Typical gmail spam. They have been around for many years, google isn't able to stop them.
If you look at their headers, you'll notice that almost all of them have the same To: header as "undisclosed recipients" or pointing back to another gmail address. These characteristics make them very easy to block. Many many years ago, I came up with the following spamassassin rule to block them all and has been effective at blocking all of them: header __SPAM_GMAILG1 From =~ /\@(?:google|g)mail\.com\b/i header __SPAM_GMAILG2 To =~ /undisclosed/i header __SPAM_GMAILG3 To =~ /recipients/i header __SPAM_GMAILG4 To =~ /\@gmail\.com/i meta SPAM_GMAILG5 (__SPAM_GMAILG1 && (__SPAM_GMAILG2 || __SPAM_GMAILG3 || __SPAM_GMAILG4)) score SPAM_GMAILG5 15.0 describe SPAM_GMAILG5 Gmail spam (gmailg) One warning: I've never seen legitimate emails from gmail with To: "undisclosed recipients" but if you happen to have such emails then the above rule won't be of help and will cause a lot of pain. On Thu, 12 Jan 2023 00:08:12 +0100 Bjoern Franke via mailop <[email protected]> wrote: > Hi, > > recently some users on my private server get masses of Bitcoin spam from > Gmail. > > Subjects like "Get__your__transaction__0.7495__BTC" with attached PDFs, > which contain an image with a link on the first page, and then pages of > nonsense like "And what about the intruder? Arthur, you know Mad-Eye, > said Mr. Diggory's head, rolling its eyes again. Someone creeping into > his yard in the dead of night? ..." > > Senders like [email protected] don't sound like hijacked > accounts, but like especially created users for spamming. > > Maybe Google could create some awareness for this type of users. > > Best Regards > Bjoern > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
