I looked at the headers of the spam, and they appear to originate from Google servers:
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::541; helo=mail-ed1-x541.google.com; envelope-from=msadema370@gmail.com; receiver=<UNKNOWN> Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) by box.neelc.org (Postfix) with ESMTPS id C493624C096 for neel@neelc.org; Sun, 30 Sep 2018 18:09:46 -0400 (EDT) Received: by mail-ed1-x541.google.com with SMTP id h4-v6so12466903edi.6 for neel@neelc.org; Sun, 30 Sep 2018 15:09:47 -0700 (PDT)
So Google killed something as useful as domain fronting but not stop spammers from using Gmail to send spam to mailing list subscribers.
I also get spam from FreeBSD's mailing lists, but those are mainly advertising emails for things like web/logo design, marketing, etc. that I have no interest in.
Thanks,
Neel Chauhan
===
September 28, 2018 11:14 PM, "Keifer Bly" keifer.bly@gmail.com wrote:
Just a heads up, this address is sending spam now.
zufoeowi90754@gmail.com
From: Mirimir Sent: Monday, September 24, 2018 4:24 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Jerk spammers on tor-relays On 09/24/2018 06:49 AM, Ralph Seichter wrote:
On 24.09.18 02:12, Dave Warren wrote:
I don't see anything obvious that addresses my approach (only the
approach of sending a message from a consistent address out slowly,
which has several obvious flaws).
Messages are already uniquely identifiable, and your approach is just a
variation of the method Andreas described. While it bundles spamtraps,
it is still just as easily avoided using trigger address sets in the
manner I mentioned before.
-Ralph
Maybe I misunderstood the proposal. Or unconsciously embellished it.
I was thinking that there'd be a set of Tor Project honeypot accounts,
with the same apparent account (e.g., Jay Baker). But in fact, there
would be a distinctly identifiable "hidden key" for each subscriber of
each list. Periodically, the set of honeypot accounts would send
innocuous messages to the Tor lists.
So let's say that Jay Baker instance with hidden key "Aj0qAU3Dc7PJzK"
had sent a list message to just one subscriber. And then it received sex
spam. That would arguably implicate that subscriber in the spamming
operation. No? And then that subscriber would be unsubscribed.
Of course, any sane spammer would use throwaway accounts. And they'd
just replace them as needed. However, once the system were operating,
new subscriptions could be correlated with subscription removals.
Perhaps subscription removals could be done in batches, to make that
more obvious.
But of course, that would be just too creepy.
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays