How do you people handle spam from Google lists etc?
George Papamichelakis
gpapamichelakis at gmail.com
Fri Apr 12 13:16:10 UTC 2019
yes they come from google, the original sender is from turkey though:
209.85.208.62 mail-ed1-f62.google.com United States [ ] [
] [ ] [ ]
92.42.39.50 mail.kordonweb.net Turkey [ ] [ ] [ ] [ ]
192.168.1.114 (Private Network) (Private Network)
They also have an unsubscribe link in the header :
List-Unsubscribe:
<mailto:googlegroups-manage+30218623922+unsubscribe at googlegroups.com>,
<https://groups.google.com/group/azovwave2/subscribe>
but as you can see the link is for subscribing , to unsubscribe (even
though you never subscribed...) you have to
send a message to this address by hand, seems a bit risky and if they
manage to harvest a lot of your addresses
it's hell.
They have several accounts in google to do so also, as you saw in my
first message.
George
On 4/12/19 3:59 PM, yuwang wrote:
>
> Have you looked up owners/locations of the IP addresses that sent
> those spams? Did they really come from google's servers? Google's SPF
> is soft-fail (why they didn't go with hard-fail is puzzling) so none
> google servers can send emails out as @googlegroups.com. If the real
> spammer is from azovwave.com, you can block/blacklist sender's IP(s).
>
>
>> googlegroups.com
>
> Non-authoritative answer:
> googlegroups.com text = "v=spf1 redirect=_spf.google.com"
>
>
>> _dmarc.googlegroups.com
>
> Non-authoritative answer:
> _dmarc.googlegroups.com text = "v=DMARC1\; p=none\;
> rua=mailto:mailauth-reports at google.com"
>
>
>> _spf.google.com
>
> Non-authoritative answer:
> _spf.google.com text = "v=spf1 include:_netblocks.google.com
> include:_netblocks2.google.com include:_netblocks3.google.com ~all"
>
>
> James
>
>
>
>
> On 2019-04-12 04:33, George Papamichelakis wrote:
>> Hi all ,
>>
>>
>> I'm sure I'm not the only one here that gets spammed from google
>> servers , I receive
>>
>> messages that in from line apears something like this :
>>
>> azovwave+bncbd3orshfrylbb36yx3sqkgqegq7g4ga at googlegroups.com
>> azovwave+bncbd3orshfrylbbiwjqxsakgqev4lqfzy at googlegroups.com
>> azovwave2+bncbd3orshfrylbbno2x3sqkgqei4erkja at googlegroups.com
>> azovwave12+bncbd3orshfrylbbuwzx3sqkgqeecgxwwi at googlegroups.com
>>
>>
>> the address of course is different or changes every now and then, as
>> you can see in the first pair
>>
>> and the only common clue I can find, is in the headers which is the
>> only reference to the real spammer :
>>
>> X-Original-Sender: arwad at azovwave.com
>>
>>
>> A rule from inside mailscanner seems impossible to catch such spammers
>> , so how do you
>>
>> people get by from these without blocking google email servers ? you
>> work your way in local spamassassin rules ?
>>
>> is there some thing in the setup of mailscanner that I have
>> overlooked ?
>>
>>
>> Thanks in advance
More information about the MailScanner
mailing list