and deal with it.
That's a bit creepy, no?
It's come up before around this issue, as I recall.
I will report back with the addresses if I receive any more of them. FYI, the other gmail addresses I have received spam from are
whitegirl7709@gmail.com
michellebaker56315@gmail.com
scalphunter46@googlemail.com
trackkocolline@gmail.com
elmerlamagna@gmail.com
pippaavery00@gmail.com
So yes, to fellow peeps getting spammed, block these email addresses as well. Surprised as Gmail is usually really good at blocking spam.
From: Mirimir Sent: Friday, September 21, 2018 8:45 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Jerk spammers on tor-relays
On 09/21/2018 08:32 PM, Dave Warren wrote:
On 2018-09-21 08:57, Ralph Seichter wrote:
On 21.09.18 16:40, Dave Warren wrote:
It would be fantastic if the list operators were to track this down and kill it off.
Imagine an address A subscribed to this mailing list in a read-only fashion (a.k.a. "lurker"). A uses list posts as triggers to send spam from address B, which does not even need to be subscribed. How would the list admins ever be able to connect A to B?
Send a message through the list's outbound SMTP server that looks like a list message, but comes from bob-$identifier@some-domain.example where $identifier is unique to each post.
Then wait a bit and see what address receives spam, determine which address received the message and deal with it.
That's a bit creepy, no?
It's come up before around this issue, as I recall. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 2018-09-22 06:24, Ralph Seichter wrote:
On 22.09.18 05:32, Dave Warren wrote:
Send a message through the list's outbound SMTP server that looks like a list message [...]
Why this won't work has already been discussed. Please check earlier messages in this thread.
Can you point it out? I don't see anything obvious that addresses my approach (only the approach of sending a message from a consistent address out slowly, which has several obvious flaws).
On 24.09.18 02:12, Dave Warren wrote:
I don't see anything obvious that addresses my approach (only the approach of sending a message from a consistent address out slowly, which has several obvious flaws).
Messages are already uniquely identifiable, and your approach is just a variation of the method Andreas described. While it bundles spamtraps, it is still just as easily avoided using trigger address sets in the manner I mentioned before.
-Ralph
On 09/24/2018 06:49 AM, Ralph Seichter wrote:
On 24.09.18 02:12, Dave Warren wrote:
I don't see anything obvious that addresses my approach (only the approach of sending a message from a consistent address out slowly, which has several obvious flaws).
Messages are already uniquely identifiable, and your approach is just a variation of the method Andreas described. While it bundles spamtraps, it is still just as easily avoided using trigger address sets in the manner I mentioned before.
-Ralph
Maybe I misunderstood the proposal. Or unconsciously embellished it.
I was thinking that there'd be a set of Tor Project honeypot accounts, with the same apparent account (e.g., Jay Baker). But in fact, there would be a distinctly identifiable "hidden key" for each subscriber of each list. Periodically, the set of honeypot accounts would send innocuous messages to the Tor lists.
So let's say that Jay Baker instance with hidden key "Aj0qAU3Dc7PJzK" had sent a list message to just one subscriber. And then it received sex spam. That would arguably implicate that subscriber in the spamming operation. No? And then that subscriber would be unsubscribed.
Of course, any sane spammer would use throwaway accounts. And they'd just replace them as needed. However, once the system were operating, new subscriptions could be correlated with subscription removals. Perhaps subscription removals could be done in batches, to make that more obvious.
But of course, that would be just too creepy.
Just a heads up, this address is sending spam now.
zufoeowi90754@gmail.com
From: Mirimir Sent: Monday, September 24, 2018 4:24 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Jerk spammers on tor-relays
On 09/24/2018 06:49 AM, Ralph Seichter wrote:
On 24.09.18 02:12, Dave Warren wrote:
I don't see anything obvious that addresses my approach (only the approach of sending a message from a consistent address out slowly, which has several obvious flaws).
Messages are already uniquely identifiable, and your approach is just a variation of the method Andreas described. While it bundles spamtraps, it is still just as easily avoided using trigger address sets in the manner I mentioned before.
-Ralph
Maybe I misunderstood the proposal. Or unconsciously embellished it.
I was thinking that there'd be a set of Tor Project honeypot accounts, with the same apparent account (e.g., Jay Baker). But in fact, there would be a distinctly identifiable "hidden key" for each subscriber of each list. Periodically, the set of honeypot accounts would send innocuous messages to the Tor lists.
So let's say that Jay Baker instance with hidden key "Aj0qAU3Dc7PJzK" had sent a list message to just one subscriber. And then it received sex spam. That would arguably implicate that subscriber in the spamming operation. No? And then that subscriber would be unsubscribed.
Of course, any sane spammer would use throwaway accounts. And they'd just replace them as needed. However, once the system were operating, new subscriptions could be correlated with subscription removals. Perhaps subscription removals could be done in batches, to make that more obvious.
But of course, that would be just too creepy. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I looked at the headers of the spam, and they appear to originate from Google servers:
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::541; helo=mail-ed1-x541.google.com; envelope-from=msadema370@gmail.com; receiver=<UNKNOWN> Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) by box.neelc.org (Postfix) with ESMTPS id C493624C096 for neel@neelc.org; Sun, 30 Sep 2018 18:09:46 -0400 (EDT) Received: by mail-ed1-x541.google.com with SMTP id h4-v6so12466903edi.6 for neel@neelc.org; Sun, 30 Sep 2018 15:09:47 -0700 (PDT)
So Google killed something as useful as domain fronting but not stop spammers from using Gmail to send spam to mailing list subscribers.
I also get spam from FreeBSD's mailing lists, but those are mainly advertising emails for things like web/logo design, marketing, etc. that I have no interest in.
Thanks,
Neel Chauhan
===
September 28, 2018 11:14 PM, "Keifer Bly" keifer.bly@gmail.com wrote:
Just a heads up, this address is sending spam now.
zufoeowi90754@gmail.com
From: Mirimir Sent: Monday, September 24, 2018 4:24 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Jerk spammers on tor-relays On 09/24/2018 06:49 AM, Ralph Seichter wrote:
On 24.09.18 02:12, Dave Warren wrote:
I don't see anything obvious that addresses my approach (only the
approach of sending a message from a consistent address out slowly,
which has several obvious flaws).
Messages are already uniquely identifiable, and your approach is just a
variation of the method Andreas described. While it bundles spamtraps,
it is still just as easily avoided using trigger address sets in the
manner I mentioned before.
-Ralph
Maybe I misunderstood the proposal. Or unconsciously embellished it.
I was thinking that there'd be a set of Tor Project honeypot accounts,
with the same apparent account (e.g., Jay Baker). But in fact, there
would be a distinctly identifiable "hidden key" for each subscriber of
each list. Periodically, the set of honeypot accounts would send
innocuous messages to the Tor lists.
So let's say that Jay Baker instance with hidden key "Aj0qAU3Dc7PJzK"
had sent a list message to just one subscriber. And then it received sex
spam. That would arguably implicate that subscriber in the spamming
operation. No? And then that subscriber would be unsubscribed.
Of course, any sane spammer would use throwaway accounts. And they'd
just replace them as needed. However, once the system were operating,
new subscriptions could be correlated with subscription removals.
Perhaps subscription removals could be done in batches, to make that
more obvious.
But of course, that would be just too creepy.
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Andreas Krey -
Dave Warren -
George -
Keifer Bly -
Mirimir -
Nathaniel Suchy -
neel@neelc.org -
Ralph Seichter