Am 14.11.25 um 01:03 schrieb L. Mark Stone via mailop:
You won't be the only one rejecting such emails. The sender will likely figure
it out soon enough.
No. Or rather, yes, but it's just working as designed for them.
This is a spamming organization abusing Google Groups. They are apparently adding addresses to these groups without
confirmed opt-in, and then they are spamming them as if there is no future.
In addition, since this is a kind of mailing list, everyone sending a "stop this spam" message is reaching all others,
thus multiplying the amount of spam messages.
Google being Google, they don't care. Do not expect any published abuse address to reach any real person who would be
able and willing to do something about it. I've got an automated (rate-limited) abuse reporting script which only
reports one Google Group id per 5 minutes with a text suggesting that the abused groups should be shut down to stop this
(there aren't that many). This has sent several thousand abuse reports, so even if they only do statistical abuse
handling they should have noticed it, but there hasn't been any reaction.
What I've been doing with relatively good success (i.e. dropping the amount of Google Groups spam to zero for my users)
is this:
* Reject some recurring sender domains at the MAIL FROM stage. This includes the
mentioned "thesparklebar.com" and
"shirleyaraujo.com.br". Other domains seem to be used for a run and then
dropped, I don't bother adding them to my
reject list.
* Reject all messages having one of these group ids in their X-Google-Group-Id
header field (that list may be
incomplete, I'm updating it as I find new group ids):
32361261845
32976746193
34193060777
75738278181
75806030712
133383420092
157778155495
188897610095
203853971473
222922044049
225011247119
244433668019
292719453295
318224100302
320817839263
337418121877
365577621345
388554251640
395351454906
400592288404
409577362945
466372128756
481272551361
482190531493
577248945045
669325251339
705941964503
729849756397
741179668648
857222679235
858357679088
860443333406
892716983347
905504428623
935902109903
991407652928
1019298026647
1049103205925
* In addition, the Google hosts sending Groups messages seem to be a distinct
set from those that are being used for
regular mail. You might want to track them and block them at the
router/firewall if your users don't receive
legitimate Google Groups messages. I've done that (with 8-hour fail2ban
blocks) for a while but that risks blocking
legitimate mails for a few of my users.
By the way, the only living person from Google that I remember posting here, Brandon Long, hasn't posted in some months,
and he also did not respond to my direct mail regarding this ongoing attack. Does anyone know whether all is well with him?
Cheers,
Hans-Martin
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
