Re: Keyserver spam example
On 6/10/2010 8:16 PM, MFPA wrote: > Whenever I post to this list these days I get one of their > auto-replies, and they always spoof the from address to whatever I had > in the "to" field of my message to the list. [lots of discussion deleted] I think it's safe to say the list moderators are now well aware of what's going on, and how many people are bothered by it. Let's table this discussion for a week and see what the list moderators do. If they don't do anything, then let's re-open this can of worms. Otherwise, let's just keep cool and let the list mods do what they're best at. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 10 June 2010 at 6:04:37 PM, in , Hauke Laging wrote: > Am Donnerstag 10 Juni 2010 18:39:25 schrieb Jameson > Rollins: >> Speaking of spam, I'm getting more spam from some sort of automated >> ticketing system that seems to be subscribed to this list that I ever >> have from a keyserver. The mail seems to come from: >> secure.mpcustomer.com >> and it often sets the From: to be from someone else. Whenever I post to this list these days I get one of their auto-replies, and they always spoof the from address to whatever I had in the "to" field of my message to the list. >> This is totally uncool. Is there a list moderator >> that can permanently ban anything From this address >> from the list? It comes straight to my address (not via the list) shortly after after I post to this list. It seems somebody subscribed to GnuPG-users is forwarding all their list mail immediately to that ticketing system. > I asked them what this is about several days ago. Asked who? secure.mpcustomer.com? I tried contacting them a cvouple of weeks back but both the postmaster@ and abuse@ addresses bounce with "host mail.mpcustomer.com [208.43.138.199]: 550 No such person at this address" > This ticket system does NOT send its replies via this > list (it couldn't) but sends it directly to you. So > taking "their" email address off this list is probably > all our list admin could do. I'm assured the ticketing system is not subscribed to this list. > These guys seem not no be of the very clever kind as > they see from which mailserver they get the unwanted > emails so that IMHO they could have solved that with > that MTA's admin or could have blocked that MTA. They don't even have the "required" postmas...@domain and ab...@domain email addresses operating; they possibly also don't communicate with the admins of other servers. > It would help to know when this has started – in case > that the registration timestamp is stored. I first noticed it around the beginning of May. > If not then > it may be possible to send a few test mails, to half of > the left possible addresses in order to find out which > address causes these replies. I guess somebody with a list of the addresses subscribed to this list could find out by sending a test message to each member in turn until the auto-reply is tripped, then ask that person to stop forwarding and delete them if they don't. Or one message to everybody with a customised subject line for each. Alternatively, those of us who are fed up with the messages could simply filter them out ourselves. (-; - -- Best regards MFPAmailto:expires2...@ymail.com Ballerinas are always on their toes. We need taller ballerinas! -BEGIN PGP SIGNATURE- iQCVAwUBTBGAaqipC46tDG5pAQq75wQAxWA5v8lUjdxCz9ToZ/yS+HUIYMfIOHQ6 706KlZCzICTDjiO3WYb+CbO8dzS1uVXBL9V2v9EZIJoA/ndpksLYT6vcBfhOE65y qya9frJiQfZRqUrQ8VK24U4FeQEMAzSYlRHaLfE5eNiIT2UmNGOgrCP+eA8xTZ12 9dcNLoqvzv8= =Wgx8 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
On -10/01/37 20:59, Joke de Buhr wrote: > You do not sacrifice legitimate incoming mail because there is an RFC that > clearly states mailservers do not operate from dynamic IP addresses. > Therefore > they can not be considered valid. Which RFC would this be? I could not find the word "dynamic" in RFC 2822 (proposed standard) or RFC 5322 (draft standard, obsoletes 2822). The most basic mailserver, AFAIK, only has to comply to this standard to be acceptable as a mailserver operating in the real world. A Google search also did not help finding this standard. It also begs the question how to define "a dynamic IP" in a manner worthy of an RFC wanting to be a standard, which was one of the reasons I wanted to find the RFC you mention. Meanwhile, in the real world, people do not always comply to all RFC's. If you define "legitimate mail" as "mail you'd like to receive" or "not spam" or something similar, you will lose legitimate mail. These days my mail server is on a static IP (on a consumer connection). With a previous ISP, this was not possible, and my mail server had a dynamic IP. I happily sent legitimate mail to my contacts from it. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt (new, larger key created on Nov 12, 2009) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
Am Donnerstag 10 Juni 2010 18:39:25 schrieb Jameson Rollins: > Speaking of spam, I'm getting more spam from some sort of automated > ticketing system that seems to be subscribed to this list that I ever > have from a keyserver. The mail seems to come from: > > secure.mpcustomer.com > > and it often sets the From: to be from someone else. This is totally > uncool. Is there a list moderator that can permanently ban anything > From this address from the list? I asked them what this is about several days ago. They told me that some ... had registered one ore more email addresses at several mailing lists and now they got all these emails. Sounds like an address with changed forwarding target after registration. Impossible to protect against that for a list owner I guess. This ticket system does NOT send its replies via this list (it couldn't) but sends it directly to you. So taking "their" email address off this list is probably all our list admin could do. These guys seem not no be of the very clever kind as they see from which mailserver they get the unwanted emails so that IMHO they could have solved that with that MTA's admin or could have blocked that MTA. It would help to know when this has started – in case that the registration timestamp is stored. If not then it may be possible to send a few test mails, to half of the left possible addresses in order to find out which address causes these replies. CU Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
Speaking of spam, I'm getting more spam from some sort of automated ticketing system that seems to be subscribed to this list that I ever have from a keyserver. The mail seems to come from: secure.mpcustomer.com and it often sets the From: to be from someone else. This is totally uncool. Is there a list moderator that can permanently ban anything From this address from the list? jamie. pgpEw3WpEL7zu.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 10 June 2010 at 4:57:50 PM, in , Joke de Buhr wrote: > One of the addresses of my key is totally unprotected > against spam. Nothing is blocked or scanned there. And > it doesn't get any spam at all. Fair enough. > As far as I know you cannot do a search like "2010" on > keyserver webinterfaces to get recently created keys. You get keys with "2010" in the user-id. About half of those returned by pgp.mit.edu have a 2010 creation date... > You do not sacrifice legitimate incoming mail because > there is an RFC that clearly states mailservers do not > operate from dynamic IP addresses. Therefore they can > not be considered valid. Plenty of people send mail using server software on their own computer, particularly those who move around and connect to the internet via a plethora of different ISPs and WiFi locations. That doesn't make it "correct". But being sent from an RFC-ignorant server does not make a message spam or illegitimate or invalid. It just makes it slightly more suspect. - -- Best regards MFPAmailto:expires2...@ymail.com Pain is inevitable, but misery is optional. -BEGIN PGP SIGNATURE- iQCVAwUBTBET16ipC46tDG5pAQopSQQAizSSLXxshROsQRoY4tHFpzo/vTAlt55/ lAZVRyOMJuoxAXkAK30y6DZhTEwufclGKcvXLGXv/3ir/wjF1ovJhkRjeT37IUPz JjOjXIFHaay+yyWV/mNyPunDWkUk57C3EePsjeMlHo4NkKCm77MjxAdcHZL2ipnH dY45QC0iBsc= =ldxc -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[OT] spam avoidance via IP-based filtering at the MTA [was: Re: Keyserver spam example]
On 06/10/2010 11:57 AM, Joke de Buhr wrote: > You do not sacrifice legitimate incoming mail because there is an RFC that > clearly states mailservers do not operate from dynamic IP addresses. > Therefore > they can not be considered valid. Please cite this RFC. All IP addresses are "dynamic" in some sense -- you cannot guarantee that the same organization or entity will control them in a few years' time. This is now sufficiently off-topic for gnupg-users, so i'm not going to reply on this thread anymore. Regards, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
On Thu, 10 Jun 2010 11:32:05 -0400, Daniel Kahn Gillmor wrote: > And i should probably add that it is indeed an infinitesimal drop in the > bucket compared to the other spam i receive; i'm not concerned about it. Not to mention that the bother of a couple of extra spams is completely dwarfed by the benefit of having the public keyserver network. jamie. pgprdXT59QKSN.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
On Thursday 10 June 2010 17:29:18 MFPA wrote: > Hi > > > On Thursday 10 June 2010 at 3:35:34 PM, in > > , Joke de Buhr wrote: > > I've never gotten any keyserver related spam so far and > > my public keys with a valid mail address were published > > year ago. > > In order to *know* you have never received any keyserver-related spam, > I take it the valid address on the key you published has never > received any spam at all. One of the addresses of my key is totally unprotected against spam. Nothing is blocked or scanned there. And it doesn't get any spam at all. > I have a key with a valid (but unused) address that I published as a > test three months ago. Since the address has never been used at all > for any purpose, anybody using that address could only have got it > from a keyserver. So far it has received no incoming messages at all. > > I have another key on the servers that shows a genuine address and has > been there at least 18 months. I do use that address, but not for > mailing lists, groups, etc. Spam typically comes in at the rate of > about two or three messages a month. I have no reason to suspect the > spammers harvested the address from a keyserver, but no way of knowing > they didn't. > > David's example with the spammer saying where they got the address is > very unusual, to say the least. > > > I think it's more likely you will get spam because you > > are posting to a mailing list which does have a html > > archive (liks this one). > > No comment on probabilities, but I should have thought going to the > web interface of a keyserver and searching on "2010" (for example) > would be a more efficient place to harvest email addresses than > trawling through mailing list archives. As far as I know you cannot do a search like "2010" on keyserver webinterfaces to get recently created keys. > > > If you want to get rid of most spam, just filter > > everything sent from dynamic ip addresses and you're > > fine. > > Only if you consider sacrificing some legitimate incoming mail to be > "fine." You do not sacrifice legitimate incoming mail because there is an RFC that clearly states mailservers do not operate from dynamic IP addresses. Therefore they can not be considered valid. signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
Am Donnerstag 10 Juni 2010 16:00:18 schrieb David Shaw: > Periodically there is a discussion on this list about whether having your > key on a keyserver will result in more spam. My feeling on this is that > you might get more spam, but it's a drop in the bucket compared to the > usual onslaught that streams in daily. But that is the wrong argument. The correct argument is about the key server share of spam in a world in which nearly everyone has a public key. Of course, in that world signatures may be used to prevent spam. So the problem is mainly the mean time. If you have an email address then you get spam. That is a reliable rule. But people cannot decide not to have an email address, that is virtually impossible. But people CAN decide not to have a public key (on key servers). In my opinion we should see three important aspects: 1) The situation will change if PGP becomes more common (what we want). 2) This is not only about spam but about the protection of privacy. It is inacceptable that everyone can easily check who is in contact with whom via the clear text addresses and the web of trust. It was mentioned here that this can even be dangerous for people who get suppressed by their government. 3) Big parts of the problem are easy to solve. Don't export clear text names or addresses any more but their hash only. Store those clear texts seperately from the keys like the trustdb file. Apropos hash, if I may "advertise" one of my proposals (no relation to PGP)... I think that it makes sense to make more use of hashes, visible to the user. Using this for the protection of names and addresses in gpg could be a guide for other applications (solving other problems, though). This could even be used for a "new" security mechanism (see the end of the document). For the part of the audience which can read German: http://www.hauke-laging.de/ideen/diktierhilfehash/ And for the rest: The more or less great result of the Google translator... ;-) http://translate.google.de/translate?js=y&prev=_t&hl=de&ie=UTF-8&layout=1&eotf=1&u=http%3A%2F%2Fwww.hauke- laging.de%2Fideen%2Fdiktierhilfehash%2Findex_1_2.html&sl=de&tl=en CU Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
Hi Joke-- On 06/10/2010 11:22 AM, Joke de Buhr wrote: > I never said this particular spam message was not caused by someone scanning > the keyserver. I only stated it isn't that common and never happened to me. > > The chance someone harvesting your email address through keyserver scanning > is > less common than harvesting archives of mailing lists. This is exactly what David said in his initial e-mail, yet your replies in this thread come off as though you are arguing with or dismissing his observation. For the record, i also got spammed with a similar message to the one David quoted; i don't remember which keyserver was indicated as the source, though. And i should probably add that it is indeed an infinitesimal drop in the bucket compared to the other spam i receive; i'm not concerned about it. --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 10 June 2010 at 3:35:34 PM, in , Joke de Buhr wrote: > I've never gotten any keyserver related spam so far and > my public keys with a valid mail address were published > year ago. In order to *know* you have never received any keyserver-related spam, I take it the valid address on the key you published has never received any spam at all. I have a key with a valid (but unused) address that I published as a test three months ago. Since the address has never been used at all for any purpose, anybody using that address could only have got it from a keyserver. So far it has received no incoming messages at all. I have another key on the servers that shows a genuine address and has been there at least 18 months. I do use that address, but not for mailing lists, groups, etc. Spam typically comes in at the rate of about two or three messages a month. I have no reason to suspect the spammers harvested the address from a keyserver, but no way of knowing they didn't. David's example with the spammer saying where they got the address is very unusual, to say the least. > I think it's more likely you will get spam because you > are posting to a mailing list which does have a html > archive (liks this one). No comment on probabilities, but I should have thought going to the web interface of a keyserver and searching on "2010" (for example) would be a more efficient place to harvest email addresses than trawling through mailing list archives. > If you want to get rid of most spam, just filter > everything sent from dynamic ip addresses and you're > fine. Only if you consider sacrificing some legitimate incoming mail to be "fine." - -- Best regards MFPAmailto:expires2...@ymail.com There is no job so simple that it cannot be done wrong -BEGIN PGP SIGNATURE- iQCVAwUBTBEExqipC46tDG5pAQpJcQQAiip5avz//ftrN9jlY1v0rppjyTo4c9Mg kmP0uGH+T4RFY4iCn9zt2p+TllYFrUp10cQae3g3tk7EG/d0QGoqps9QSQS2tkiP /O38HFJ+/snJ6uNT6bxnaFfMBmKQfVZzmhYFt/rYEfF2/zRZuOZabUkUyEhIHZ5I BLtFsgletuo= =WpLL -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
I never said this particular spam message was not caused by someone scanning the keyserver. I only stated it isn't that common and never happened to me. The chance someone harvesting your email address through keyserver scanning is less common than harvesting archives of mailing lists. Keyservers have a large number of abandoned public keys with inactive email addresses. Whereas scanning trough a recent mailing list history will provide fresh addresses which are very likely to be working. On Thursday 10 June 2010 16:56:28 David Shaw wrote: > > On Thursday 10 June 2010 16:00:18 David Shaw wrote: > >> Hi everyone, > >> > >> Periodically there is a discussion on this list about whether having > >> your key on a keyserver will result in more spam. My feeling on this > >> is that you might get more spam, but it's a drop in the bucket compared > >> to the usual onslaught that streams in daily. > >> > >> That being said, I just got my first piece of spam that was definitely > >> caused by presence on a keyserver: > >> > >> Begin forwarded message: > >>> From: "Stephen Lee" > >>> Date: May 26, 2010 2:17:27 AM EDT > >>> To: ds...@jabberwocky.com > >>> Subject: enquiry : wwwkeys.ch.pgp.net:11371 > >>> Reply-To: "Stephen Lee" > >>> > >>> > >>> We found your contact Email address from wwwkeys.ch.pgp.net:11371 > >>> My name is Stephen and I come from China, Hong Kong. > >> > >> (spam contents snipped - it goes on to offer to sell me LCD screens for > >> my "retail store, shop, boutique or any public area") > > On Jun 10, 2010, at 10:35 AM, Joke de Buhr wrote: > > I've never gotten any keyserver related spam so far and my public keys > > with a valid mail address were published year ago. > > > > I think it's more likely you will get spam because you are posting to a > > mailing list which does have a html archive (liks this one). > > Please read the spam I quoted above: "We found your contact Email address > from wwwkeys.ch.pgp.net:11371". > > When the spammer takes the time to tell me he crawled my address from a > keyserver, and is even kind enough to tell me which one, I'm inclined to > believe him. > > David signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
> On Thursday 10 June 2010 16:00:18 David Shaw wrote: >> Hi everyone, >> >> Periodically there is a discussion on this list about whether having your >> key on a keyserver will result in more spam. My feeling on this is that >> you might get more spam, but it's a drop in the bucket compared to the >> usual onslaught that streams in daily. >> >> That being said, I just got my first piece of spam that was definitely >> caused by presence on a keyserver: >> >> Begin forwarded message: >>> From: "Stephen Lee" >>> Date: May 26, 2010 2:17:27 AM EDT >>> To: ds...@jabberwocky.com >>> Subject: enquiry : wwwkeys.ch.pgp.net:11371 >>> Reply-To: "Stephen Lee" >>> >>> >>> We found your contact Email address from wwwkeys.ch.pgp.net:11371 >>> My name is Stephen and I come from China, Hong Kong. >> >> (spam contents snipped - it goes on to offer to sell me LCD screens for my >> "retail store, shop, boutique or any public area") On Jun 10, 2010, at 10:35 AM, Joke de Buhr wrote: > I've never gotten any keyserver related spam so far and my public keys with a > valid mail address were published year ago. > > I think it's more likely you will get spam because you are posting to a > mailing list which does have a html archive (liks this one). Please read the spam I quoted above: "We found your contact Email address from wwwkeys.ch.pgp.net:11371". When the spammer takes the time to tell me he crawled my address from a keyserver, and is even kind enough to tell me which one, I'm inclined to believe him. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver spam example
I've never gotten any keyserver related spam so far and my public keys with a valid mail address were published year ago. I think it's more likely you will get spam because you are posting to a mailing list which does have a html archive (liks this one). If you want to get rid of most spam, just filter everything sent from dynamic ip addresses and you're fine. On Thursday 10 June 2010 16:00:18 David Shaw wrote: > Hi everyone, > > Periodically there is a discussion on this list about whether having your > key on a keyserver will result in more spam. My feeling on this is that > you might get more spam, but it's a drop in the bucket compared to the > usual onslaught that streams in daily. > > That being said, I just got my first piece of spam that was definitely > caused by presence on a keyserver: > > Begin forwarded message: > > From: "Stephen Lee" > > Date: May 26, 2010 2:17:27 AM EDT > > To: ds...@jabberwocky.com > > Subject: enquiry : wwwkeys.ch.pgp.net:11371 > > Reply-To: "Stephen Lee" > > > > > > We found your contact Email address from wwwkeys.ch.pgp.net:11371 > > My name is Stephen and I come from China, Hong Kong. > > (spam contents snipped - it goes on to offer to sell me LCD screens for my > "retail store, shop, boutique or any public area") > > David signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Keyserver spam example
Hi everyone, Periodically there is a discussion on this list about whether having your key on a keyserver will result in more spam. My feeling on this is that you might get more spam, but it's a drop in the bucket compared to the usual onslaught that streams in daily. That being said, I just got my first piece of spam that was definitely caused by presence on a keyserver: Begin forwarded message: > From: "Stephen Lee" > Date: May 26, 2010 2:17:27 AM EDT > To: ds...@jabberwocky.com > Subject: enquiry : wwwkeys.ch.pgp.net:11371 > Reply-To: "Stephen Lee" > > > We found your contact Email address from wwwkeys.ch.pgp.net:11371 > My name is Stephen and I come from China, Hong Kong. > (spam contents snipped - it goes on to offer to sell me LCD screens for my "retail store, shop, boutique or any public area") David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users