[tor-relays] Jerk spammers on tor-relays

Mirimir mirimir at riseup.net
Fri Sep 21 21:25:41 UTC 2018 

On 09/21/2018 01:40 PM, Keifer Bly wrote:
> I just had another thought. Is it possible to block certain keywords on the
> list? I just thought one thing that could be worth doing is filtering
> emails sent to the list that contain words like "sex", cusswords and words
> that are names of body parts, etc. Again this wouldn't do much in terms of
> them attacking our personal email addresses :-(.

Those spam messages aren't going through the list server. They just use
subject lines from list messages, and reply by Message-ID. For example,
one of my recent posts to tor-talk:

Message-ID: <382f20c5-fe74-49d4-0f0f-1e5a35fd8d98 at riseup.net>

And the triggered spam:

Message-ID: <664f41dc19a32065d9acce123812367c at app09.jetlumen.com>
In-Reply-To: <382f20c5-fe74-49d4-0f0f-1e5a35fd8d98 at riseup.net>

And the pre-Riseup routing headers:

Received: from m41.bytekeys.com (m41.bytekeys.com [107.189.161.196])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 \
                                                        (256/256 bits))
	(Client did not present a certificate)
	by mx1.riseup.net (Postfix) with ESMTPS id 561A81A1A74
	for <mirimir at riseup.net>; Wed, 12 Sep 2018 12:22:55 -0700 (PDT)
Received: from app09.jetlumen.com (unknown [107.167.93.24])
	by m41.bytekeys.com (Postfix) with ESMTPSA id 1552022B4C
	for <mirimir at riseup.net>; Wed, 12 Sep 2018 18:48:53 +0000 (UTC)

No header contains "*.torproject.org".

> On Fri, Sep 21, 2018 at 1:25 PM Keifer Bly <keifer.bly at gmail.com> wrote:
> 
>>
>>
>>    - There are lots of technical folk on these tor lists.
>>
>> There ought to be at least a few who'd enjoy killing some spam servers.
>>
>>
>>
>> What exactly do you mean by “killing them”? If you are referring to
>> forcibly taking the servers offline, that would most likely be illegal. Not
>> to mention an amount of the spamming addresses are using Gmail and Yahoo
>> mail accounts, and we can’t “kill” those sources.
>>
>>
>>
>> Of course, one approach we could try to get rid of the spammers is the
>> same approach that tor uses to distribute bridge relays (somewhat) as in we
>> all report back to the list email addresses we are currently receiving spam
>> from and then report to the list administrator to block those email
>> addresses. Of course, the fact that the spammers are now attacking our
>> personal email addresses would mean we would have to block the spamming
>> addresses in our email accounts as well. Gmail, as well is I’m sure most to
>> all of the other big name email providers allow to block emails from
>> certain email addresses by creating a filter to automatically delete emails
>> from that email address by going into the settings and filters. This may be
>> a bit of a pain for those running personal mail servers, and I know it is a
>> far from perfect stop, but it is something.
>>
>>
>>
>>    - I don't see that as a great improvement. Sex spam doesn't bother me.
>>
>>
>>
>> The content isn’t “deeply disturbing” me either, but I use this email
>> address and it is annoying to have it getting spam. And the spammers are
>> being smart to bypass email providers spam filters by sending them from
>> email domains that are legitimate email providers (gmail.com, yahoo.com,
>> etc).
>>
>>
>>
>> What do you all think of this solution?
>>
>> *From: *Mirimir <mirimir at riseup.net>
>> *Sent: *Friday, September 21, 2018 11:47 AM
>> *To: *tor-relays at lists.torproject.org
>> *Subject: *Re: [tor-relays] Jerk spammers on tor-relays
>>
>>
>>
>> On 09/21/2018 10:50 AM, Andreas Krey wrote:
>>
>>> On Fri, 21 Sep 2018 18:23:48 +0000, Ralph Seichter wrote:
>>
>>> ...
>>
>>>> I'm not sure what type of spam you are referring to, but when I post to
>>
>>>> this mailing list I see spamming attempts that are directly targeting my
>>
>>>> MX, without using the mailing list infrastructure. The list admins would
>>
>>>> not be able to reliably correlate which subscribed address is "A" even
>>
>>>> if I shared my mail logs.
>>
>>>
>>
>>> Create a dummy mail address. Make the list server send out mails from
>>
>>> that address very slowly at random times to the recipients. See when
>>
>>> the spam arrives on the dummy address. Repeat as many times as needed
>>
>>> to get sufficient correlation between spam arrival and mail distribution
>>
>>> timepoints.
>>
>>>
>>
>>> - Andreas
>>
>>
>>
>> Cool idea :)
>>
>>
>>
>> But then we'd all be getting spammed by those test messages ;)
>>
>>
>>
>> I don't see that as a great improvement. Sex spam doesn't bother me.
>>
>>
>>
>> Another alternative is tracking down and killing the spam sources. It'd
>>
>> be a huge project, and maybe a little morally iffy. But as Marv says in
>>
>> "Sin City": "I love hitmen. No matter what you do to them, you don't
>>
>> feel bad." So hey. There are lots of technical folk on these tor lists.
>>
>> There ought to be at least a few who'd enjoy killing some spam servers.
>>
>> _______________________________________________
>>
>> tor-relays mailing list
>>
>> tor-relays at lists.torproject.org
>>
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>>
>>
> 
> 
> 
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>

More information about the tor-relays mailing list