For what it's worth… I am too receiving such msgid spam. Prompted by this thread, I did some analysis on the origin of these spams. Basically, extracting *camel* > /tmp/spam-msgids.txt sed -i "s/$/@bar>/;s/^/Message-ID: </" /tmp/spam-msgids.txt
Plus a bunch of fgrep -f /tmp/spam-msgids.txt -r . and modifying that file with cut -d: -f 3- /tmp/a | sort -u | sed 's#^M.*#sed -i "s/&/bash\t&/" /tmp/spam-msgids.txt#e' The original emails come from several lists and, I should note, evolution list is *not* the one from which more message-ids were harvested (only three email addresses, they stopped being sent spam on 2017). poc mentioned the possibility that the emails were being harvested from the archives. While GNOME lists don't directly link to a mbox that would be easily findable to a naive email address crawler, I find evidence that some of these spammers are using archives from somewhere rather than subscribing a bot that adds people to the list on real time. For instance, there is the 727451.11377.1.camel "email address", which is a truncation of 1459727451.11377.1.camel sent to a ietf list on April 2016. The "short" email started being used on August *2018* for "investing in your country" scams, and the long one… on December 2018. I find unlikely that someone harvesting email addresses with a subscribed bot would have waited several years before starting to spam. That's not always the case, obviously. A Dec 14 message-id started getting spammed on Jan 1, and already "received" 84 spam mails by now. However, a "sibling" message-id from that same list also started getting spammed on Jan 1, but only a couple mails. (fwiw, the 86 mails are from @qq.com addresses) This can be due to bots prepared for it, or, simply, that certain archive of this list was crawled more often (or at the right time). I would expect that if someone took the (not-that-big) effort of building a subscription bot, he should at least get the email addresses right! It has been interesting to look at these spams, their use of message-ids, given their role as identifiers, allows gathering some interesting information that would not be possible without them stupidly interpreting message-ids as if they were email addresses, and cannot be used with normal addresses, that are generally used in more contexts. In the context of this discussion, I am including the email-like strings [email protected] as well as [email protected] for the 'benefit' of those spambots reading us. :) Best regards _______________________________________________ evolution-list mailing list [email protected] To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-list
