[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Jerk spammers on tor-relays

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Jerk spammers on tor-relays
From: neel@xxxxxxxxx
Date: Mon, 01 Oct 2018 19:26:41 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 01 Oct 2018 16:22:18 -0400
In-reply-to: <5baeee1a.1c69fb81.96e02.94b2@mx.google.com>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5baeee1a.1c69fb81.96e02.94b2@mx.google.com> <5b182b2c.1c69fb81.390f6.f0ea@mx.google.com> <f260788a-f4d5-e0d2-3535-46f2318af820@riseup.net> <CADqUGAOohu2oqAHSyGRFf8ECsP=eHvsH=X_fg_=OMZy1DSYDGA@mail.gmail.com> <a0092c3b-8e29-ef7e-ac03-bff34b5fc52a@riseup.net> <5b1c7d0c.1c69fb81.ecb1c.da69@mx.google.com> <20180610053818.GD8138@moria.seul.org> <CADqUGANCot_6SZF5H=pKkOziNyNDhqUBEQoVxQreZ+anWEv4kw@mail.gmail.com> <b1c1f27d-445e-fe77-5dbe-1339744113e3@riseup.net> <5b496440.1c69fb81.07ba.c1b7@mx.google.com> <CADqUGAP8Egb7vWdZQBVjn41-bnVFrfa324pCPDs6F5Oo++PxCw@mail.gmail.com> <CADqUGAOE=75FfgeA444MCr5prNT24mJDF8op61H1x-Hrxkbz5g@mail.gmail.com> <71354e12-5875-1347-caa0-bbce21db22cf@riseup.net> <1537540811.445943.1516102176.15B323E7@webmail.messagingengine.com> <7e72b684-280e-eb19-7562-4bfa2d1fa8d4@monksofcool.net> <b31f24a9-e253-d896-f517-6daf47c291b2@thedave.ca> <52bfc239-5789-143e-1852-f60f841b4ce2@monksofcool.net> <cf3da93b-c414-576c-99fe-77ae5cb2c637@thedave.ca> <d9400f26-314e-7d38-dc58-1137e9106238@monksofcool.net> <d9facf31-fed0-a0b0-90b2-d89b9e76e575@riseup.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

I looked at the headers of the spam, and they appear to originate from Google servers:

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::541;
helo=mail-ed1-x541.google.com; envelope-from=msadema370@xxxxxxxxx; receiver=<UNKNOWN> 
Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541])
by box.neelc.org (Postfix) with ESMTPS id C493624C096
for <neel@xxxxxxxxx>; Sun, 30 Sep 2018 18:09:46 -0400 (EDT)
Received: by mail-ed1-x541.google.com with SMTP id h4-v6so12466903edi.6
for <neel@xxxxxxxxx>; Sun, 30 Sep 2018 15:09:47 -0700 (PDT)

So Google killed something as useful as domain fronting but not stop spammers from using Gmail to
send spam to mailing list subscribers.

I also get spam from FreeBSD's mailing lists, but those are mainly advertising emails for things
like web/logo design, marketing, etc. that I have no interest in.

Thanks,

Neel Chauhan

===

https://www.neelc.org/

September 28, 2018 11:14 PM, "Keifer Bly" <keifer.bly@xxxxxxxxx> wrote:

> Just a heads up, this address is sending spam now.
> 
> zufoeowi90754@xxxxxxxxx
> 
> From: Mirimir
> Sent: Monday, September 24, 2018 4:24 PM
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-relays] Jerk spammers on tor-relays
> On 09/24/2018 06:49 AM, Ralph Seichter wrote:
> 
>> On 24.09.18 02:12, Dave Warren wrote:
> 
>> 
> 
> I don't see anything obvious that addresses my approach (only the
> 
> approach of sending a message from a consistent address out slowly,
> 
> which has several obvious flaws).
> 
>> 
> 
>> Messages are already uniquely identifiable, and your approach is just a
> 
>> variation of the method Andreas described. While it bundles spamtraps,
> 
>> it is still just as easily avoided using trigger address sets in the
> 
>> manner I mentioned before.
> 
>> 
> 
>> -Ralph
> 
> Maybe I misunderstood the proposal. Or unconsciously embellished it.
> 
> I was thinking that there'd be a set of Tor Project honeypot accounts,
> 
> with the same apparent account (e.g., Jay Baker). But in fact, there
> 
> would be a distinctly identifiable "hidden key" for each subscriber of
> 
> each list. Periodically, the set of honeypot accounts would send
> 
> innocuous messages to the Tor lists.
> 
> So let's say that Jay Baker instance with hidden key "Aj0qAU3Dc7PJzK"
> 
> had sent a list message to just one subscriber. And then it received sex
> 
> spam. That would arguably implicate that subscriber in the spamming
> 
> operation. No? And then that subscriber would be unsubscribed.
> 
> Of course, any sane spammer would use throwaway accounts. And they'd
> 
> just replace them as needed. However, once the system were operating,
> 
> new subscriptions could be correlated with subscription removals.
> 
> Perhaps subscription removals could be done in batches, to make that
> 
> more obvious.
> 
> But of course, that would be just too creepy.
> 
> _______________________________________________
> 
> tor-relays mailing list
> 
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Prev by Author: [tor-relays] Documentation on hardening Debian and Tor Bridge?
Next by Author: Re: [tor-relays] 35C3 Leipzig Voucher
Next by thread: [tor-relays] relay and bridge on the same IP
Index(es):
- Author
- Thread