How do you people handle spam from Google lists etc?

[yuwang]

Have you looked up owners/locations of the IP addresses that sent those 
spams? Did they really come from google's servers? Google's SPF is 
soft-fail (why they didn't go with hard-fail is puzzling) so none google 
servers can send emails out as @googlegroups.com. If the real spammer is 
from azovwave.com, you can block/blacklist sender's IP(s).


> googlegroups.com

Non-authoritative answer:
googlegroups.com        text = "v=spf1 redirect=_spf.google.com"


> _dmarc.googlegroups.com

Non-authoritative answer:
_dmarc.googlegroups.com text = "v=DMARC1\; p=none\; 
rua=mailto:mailauth-reports at google.com"


> _spf.google.com

Non-authoritative answer:
_spf.google.com text = "v=spf1 include:_netblocks.google.com 
include:_netblocks2.google.com include:_netblocks3.google.com ~all"


James




On 2019-04-12 04:33, George Papamichelakis wrote:
> Hi all ,
> 
> 
> I'm sure I'm not the only one  here that gets spammed from google
> servers , I receive
> 
> messages that in from line apears something like this :
> 
> azovwave+bncbd3orshfrylbb36yx3sqkgqegq7g4ga at googlegroups.com
> azovwave+bncbd3orshfrylbbiwjqxsakgqev4lqfzy at googlegroups.com
> azovwave2+bncbd3orshfrylbbno2x3sqkgqei4erkja at googlegroups.com
> azovwave12+bncbd3orshfrylbbuwzx3sqkgqeecgxwwi at googlegroups.com
> 
> 
> the address of course is different or changes every now and then, as
> you can see in the first pair
> 
> and the only common clue  I can find, is in the headers  which is the
> only reference to the real spammer :
> 
> X-Original-Sender: arwad at azovwave.com
> 
> 
> A rule from inside mailscanner seems impossible to catch such spammers
> , so how do you
> 
> people get by from these without blocking google email servers ? you
> work your way in local spamassassin rules ?
> 
> is there some thing  in the setup of mailscanner that I have overlooked 
> ?
> 
> 
> Thanks in advance