[tor-relays] Fwd: Tor Guard Relay

Mirimir mirimir at riseup.net
Sun Jun 10 01:31:58 UTC 2018 

On 06/09/2018 01:51 PM, Keifer Bly wrote:
> I just scanned the picture files using Avast, which I use a a lot and it is
> a pretty great anti virus program based off of my use with it. Here is the
> contents of the email in programming code; I don't know about other email
> services but in Gmail this can be retrieved by signing into the web version
> (in a web browser) clicking the more options button (next to the replay
> button) and clicking "show original".
> 
>>From what I can tell looking at the code, it is encoded using base64 and
> the ip address of the web server it was sent from is 104.161.37.109.
> 
> However, as for telling anything else, it seems like that would be
> difficult to do without the right equipment. Let me know what you think.

Thanks for source with headers. I don't see anything useful, though, I
do see that "In-Reply-To: <5b182b2c.1c69fb81.390f6.f0ea at mx.google.com>"
is correct, so the sender is probably subscribed to the list. Getting
that right from messages in the online archives would be nontrivial.

But damn: "I joined this site so that i could weed through the guys who
aren’t serious and reliable enough to invite to my house where i feel
comfortable." Trolling the tor-relays list for nice guys to date? That
is bizarre.

> On Sat, Jun 9, 2018 at 5:26 PM Mirimir <mirimir at riseup.net> wrote:
> 
>> On 06/09/2018 05:28 AM, Keifer Bly wrote:
>>>  I was asked by mirmir to send one of the emails as a txt file, and so
>> here
>>> it is. It is at the google drive link below, I had tried to send it as an
>>> attachment, but got a note back saying it was being held because it was
>> too
>>> big. The zip file contains the  contents of the email and the attached
>>> images. Thank you. I will try creating a spam filter for the email domain
>>> they are coming from, though a few of them have come from yahoo.com
>> domain,
>>> which annoyingly I can't really block as some of my legitimate contacts
>> use
>>> yahoo mail. I could try reporting this to Google, what do you think?
>>>
>>>
>> https://drive.google.com/open?id=0B_cH2cPZZmbTMmE2Ni1hc1BZbXliM0hMaTZnN19GcjFLTm4w
>>
>> Thanks. But the text there doesn't contain headers. But that's less an
>> issue, because from headers aren't spoofed. The question now is whether
>> this is simple trolling, or attempts to infiltrate machines of relay
>> operators. Someone experienced with malware analysis could examine the
>> images for attack code, as Roman suggested. But that's over my head.
>>
>> Blocking *.mexyst.com domains, as Neel suggested, will likely stop most
>> of them, with little or no downside. But blocking yahoo.com isn't
>> workable for many. But if they're all as salacious as Keifer's example,
>> blocking on language seems workable. Or language plus domain.
>>
>> As with Efail, this is a reminder of the risks of decoding HTML, loading
>> embedded images, and fetching remote content. And the importance of
>> compartmentalizing email and browsing from credentials for relay
>> management (and other high-impact stuff, such as finances).
>>
>>> On Fri, Jun 8, 2018 at 9:57 PM Mirimir <mirimir at riseup.net> wrote:
>>>
>>>> On 06/08/2018 05:03 PM, Keifer Bly wrote:
>>>>> This is one of the about 20 emails that have been received. Upon
>> looking
>>>> it
>>>>> looks like they are spoofing the [tor-relays] subject line. My
>> apologies
>>>>> for the subject change but could not find a way to forward the emails
>>>>> without forwarding them from an old conversation. Thank you. (The
>> subject
>>>>> this is in reference to is "Spam Emails Received From This Mailing
>>>> List").
>>>>
>>>> OK, so they're just using subject lines from the list. And not spoofing
>>>> the from address.
>>>>
>>>> But what you forwarded doesn't include the headers. By googling, I get
>>>> this:
>>>>
>>>> | 1) Open the message in your Gmail inbox.
>>>> | 2) Click the down-arrow in the top-right corner of the message.
>>>> | 3) Click the "Show original" link toward the bottom of the options
>>>> |    box. The message will open in a separate window with the full
>>>> |    message headers at the top.
>>>>
>>>> Just save that as a text file, and send it to me as an attachment.
>>>>
>>>> Why the bloody hell someone would target users of this list in that way
>>>> is bizarre. And why you? Rather than me, who is admittedly an outspoken
>>>> jerk sometimes ;)
>>>>
>>>>> ---------- Forwarded message ---------
>>>>> From: Becky Janet <beckyjanet335900 at re.mexyst.com>
>>>>> Date: Fri, Jun 8, 2018 at 7:48 PM
>>>>> Subject: Re: [tor-relays] Tor Guard Relay
>>>>> To: Keifer Bly <keifer.bly at gmail.com>
>>>>>
>>>>>
>>>>> first you need to trust someone to find real sex partner. So if you
>> want
>>>> to
>>>>> find real sex partner then you need to trust me. Always i'm telling you
>>>>> it's totally f r e e. Just connect with My Private Page
>>>>> <http://datingflirt.info/1stold> by submitting you mail, name, age
>> etc.
>>>> I'm
>>>>> assure you if it's ask any cc then no need to connect with me. So just
>>>>> trust and try. Trust Me & Try It Now NCTB ; After completing this task
>>>>> check your mail ,Automatically you will get my personal phone no in
>> your
>>>>> mail within 5 min. Just check your mail (inbox/s p a m) and call me
>> asap.
>>>>> I'm waiting for your cam
>>>>>
>>>> _______________________________________________
>>>> tor-relays mailing list
>>>> tor-relays at lists.torproject.org
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>
>>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>

More information about the tor-relays mailing list