Re: You have a new notification from avijitshe...@gmail.com. View?
On Dec 1, 2014, at 12:42 AM, Dave Horsfall wrote: When were spammers allowed on this list? Certainly we don't want spammers on the list. That's why we require subscribing to the list before posting is allowed. As far as I know this has been successful in keeping spam away. This is the first I've heard of spam getting through. I did not receive the spam to which you are replying; I guess my mail server's spam filter caught it. For the moment I assume the subscribed individual is a real person interested in MacPorts -- they have sent real messages to the list before, e.g. https://lists.macosforge.org/pipermail/macports-users/2013-July/033037.html I assume that a spammer obtained their email address and their address book and is now spamming their contacts. ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
On Dec 1, 2014, at 2:36 AM, Andreas Kusalananda Kähäri wrote: Um, the two addresses avijitshe...@gmail.com i...@info-emailer.com (spammer) and avijitshe...@gmail.com (not spammer) are not the same. Until you mentioned it, I was not aware that the second address you mentioned was involved in this issue. I have not seen the original message, and the copy in our archives does not show the full headers. It only shows the first address. The second address you mentioned is not subscribed to the MacPorts lists. The first is. Upon further investigation, info-emailer / flipora / flip / infoaxe appears to be a phishing site. Clicking on a link in their email apparently causes them to have access to your gmail account, which it then uses to spam your contacts: http://geeksofgotham.com/2012/01/23/flipora-flip-infoaxe-spam/ ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
On Dec 1, 2014, at 3:42 AM, Andreas Kusalananda Kähäri wrote: The spam did not originate nor pass through GMail's servers. It came via mail0.info-emailer.com [174.37.119.125], so no reason to think that the account has been taken over (their address book may be floating around in dark waters though). OK. The spam and spammer isn't really interesting though. I think it's more interesting that it was let through. The list software should do a bit more than a naïve string match against the From: field... I have no reason to believe that that's what the list software does. I don't know what it does though. The software is Mailman, so if anyone wants to investigate and let us know, that would be great. ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
On Mon, 1 Dec 2014, Ryan Schmidt wrote: The second address you mentioned is not subscribed to the MacPorts lists. The first is. Aha... The old trick of steal a subscriber's address, and post to the list using it, thereby spamming the list. I haven't seen that for some years now. Not a lot you can do, short of requiring authentication, as SMTP was never designed with security in mind. Best you can do is run some sort of DNSBL check against posters, so had the malware site been listed then it would've been refused. As it happens, it's listed at a number of sites, but you'd need to balance running a spam-free list against losing subscribers posting from spammy ISPs... -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
On Mon, 1 Dec 2014, Ryan Schmidt wrote: The spam and spammer isn't really interesting though. I think it's more interesting that it was let through. The list software should do a bit more than a naïve string match against the From: field... I have no reason to believe that that's what the list software does. I don't know what it does though. The software is Mailman, so if anyone wants to investigate and let us know, that would be great. It would use either Return-Path: (derived from the envelope), or From: (which as we can see can be forged). I don't have the original message any more, unfortunately, as the only spam I save (yes, really) are those reported to SpamCop. The Subject: probably ought to be changed, as the OP would be feeling a little embarrassed by now... -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there)___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
On Dec 1, 2014, at 4:49 AM, Dave Horsfall d...@horsfall.org wrote: On Mon, 1 Dec 2014, Ryan Schmidt wrote: The second address you mentioned is not subscribed to the MacPorts lists. The first is. Aha... The old trick of steal a subscriber's address, and post to the list using it, thereby spamming the list. I haven't seen that for some years now. Yup. . . . Actually the increase in SPAM started sometime in August or maybe July.l I have been getting a ton of enlargement and similar adds again from icloud.com (mac.com, etc.) - which is my IMAP mail server. Iicloud.com had been clean for quite some time until this summer when I started seeing spam again. I just have assumed that this was an artifact of the fact that Apple's mail system (or maybe Target's or Home Depos's) apparently had a bunch of email addresses grabbed some-how back in the spring or early summer. Yes, the spam is all coming through with valid email addresses. By and large the Yosemite mail client manages to flag them for me -- once I've retrained it for this new round of crap. The important thing here is -- this is all spam which Apple's mail server had previously prevented -- or otherwise flagged, but which is now getting passed that filtering. I do get a lot of stuff hitting my junk box which is configured to trigger off either Apple's mail server's flags or on its own flagging. In the end its one of those things -- SPAM is simply a very efficient (i.e. cost productive) way to obtain money from the great unsuspecting hordes of new users. It's a thing in life that we just have to live with - learn to use the delete key! T.T.F.N. William H. Magill mag...@icloud.com mag...@mac.com whmag...@gmail.com ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
On Mon, Dec 1, 2014 at 4:37 PM, William H. Magill mag...@mac.com wrote: Actually the increase in SPAM started sometime in August or maybe July. A couple months before that, would be when the GameOver ZeuS botnet came back online. There was a significant drop in spam during the months when it was offline --- but it came back with a vengeance. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonadhttp://sinenomine.net ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
Am Montag, 1. Dezember 2014, 16:43:29 schrieb Brandon Allbery: On Mon, Dec 1, 2014 at 4:37 PM, William H. Magill mag...@mac.com wrote: Actually the increase in SPAM started sometime in August or maybe July. In the overall / global / world wide spam outcome there was no significant rising of the overall spam level at that time: http://www.trendmicro.com/us/security-intelligence/current-threat-activity/global-spam-map/ http://securelist.com/tag/spam-statistics/ https://www.spamcop.net/spamgraph.shtml?spamyear So this mean your rising level of (recieved!) spam should have (one or a mix of) the following reasons: - Your Email address got handled over / selled within a spammer email-address package or - grabbed somewhere (i.e. from a Windows users PC ;) from additional spammers - as older and/or widely used a email address is, as more known it is usually to any spammers - Apples algorithms got better tricked by current spammers at that time - fighting spam is a steadily back and forward between spammers and mails ervice providers since Email exists - but even incompetent mail service providers lead to less good filters because they will catched als false positives which leads users to why did my apple address did not recieve mails from that 'sender' while others could recieve it?. So Mail providers have to reopen their filters from time to time a bit to avoid blocking of false positives (which are - at least on a technical level - correct positives...). I.e. the hype around MS Exchange (SBS) and some Exchange security products leaded to many badly driven MXes and MTAs around because nearly every small Windows admin feel capable to run a business quality email service on the public internet while i.e. hardly abusing RFCs. While it is possible to reduce down to 1%-3% of spam it is not possible to filter it completely without the risk of false positives. This affects even big players like Apple or Google too. cheerioh, Niels. -- --- Niels Dettenbach Syndicat IT Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- signature.asc Description: This is a digitally signed message part. ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
When were spammers allowed on this list? -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
First I've heard about this. On Mon, Dec 1, 2014 at 1:42 AM, Dave Horsfall d...@horsfall.org wrote: When were spammers allowed on this list? -- Dave Horsfall DTM (VK2KFU) Bliss is a MacBook with a FreeBSD server. http://www.horsfall.org/spam.html (and check the home page whilst you're there) ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
Re: You have a new notification from avijitshe...@gmail.com. View?
On Mon, Dec 1, 2014 at 1:58 AM, Carlo Tambuatco oraclmas...@gmail.com wrote: First I've heard about this. On Mon, Dec 1, 2014 at 1:42 AM, Dave Horsfall d...@horsfall.org wrote: When were spammers allowed on this list? Just arrived here. :( For the record, keeping spammers off a mailing list is difficult these days. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonadhttp://sinenomine.net ___ macports-users mailing list macports-users@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/macports-users
