How do you people handle spam from Google lists etc?

L.P.H. van Belle belle at bazuin.nl
Mon Apr 15 07:03:48 UTC 2019


I found a interesting development here:
http://unsubscriberobot.com/
Its built up from an former Google Engineer and independent software contractor.
This give us the advantage to send our as for us seen spam newsletter mails to 
unsubscribe.robot at gmail.com and the software follows the link in a simulated browser, 
fills out the form, and clicks the unsubscribe button. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: MailScanner 
> [mailto:mailscanner-bounces+belle=bazuin.nl at lists.mailscanner.
> info] Namens George Papamichelakis
> Verzonden: vrijdag 12 april 2019 15:16
> Aan: yuwang; MailScanner Discussion
> Onderwerp: Re: How do you people handle spam from Google lists etc?
> 
> yes they come from google, the original sender is from turkey though:
> 
> 209.85.208.62    mail-ed1-f62.google.com    United States    
> [ ]    [  
> ]    [  ]    [  ]
> 92.42.39.50    mail.kordonweb.net    Turkey    [  ]    [  ]   
>  [ ]    [  ]
> 192.168.1.114    (Private Network)    (Private Network)
> 
> They also have an unsubscribe link in the header :
> 
> List-Unsubscribe: 
> <mailto:googlegroups-manage+30218623922+unsubscribe at googlegroups.com>,
> <https://groups.google.com/group/azovwave2/subscribe>
> 
> but  as you can see the link is for subscribing , to 
> unsubscribe (even 
> though you never subscribed...)  you have to
> send a message to this address by hand, seems  a bit risky  
> and if they 
> manage to harvest a lot of your addresses
> it's hell.
> 
> They have several accounts in google to do so  also, as you saw in my 
> first message.
> 
> 
> George
> 
> 
> 
> On 4/12/19 3:59 PM, yuwang wrote:
> >
> > Have you looked up owners/locations of the IP addresses that sent 
> > those spams? Did they really come from google's servers? 
> Google's SPF 
> > is soft-fail (why they didn't go with hard-fail is 
> puzzling) so none 
> > google servers can send emails out as @googlegroups.com. If 
> the real 
> > spammer is from azovwave.com, you can block/blacklist 
> sender's IP(s).
> >
> >
> >> googlegroups.com
> >
> > Non-authoritative answer:
> > googlegroups.com        text = "v=spf1 redirect=_spf.google.com"
> >
> >
> >> _dmarc.googlegroups.com
> >
> > Non-authoritative answer:
> > _dmarc.googlegroups.com text = "v=DMARC1\; p=none\; 
> > rua=mailto:mailauth-reports at google.com"
> >
> >
> >> _spf.google.com
> >
> > Non-authoritative answer:
> > _spf.google.com text = "v=spf1 include:_netblocks.google.com 
> > include:_netblocks2.google.com include:_netblocks3.google.com ~all"
> >
> >
> > James
> >
> >
> >
> >
> > On 2019-04-12 04:33, George Papamichelakis wrote:
> >> Hi all ,
> >>
> >>
> >> I'm sure I'm not the only one  here that gets spammed from google
> >> servers , I receive
> >>
> >> messages that in from line apears something like this :
> >>
> >> azovwave+bncbd3orshfrylbb36yx3sqkgqegq7g4ga at googlegroups.com
> >> azovwave+bncbd3orshfrylbbiwjqxsakgqev4lqfzy at googlegroups.com
> >> azovwave2+bncbd3orshfrylbbno2x3sqkgqei4erkja at googlegroups.com
> >> azovwave12+bncbd3orshfrylbbuwzx3sqkgqeecgxwwi at googlegroups.com
> >>
> >>
> >> the address of course is different or changes every now 
> and then, as
> >> you can see in the first pair
> >>
> >> and the only common clue  I can find, is in the headers  
> which is the
> >> only reference to the real spammer :
> >>
> >> X-Original-Sender: arwad at azovwave.com
> >>
> >>
> >> A rule from inside mailscanner seems impossible to catch 
> such spammers
> >> , so how do you
> >>
> >> people get by from these without blocking google email 
> servers ? you
> >> work your way in local spamassassin rules ?
> >>
> >> is there some thing  in the setup of mailscanner that I have 
> >> overlooked ?
> >>
> >>
> >> Thanks in advance
> 
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> 



More information about the MailScanner mailing list