Re: SPAM

To: Christopher Clements <bcnjr5@gmail.com>, debian-devel@lists.debian.org
Subject: Re: SPAM
From: Philip Hands <phil@hands.com>
Date: Sun, 05 Mar 2017 09:55:14 +0100
Message-id: <[🔎] 871sucje6l.fsf@whist.hands.com>
In-reply-to: <[🔎] 20170305035027.GA16372@CCPT>
References: <20170103201509.s3swo4w666qeieow@iris.silentflame.com> <87fukzbkwl.fsf@vostro.rath.org> <87o9zn4ie5.fsf@hope.eyrie.org> <20170110100405.mcarzcdlf3h3thfw@bogon.m.sigxcpu.org> <CAO7deYhDjmz+f+_TJfd-Q4EDuA041A7Apy7o0X13EJaiVCt98g@mail.gmail.com> <[🔎] 20170304015416.GD18831@MB> <[🔎] 58BA2C03.5010807@fastmail.fm> <[🔎] 85pohxk68l.fsf@benfinney.id.au> <[🔎] 20170304221257.GA8248@MB> <[🔎] 857f44jy79.fsf@benfinney.id.au> <[🔎] 20170305035027.GA16372@CCPT>

Christopher Clements <bcnjr5@gmail.com> writes:

> On Sun, Mar 05, 2017 at 12:42:50PM +1100, Ben Finney wrote:
>>Christopher Clements <bcnjr5@gmail.com> writes:
>>
>>> On Sat, Mar 04, 2017 at 03:36:58PM +1100, Ben Finney wrote:
>>> >I think the best explanation is that the entire message ??? complaint and
>>> >quoted part ??? were composed and sent by the spammer themselves.
>>>
>>> Oh, the "original" message is seperate, I just replied to a reply.
>>
>>That doesn't contradict my explanation; I think both messages are
>>composed by the spammer.
>
> Sorry about that, I misread you and thought that you thought that there
> was only one message.
>
> On closer examination, I think you are correct in saying that the
> replies are written by the spammer as well.

On closer examination of what?

The headers of the mail you're apparently complaining about look pretty
genuinely like the mail really did come from gmail, so are you
suggesting that 'The Illuminati <trainjohnson87@gmail.com>' is the spammer?

That looks like a genuine person -- I cannot imagine a spammer creating
supporting evidence for a spamming account.  e.g.: https://twitter.com/trainjohnson87

Note that that twitter account appears to belong to someone called
Anthony, which matches the salutation in the Spam that he then replied
to.

The level of maturity shown in his reply appears to be in line with
someone that is obsessed with minecraft.

> Perhaps they simply want to waste space in archives?
> Not much of a motive/goal, but I get the feeling that the perpetrator
> doesn't have much of a life to start with.

It seems very plain to me that the spammers are recycling headers from
our list mail on the basis that gmail's anti-spam will have learned that
as HAM, and are so are more likely to let that pass through.

That then provokes a small fraction of the victims to shout at us,
because they don't know ho to read headers.

That is what you are seeing.

If anyone knows people that fight spam at gmail, I suppose that they
might want to treat listmail that comes from an unusual IP address with
great suspicion, but I don't think this is in any way limited to gmail.

I guess we could help the mail servers of the recipients of the initial
messages make that decision if we did SPF for debian.org, but I guess
that the lack of SPF probably indicates that this is very hard to do
with our distributed setup.

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/    http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: SPAM
  - From: Joerg Jaspert <joerg@debian.org>
- Re: SPAM
  - From: Christopher Clements <bcnjr5@gmail.com>

References:
- Re: SPAM
  - From: Christopher Clements <bcnjr5@gmail.com>
- Re: SPAM
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: SPAM
  - From: Ben Finney <bignose@debian.org>
- Re: SPAM
  - From: Christopher Clements <bcnjr5@gmail.com>
- Re: SPAM
  - From: Ben Finney <bignose@debian.org>
- Re: SPAM
  - From: Christopher Clements <bcnjr5@gmail.com>

Prev by Date: Re: systemd, ntp, kernel and hwclock
Next by Date: Re: Non-free RFCs in stretch
Previous by thread: Re: SPAM
Next by thread: Re: SPAM
Index(es):
- Date
- Thread