[tor-bugs] #33823 [Internal Services/Tor Sysadmin Team]: Can we block phishing emails when forwarding emails?

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 6 15:06:21 UTC 2020 

#33823: Can we block phishing emails when forwarding emails?
-------------------------------------------------+-------------------------
 Reporter:  teor                                 |          Owner:  anarcat
     Type:  task                                 |         Status:  closed
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:  wontfix
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):

 * status:  assigned => closed
 * resolution:   => wontfix


Comment:

 Replying to [ticket:33823 teor]:
 > Recently, I have seen a few phishing emails at my torproject email
 address.
 >
 > Some of them seem to have been specifically crafted for tor. Some of
 them are attempts to attack mailman. Others seem like generic spam.

 I'm sorry to hear that! Internet is an evil place sometimes, especially in
 those difficult times...

 > Do we have email spam filters on our email forwarder?

 I just found out that we do have something, actually. We have "amavis" and
 "clamav" running and they do their best to filter out some of the stuff
 that's coming through. Obviously, they miss a lot: right now it seems like
 amavis is designed to only filter viruses through clamav and does no spam
 filtering at all.

 > If we do, is there a way to block more spam emails?

 Unfortunately, right now, our resources there are limited: because we
 don't do spam filtering with spamassassin, we can't really make up
 elaborate rules in that regard.

 Setting up a spam filter is a big undertaking, I'm not sure I'm in a
 position to commit on something like this in the short term. But we've
 been thinking about improving the email services for a while now (e.g.
 #30608), and this could be part of it. It would require significant
 rearchitecturing, as right now our mail server is this kind of monolithic
 thing and we would probably need to split it up to do filtering only on
 some of the stuff that goes through.

 > Can I send the full headers to someone?

 That's always worth a try. Sent it either to me or to the tpa email, see,
 as usual, those instructions for contact info:

 https://help.torproject.org/tsa/doc/how-to-get-help/

 Thanks for your bug report, I'm sorry I can't be more useful right now,
 but hopefully we'll have better tools to deal with this eventually. The
 best I can offer right now is to report the email as a phish or spam to
 your current email provider and maybe they can help you with the problem
 in the short term.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33823#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list