On 03.01.2024 at 01:21 Jarland Donnell via mailop wrote: > I'm reaching out to ask if anyone on this list has landed on an effective > strategy to block this spam coming from subdomains used on Google Workspace. > I'm certain most of you are seeing it, given the volume I'm seeing. I'll give > 2 samples just to put us on the same page, so you know I'm talking about the > same thing I assume you're seeing: > https://mxbin.io/V6FxTN > https://mxbin.io/ZxLasU > It's obvious to me at this point that Google doesn't care about this and has > no intention of combating it. Content filters are at best intermittently weak > against them from where I sit. By the time I've identified a new > domain/subdomain it's already too late to just block it by sender, they've > already moved on to another. > I'm thinking something along the lines of blocking mail from all subdomains > that come from Google IPs, and then whitelisting any legitimate ones. Anyone > else found any good strategy that works for them here?
As mentioned by Robert this is not coming from Google Workspace but Google Groups. As far as I have understood it, spammers create or hijack newsgroups, add countless addresses to the groups and then send their spam to the groups addresses. To block Google Groups messages completely, you can filter for messages coming from servers which resolve to *.google.com and contain the header "X-Google-Group-Id". If you do not want or cannot wait until EOD you can check if MAIL FROM includes "+bnc". However this might yield some false positives, as Google users could use addresses which include this string. -- BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 dmt...@dm.de<mailto:dmt...@dm.de> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
