We actually have several rules that leverage non-disclosed recipient
emailing from gmail, and while there could be someone who simply puts
all the recipients in the bcc, and forgets to put in a to or cc, but if
you add another element to that, it is enough to hard block.
Example, that spammer that likes to put his messages in AFTER the
signature block..
Or, messages that appear to be directed at a single person, you would
not expect that not to have a disclosed recipient..
One of these days, will have to post how much we hard block from gmail.
But yeah, a bitcoin wallet address to undisclosed recipients, you would
think Gmail would be able to stop that.
Unfortunately, there is no commercial pressure on gmail to prevent
outbound spam ;)
On 2023-01-11 15:38, Mary via mailop wrote:
Typical gmail spam. They have been around for many years, google isn't able to
stop them.
If you look at their headers, you'll notice that almost all of them have the same To:
header as "undisclosed recipients" or pointing back to another gmail address.
These characteristics make them very easy to block. Many many years ago, I came up with
the following spamassassin rule to block them all and has been effective at blocking all
of them:
header __SPAM_GMAILG1 From =~ /\@(?:google|g)mail\.com\b/i
header __SPAM_GMAILG2 To =~ /undisclosed/i
header __SPAM_GMAILG3 To =~ /recipients/i
header __SPAM_GMAILG4 To =~ /\@gmail\.com/i
meta SPAM_GMAILG5 (__SPAM_GMAILG1 && (__SPAM_GMAILG2 ||
__SPAM_GMAILG3 || __SPAM_GMAILG4))
score SPAM_GMAILG5 15.0
describe SPAM_GMAILG5 Gmail spam (gmailg)
One warning: I've never seen legitimate emails from gmail with To: "undisclosed
recipients" but if you happen to have such emails then the above rule won't be of
help and will cause a lot of pain.
On Thu, 12 Jan 2023 00:08:12 +0100 Bjoern Franke via mailop <[email protected]>
wrote:
Hi,
recently some users on my private server get masses of Bitcoin spam from
Gmail.
Subjects like "Get__your__transaction__0.7495__BTC" with attached PDFs,
which contain an image with a link on the first page, and then pages of
nonsense like "And what about the intruder? Arthur, you know Mad-Eye,
said Mr. Diggory's head, rolling its eyes again. Someone creeping into
his yard in the dead of night? ..."
Senders like [email protected] don't sound like hijacked
accounts, but like especially created users for spamming.
Maybe Google could create some awareness for this type of users.
Best Regards
Bjoern
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
