Re: RE : ... blah lbah blah ... spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Aug 07, 2017 at 08:11:08AM +0900, Mark Fletcher wrote: > On Sun, Aug 06, 2017 at 04:58:42PM +0200, Thomas Schmitt wrote: > > Hi, > > > > reading more about Gmail Smart Reply in > > > > https://www.blog.google/products/gmail/save-time-with-smart-reply-in-gmail/ > > i got a new theory: > > > > The AI learns from the user's mail habits [...] > As a gmail user, I've been reading those auto-reply options on mails for > a couple of years now, feels like [...] Scary, but plausible. Yeah, spammers are the flies and mosquitoes, nasty, disgusting and perhaps sometimes transmitting diseases, but the crocodiles are Google, Facebook et al. > [...] genuine Muggles responding to spam [...] Now this is a very nice way to put it. You made my day, thank you :-)) > the debian-user email address as sender. That also neatly explains why > we didn't see the original mail -- it wasn't sent TO debian-user, it was > sent AS debian-user. Exactly. Or perhaps the spammer doesn't even care and is sending from a domain long ago blacklisted by all self-respecting filters (to gather evidence for or against that, one would have to pick through the headers, in the hopes that the Muggles's mail user agents don't mutilate too much. Dunno). Those links lead to either (javascript-vectored) malware or some other kind of nonsense. Typically they are short-lived (taken down quickly), so they want to spread as quickly as possible. > And the ironic thing is I doubt the spammer even expects to be able to > recover the replies in the end, [...] No. They want the clicks. And, thanks to the blind "full quote" disease (thanks, Microsoft), this link gets passed unharmed on in the "Muggle bounce". > I suspect debian-user has just made it into their lists one way or > another and they probably haven't even noticed. So a bunch of hassle for > a lot of people, and the perpetrators didn't even specifically intend to > do it. (they also are supremely indifferent to the trouble they have > caused) Here I'm more of a cynic than you: I think inserting medium-to-high volume lists (with a web-accessible archive at that!) is a welcome multiplier to these folks. It's an industry, where livelihoods are at stake: expect them to be resourceful! Cheers - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlmIH44ACgkQBcgs9XrR2kbM+gCfXvRBbtuzlBIKh+/3KwNodtaL Fc4AnAipSLKodK1fRN5Yd38s6ryWc/v4 =8Uiv -END PGP SIGNATURE-
Re: RE : ... blah lbah blah ... spam
On Sun, Aug 06, 2017 at 04:58:42PM +0200, Thomas Schmitt wrote: > Hi, > > reading more about Gmail Smart Reply in > https://www.blog.google/products/gmail/save-time-with-smart-reply-in-gmail/ > i got a new theory: > > The AI learns from the user's mail habits to be able to propose three > quick replies in the personal writing style of the user. > If you annoy the AI from outside (see also "Goozim" :)) then it will lure > the user into such a quick reply. > So the initiator learns a brief psychological profile of that user > in respect to obvious vulgarity and spam. > As a gmail user, I've been reading those auto-reply options on mails for a couple of years now, feels like. The Gmail auto-reply feature doesn't come up with the kind of thing we have been seeing on the list. It certainly doesn't put profanities in the replies, unlike some of the clearly frustrated repliers we have seen recently. We are not seeing auto-replies here; I am with whichever Thomas it was that suggested this is genuine Muggles responding to spam that hijacked the debian-user email address as sender. That also neatly explains why we didn't see the original mail -- it wasn't sent TO debian-user, it was sent AS debian-user. And the ironic thing is I doubt the spammer even expects to be able to recover the replies in the end, in this case. Having to go to the archives and search for responses to past-sent spam mails just doesn't fit with their operating model which is take very large scale action, and reap results with minimal effort. (take as evidence the spam one sometimes gets from addresses like big.hairy.mike...@somedomain.com purporting to be from an 18-year-old Eastern European girl looking for a husband... It's obviously bollocks and they don't give a monkey's that it's obviously bollocks, because there will be others in the mountain of stolen and/or forged addresses like exotic.angel...@sexyangels.cz or something, that might actually get a reply from someone stupid enough) I suspect debian-user has just made it into their lists one way or another and they probably haven't even noticed. So a bunch of hassle for a lot of people, and the perpetrators didn't even specifically intend to do it. (they also are supremely indifferent to the trouble they have caused) Mark
Re: RE : ... blah lbah blah ... spam
From: geo...@nsup.org >Le nonidi 19 thermidor, an CCXXV, Thomas Schmitt a écrit : >> Further, if this spam shall sneak through spam filters, why does nearly >> all of it bear that peculiar URL domain ? > >Because that is the URL that the spammer wants to advertise, of course. Not true, look closely at the links, they are all different, they forward to the same site. So you can not screen by it Here are the last 5 http : //bit.ly/2vBXTKq http : //bit.ly/2vtmktp http : //bit.ly/2u4JToE http : //bit.ly/2u4oj3x http : //bit.ly/2ud5DyE https://bitly.com/ I am sure the folks at bitly.com know who made these links >Nicolas George
Re: RE : ... blah lbah blah ... spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Aug 06, 2017 at 03:30:41PM -0400, Fungi4All wrote: > >Clever. Yes, going by the headers, those seem genuine replies to spam. > > > The spam is crafted in a way (cc) that the reply lands here (for the > > spammer, this distribution channel is what they want). The Goozim > > bit seems compelling :) [...] > I am confident that the reply is the spam [...] We have only the headers to go by, and some of that can be spoofed. So I think your guess is as good as Thomas's and/or mine. What favors our guess is spammer economy: one scarce resource for the spammer is genuine domains/addresses (a spamhole domain quickly garners a high spam score), and bouncing off unsuspecting users covers that nicely. Cheers - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlmHcPcACgkQBcgs9XrR2kayPACfXQcSEHpU44zyYo1xCs1qKty+ Rm4An00m2Cj0G7gvQ43ECx30pS4X4Nwq =ia99 -END PGP SIGNATURE-
Re: RE : ... blah lbah blah ... spam
>Clever. Yes, going by the headers, those seem genuine replies to spam. > The spam is crafted in a way (cc) that the reply lands here (for the > spammer, this distribution channel is what they want). The Goozim > bit seems compelling :) > Cheers > -- t I am confident that the reply is the spam, but a quick look on some of them reveals that the link is never the same, but a short link to the spammer's site. So no matter how many times you will screen for the short link a new one will keep being forwarded. The problem is that it is very easy eye-balling the subject line patterns you can easily pick the spam off in one take. What your eye can do no software will learn to do. Some german, some french, some english. Patterns in all. Maybe someone who has invented a new AI learning spam filter is trying to promote it this way. How do we know that the internet's most high-volume member lists do not all have the same patterned messages? I bet debian is not the only one. Has anyone figured out what vulnerability of windows/os/androig is this site exploring? It might be a statistical model research for how easy it is to draw people into something with ill-motives. Maybe it is someone's dissertation on spam and malware.
Re: RE : ... blah lbah blah ... spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Aug 06, 2017 at 04:58:42PM +0200, Thomas Schmitt wrote: > Hi, > > reading more about Gmail Smart Reply in > https://www.blog.google/products/gmail/save-time-with-smart-reply-in-gmail/ > i got a new theory: > > The AI learns from the user's mail habits to be able to propose three > quick replies in the personal writing style of the user. > If you annoy the AI from outside (see also "Goozim" :)) then it will lure > the user into such a quick reply. > So the initiator learns a brief psychological profile of that user > in respect to obvious vulgarity and spam. > > By fake mail headers in the original poking mails, the reply then > appears here. The annoyer may be subscribed or may simply harvest > the replies from our web archives. Clever. Yes, going by the headers, those seem genuine replies to spam. The spam is crafted in a way (cc) that the reply lands here (for the spammer, this distribution channel is what they want). The Goozim bit seems compelling :) Cheers - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlmHZw4ACgkQBcgs9XrR2kY/VwCbB2sYab5DgbO+4TzPvi2A0L/w pf4AniQ+Wcv6OAO3Kiw7cx/jvo8B+GfO =pPta -END PGP SIGNATURE-
Re: RE : ... blah lbah blah ... spam
Nicolas George writes: > Debian's are part of the few tech mailing-lists that I know that are not > moderated for posts by non-users. It's also one of the few that are publically-archived with no obfuscation of email addresses. I doubt that spammers utilize any fiedish schemes to attack debian-user. Email addresses are too easy to get my mining the Web and/or perusing address lists on compromised machines. -- John Hasler jhas...@newsguy.com Elmwood, WI USA
Re: RE : ... blah lbah blah ... spam
Hi, reading more about Gmail Smart Reply in https://www.blog.google/products/gmail/save-time-with-smart-reply-in-gmail/ i got a new theory: The AI learns from the user's mail habits to be able to propose three quick replies in the personal writing style of the user. If you annoy the AI from outside (see also "Goozim" :)) then it will lure the user into such a quick reply. So the initiator learns a brief psychological profile of that user in respect to obvious vulgarity and spam. By fake mail headers in the original poking mails, the reply then appears here. The annoyer may be subscribed or may simply harvest the replies from our web archives. Have a nice day :) Thomas
Re: RE : ... blah lbah blah ... spam
Hello, On Sun, Aug 06, 2017 at 03:56:35PM +0200, Nicolas George wrote: > Your Occam's razor is definitely blunted. These mails are spams > masquerading as legitimate answers to bypass automated filters and catch > the reader's attention, nothing more. That is the simplest explanation, > consistent with all the techniques used by spammers and there is > absolutely no evidence of anything else. I disagree. I am very confident that these emails are from real people who have received a spam sent with the from address of debian-user, and they are replying to it. They aren't members of the list and they don't realise that the thing they're replying to is a) not the actual sender and b) a mailing list with thousands of people on it. I find that explanation far simpler than the idea that a spammer has decided to send email to debian-user that masquerades as a large number of very confused people who want to stop receiving their email (or, in some cases, are asking for more information about the sexy woman who has contacted them). As such, asking people not to reply to them while being sensible advice for spam in general, in this specific case isn't that helpful as the people who are replying are not subscribed to this list and will never see the advice. As evidence, I have in the past responded to some of these people off-list and they behave as just confused normal people who want the emails to stop. They don't try to sell me anything or entice me to visit any web sites. In fact sometimes they remain so confused that they think I am the spammer and just keep asking me to go away, regardless of what I say. It could be argued that if they are spammers their goal might be to get people to reply, purely to harvest email addresses, but in that case they need not reply to me, yet they do reply, in the style of a normal, confused person. Also there are much simpler ways to harvest valid email addresses, e.g. the archives of this list. I don't find any other explanation simpler than that one, and it's testable by replying to them. We know that spammers forge from addresses, so just imagine the consequences of a spam run that had debian-user as its from address, and you will conclude that it would play out exactly as we see here. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: RE : ... blah lbah blah ... spam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Aug 06, 2017 at 10:35:56PM +1000, Zenaan Harkness wrote: > Seems there's a fair bit of responding to what is evidently spam, so > perhaps it's been a while since an old-hand explained these ropes: The person having responded "stop" to that mail is most probably *not* on the mailing list. Either write them directly (which most of the time won't help) or just report the thing itself as spam. The way I guess that works is: some random victim (in this case colette.chaillou76) receives the spam, which contains also a Cc: to debian-user@ (or whatever high volume list). This person hits "reply all", requesting the spam to stop (not all will do it, but a probability greater than zero pays off for the spammer). The Cc may well be spoofed, so that we don't even see the original mail. Or that gets caught in the list's spam filter. Think bounce spam with a human interface in the middle. If you want to harangue somebody, then it'd be the sender directly. In the current case, better try French :-) Cheers - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlmHLM4ACgkQBcgs9XrR2kZgLQCbBzzEMdAUqaVA838Ov4loNebd DCsAn3sOvkkdezspSmxgeqCT6mkdNVn8 =AJ/e -END PGP SIGNATURE-
Re: RE : ... blah lbah blah ... spam
Le nonidi 19 thermidor, an CCXXV, Thomas Schmitt a écrit : > This theory does not explain why it is so focused on debian-user, > where it is very unlikely to find a receptive audience. Debian's are part of the few tech mailing-lists that I know that are not moderated for posts by non-users. > Further, if this spam shall sneak through spam filters, why does nearly > all of it bear that peculiar URL domain ? Because that is the URL that the spammer wants to advertise, of course. > But i prefer the idea that there is some reason behind this and we are > the public test area for something more insidious. Enjoy your conspiracy theories. Regards, -- Nicolas George signature.asc Description: Digital signature
Re: RE : ... blah lbah blah ... spam
Hi, Nicolas George wrote: > Well, I have never seen any hint of that kind of feature. As for sprit of our days: https://techcrunch.com/2017/05/17/google-brings-smart-replies-to-gmail-on-ios-and-android/ https://www.theverge.com/2017/7/26/16000562/easilydo-edison-mail-app-email-smart-reply-security-new-name But i found none yet which would combine this with a dummy text generator. > Your Occam's razor is definitely blunted. Can it be yours is a two-handed sword ? > These mails are spams > masquerading as legitimate answers to bypass automated filters and catch > the reader's attention, nothing more. This theory does not explain why it is so focused on debian-user, where it is very unlikely to find a receptive audience. Further, if this spam shall sneak through spam filters, why does nearly all of it bear that peculiar URL domain ? > That is the simplest explanation, You may get to a less easily refutable theory by saying that somebody simply wants to annoy us. (By using painfully dull means. So evil.) But i prefer the idea that there is some reason behind this and we are the public test area for something more insidious. Have a nice day :) Thomas
Re: RE : ... blah lbah blah ... spam
Le nonidi 19 thermidor, an CCXXV, Thomas Schmitt a écrit : > No. But it would match the spirit of our days and it would explain > why we see erratic replies to slimy but quite redundant originals. Well, I have never seen any hint of that kind of feature. Therefore, until somebody produces evidence they exist, I suggest to stop wasting time speculating about them. > Also, many of the replies bear the signatures of mobile devices which > are most probably smarter than their owners. > So we might deal with semi-AIs who do not yet understand the concept > behind big balloons and their meaning to male cro-magnons. > (They may contact me in private so i can explain about our heritage > as rampant sea squirts juveniles.) Your Occam's razor is definitely blunted. These mails are spams masquerading as legitimate answers to bypass automated filters and catch the reader's attention, nothing more. That is the simplest explanation, consistent with all the techniques used by spammers and there is absolutely no evidence of anything else. Regards, -- Nicolas George signature.asc Description: Digital signature
Re: RE : ... blah lbah blah ... spam
Hi, Nicolas George wrote: > Do you have any evidence that this kind of button exists? No. But it would match the spirit of our days and it would explain why we see erratic replies to slimy but quite redundant originals. Also, many of the replies bear the signatures of mobile devices which are most probably smarter than their owners. So we might deal with semi-AIs who do not yet understand the concept behind big balloons and their meaning to male cro-magnons. (They may contact me in private so i can explain about our heritage as rampant sea squirts juveniles.) Have a nice day :) Thomas
Re: RE : ... blah lbah blah ... spam
Le nonidi 19 thermidor, an CCXXV, Thomas Schmitt a écrit : > Open question is whether there are > humans who press a Go-Away button on their smart phones or whether these > replies are part of the spam scheme. Do you have any evidence that this kind of button exists? Regards, -- Nicolas George signature.asc Description: Digital signature
Re: RE : ... blah lbah blah ... spam
Hi, Zenaan Harkness wrote: > - Debian's lists are very well spam-protected Not that well, given that this strange stuff gets through since weeks although it could be easily recognized by the peculiar URL, which you quoted, too. > - The one or two that get through, is incredibly low in volume! No mail of this pattern gets through on any mailing list where i am subscribed. It seems to be a unique annoyance here on debian-user. > - Actually responding to such spam emails, e.g. "stop", "what do > you mean?" etc etc, The responses do not stem from list subscribers. It is quite clear that most replies are boiler plate texts. Open question is whether there are humans who press a Go-Away button on their smart phones or whether these replies are part of the spam scheme. After all, none of the alleged original mails went through the list. We only see alleged replies. Cindy-Sue Causey wrote: > these episodes seem more prominent immediately following major releases Interesting observation, indeed. Stretch was announced june 17. I became curious on juli 8. The oldest message i inspected in the archives was of juli 4: https://lists.debian.org/debian-user/2017/07/msg00235.html My mail of juli 8 https://lists.debian.org/debian-user/2017/07/msg00511.html received a few replies with various theories why this might happen. Since yesterday the spam drizzle seems to increase again. Have a nice day :) Thomas
Re: RE : ... blah lbah blah ... spam
On 8/6/17, Zenaan Harknesswrote: > Seems there's a fair bit of responding to what is evidently spam, so > perhaps it's been a while since an old-hand explained these ropes: > > < snipped to get straight to the targeted point > > > - Actually responding to such spam emails, e.g. "stop", "what do >you mean?" etc etc, actually identifies both your personal email >address as someone likely to respond to such emails, AND that >their spamming of this particular email list is to some extent >successful, thus further motivating the spammers to spam more. It has been my observation over time that the responses may very well be real, but they come across more as part of the overall program to disrupt. Additionally, their mere presence adds a gloomy air of *expressed* discontentment to the list's *permanent* archives A further, highly unscientific observation is that these episodes seem more prominent immediately following major releases... Just thinking out loud... not totally unlike I've done over on another list a couple years ago during a very similar outbreak there and then. :) Happy Debian'ing! Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with duct tape *
Re: RE : ... blah lbah blah ... spam
Seems there's a fair bit of responding to what is evidently spam, so perhaps it's been a while since an old-hand explained these ropes: - Debian's lists are very well spam-protected - the (extremely) few spam emails that gets through, are incredibly low in volume, compared to what a friend of mine who runs a public-facing ISP SMTP server, faces in a daily basis - in his case literally 10s of thousands of spam emails, except that certain RTBL/RBLs and other mechanisms are used - The one or two that get through, is incredibly low in volume! - Those one or two that get through, are still spam - they are not real people making an honest mistake. It is the effectiveness of Debian's spam-filtering, shielding us from the true (incredible) volume of actual spam, that allows us the luxury to imagine that inane rubbish emails could potentially be someone genuine. - Actually responding to such spam emails, e.g. "stop", "what do you mean?" etc etc, actually identifies both your personal email address as someone likely to respond to such emails, AND that their spamming of this particular email list is to some extent successful, thus further motivating the spammers to spam more. In the face of the above facts, it is, in almost all cases, in our collective interests to not respond to such emails. Very similarly, it is in almost all cases in our collective interest to neither respond to those who respond to such emails (of course I hope this response ultimately reduces, rather than adds to, the resultant noise level). Finally, the incredible effectiveness of the Debian listmasters and their spam-filtering efforts, is in fact something we might be both appreciative of, and proud of (notwithstanding any personal gripes against unrelated Debian's free Code of Conduct swinging community approach which some conscientious individuals might be taken to disagree with... ). :) Have a great day y'all, and please, remember to bottom post to keep the flow dude, keep the flow :) On Sun, Aug 06, 2017 at 12:36:04PM +0200, colette.chaillou76 wrote: > Stop > > > Envoyé de mon Galaxy model_name Orange Message d'origine De : > Clemence AliemDate : 06/08/2017 11:13 (GMT+01:00) À : > debian-user@lists.debian.org Objet : Je présume que je ne suis pas trop ton > type – qui aimerait une fille avec de gros ballons… Clemence > > > Bon, peut-être que tu aimerais les voir pour me répondre sur ça > http://bit.ly/2vBXTKq