I looked at the headers of the spam, and they appear to originate from Google servers:
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::541; helo=mail-ed1-x541.google.com; envelope-from=msadema...@gmail.com; receiver=<UNKNOWN> Received: from mail-ed1-x541.google.com (mail-ed1-x541.google.com [IPv6:2a00:1450:4864:20::541]) by box.neelc.org (Postfix) with ESMTPS id C493624C096 for <n...@neelc.org>; Sun, 30 Sep 2018 18:09:46 -0400 (EDT) Received: by mail-ed1-x541.google.com with SMTP id h4-v6so12466903edi.6 for <n...@neelc.org>; Sun, 30 Sep 2018 15:09:47 -0700 (PDT) So Google killed something as useful as domain fronting but not stop spammers from using Gmail to send spam to mailing list subscribers. I also get spam from FreeBSD's mailing lists, but those are mainly advertising emails for things like web/logo design, marketing, etc. that I have no interest in. Thanks, Neel Chauhan === https://www.neelc.org/ September 28, 2018 11:14 PM, "Keifer Bly" <keifer....@gmail.com> wrote: > Just a heads up, this address is sending spam now. > > zufoeowi90...@gmail.com > > From: Mirimir > Sent: Monday, September 24, 2018 4:24 PM > To: tor-relays@lists.torproject.org > Subject: Re: [tor-relays] Jerk spammers on tor-relays > On 09/24/2018 06:49 AM, Ralph Seichter wrote: > >> On 24.09.18 02:12, Dave Warren wrote: > >> > > I don't see anything obvious that addresses my approach (only the > > approach of sending a message from a consistent address out slowly, > > which has several obvious flaws). > >> > >> Messages are already uniquely identifiable, and your approach is just a > >> variation of the method Andreas described. While it bundles spamtraps, > >> it is still just as easily avoided using trigger address sets in the > >> manner I mentioned before. > >> > >> -Ralph > > Maybe I misunderstood the proposal. Or unconsciously embellished it. > > I was thinking that there'd be a set of Tor Project honeypot accounts, > > with the same apparent account (e.g., Jay Baker). But in fact, there > > would be a distinctly identifiable "hidden key" for each subscriber of > > each list. Periodically, the set of honeypot accounts would send > > innocuous messages to the Tor lists. > > So let's say that Jay Baker instance with hidden key "Aj0qAU3Dc7PJzK" > > had sent a list message to just one subscriber. And then it received sex > > spam. That would arguably implicate that subscriber in the spamming > > operation. No? And then that subscriber would be unsubscribed. > > Of course, any sane spammer would use throwaway accounts. And they'd > > just replace them as needed. However, once the system were operating, > > new subscriptions could be correlated with subscription removals. > > Perhaps subscription removals could be done in batches, to make that > > more obvious. > > But of course, that would be just too creepy. > > _______________________________________________ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
