[tor-relays] Jerk spammers on tor-relays

neel at neelc.org neel at neelc.org
Mon Oct 1 19:26:41 UTC 2018 

I looked at the headers of the spam, and they appear to originate from Google servers:

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::541;
helo=mail-ed1-x541.google.com; envelope-from=msadema370 at gmail.com; receiver=<UNKNOWN> 
Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541])
by box.neelc.org (Postfix) with ESMTPS id C493624C096
for <neel at neelc.org>; Sun, 30 Sep 2018 18:09:46 -0400 (EDT)
Received: by mail-ed1-x541.google.com with SMTP id h4-v6so12466903edi.6
for <neel at neelc.org>; Sun, 30 Sep 2018 15:09:47 -0700 (PDT)

So Google killed something as useful as domain fronting but not stop spammers from using Gmail to
send spam to mailing list subscribers.

I also get spam from FreeBSD's mailing lists, but those are mainly advertising emails for things
like web/logo design, marketing, etc. that I have no interest in.

Thanks,

Neel Chauhan

===

https://www.neelc.org/

September 28, 2018 11:14 PM, "Keifer Bly" <keifer.bly at gmail.com> wrote:

> Just a heads up, this address is sending spam now.
> 
> zufoeowi90754 at gmail.com
> 
> From: Mirimir
> Sent: Monday, September 24, 2018 4:24 PM
> To: tor-relays at lists.torproject.org
> Subject: Re: [tor-relays] Jerk spammers on tor-relays
> On 09/24/2018 06:49 AM, Ralph Seichter wrote:
> 
>> On 24.09.18 02:12, Dave Warren wrote:
> 
>> 
> 
> I don't see anything obvious that addresses my approach (only the
> 
> approach of sending a message from a consistent address out slowly,
> 
> which has several obvious flaws).
> 
>> 
> 
>> Messages are already uniquely identifiable, and your approach is just a
> 
>> variation of the method Andreas described. While it bundles spamtraps,
> 
>> it is still just as easily avoided using trigger address sets in the
> 
>> manner I mentioned before.
> 
>> 
> 
>> -Ralph
> 
> Maybe I misunderstood the proposal. Or unconsciously embellished it.
> 
> I was thinking that there'd be a set of Tor Project honeypot accounts,
> 
> with the same apparent account (e.g., Jay Baker). But in fact, there
> 
> would be a distinctly identifiable "hidden key" for each subscriber of
> 
> each list. Periodically, the set of honeypot accounts would send
> 
> innocuous messages to the Tor lists.
> 
> So let's say that Jay Baker instance with hidden key "Aj0qAU3Dc7PJzK"
> 
> had sent a list message to just one subscriber. And then it received sex
> 
> spam. That would arguably implicate that subscriber in the spamming
> 
> operation. No? And then that subscriber would be unsubscribed.
> 
> Of course, any sane spammer would use throwaway accounts. And they'd
> 
> just replace them as needed. However, once the system were operating,
> 
> new subscriptions could be correlated with subscription removals.
> 
> Perhaps subscription removals could be done in batches, to make that
> 
> more obvious.
> 
> But of course, that would be just too creepy.
> 
> _______________________________________________
> 
> tor-relays mailing list
> 
> tor-relays at lists.torproject.org
> 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list