On 4/19/2022, Hans-Martin Mosner via mailop wrote:
(snip)>
When I detect those in the logs I add the MAIL FROM address to the
known-spammer list, which causes the mail to be rejected earlier in the
SMTP dialogue and seems to stop the retries. Most times I don't care
whether they're retrying repeatedly, though, it costs more of their
resources than mine.
There is a group of spammers that have been on Gmail for months and
using something that shows in the header records as gmailapi.google.com.
Given that it appears that the spammers have a near endless supply of
gmail addresses to send from, I don't know how effective that strategy
might be.
API documentation for defining aliases on the fly;
https://developers.google.com/gmail/api/guides/alias_and_signature_settings
.. I'd suggest anything that shows gmailapi.google.com in the header be
rejected -- at least until Google can get a handle on the abuse.
E.g.;
Received: from .* named unknown by gmailapi.google.com with HTTPREST;
Mon, 18 Apr 2022 16:53:54 -0700
--
SgtChains
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
