Tuesday, 22. February 2005
PermaLink Spam from Gmail
Something I hoped never to see:

Gmail spam

Spam has been disguised to hide the true sender and nature of the content but I will say this:
  1. Spam uses UTF-8 and quoted printable encoding and mixes english and russian content.
  2. Spam was not sent via the Gmail web interface but via an anonymous POP/SMTP MUA (no X-Mailer header)
  3. Spam has a valid Gmail DomainKeys signature
  4. Spam was delivered by a Google IP with valid rDNS in gmail.com
  5. Victim is a "nadine" spamtrap - it is a local address that has never been used for a real user, but because it is so popular with spammers has been set up as a mail-in - this address only gets spam

Reported via spamcop and direct to Gmail abuse. Now holding breath. Is this the beginning of the end or a one off?

See also:
SpamCop lists Gmail
GSpam? - Part 2
Gmail, spam and blacklisting (this article explains the Gmail/Spamcop problem fully)



Category: GMail
Technorati:

Comments :

1. Eric Parsons22/02/2005 16:49:24
Homepage: http://www.startingblockcomputing.com


As to #4 -- Valid rDNS? Surely not. Might start a trend, you know.

And when have you heard of a "one off" with Spam in the same breath?

One question though: did the message have the authenticated information in the source? I thought GMail put the IP and the username in.



2. Chris Linfoot22/02/2005 17:23:18


I thought GMail put the IP and the username in.

No it doesn't. There are 4 received headers with the DomainKeys signature in the middle of them. The last of these (the top one reading the message source) is the one written by my receiving MTA and the others were all written by Gmail as the message traversed its intranet. None of these other headers lists either the originating public IP or the authenticated user.



3. Coward11/05/2007 15:10:24


Spam from gmail accounts is now ramping up quickly - they aparently take a very slow approach to stopping spammers, as well as protect them by hiding sender IP addresses, so it's now getting widely abused.

Half of all my spam today is from googles servers...



4. Chris Linfoot11/05/2007 15:37:17


Hi Noel Coward. Send me a few samples by email please, complete with headers.



5. Michael Ho30/05/2007 13:35:08
Homepage: http://www.belle-aurore.com/mike/


Gmail not only hide the IP, they refuse to give it up when asked. As a result I've moved to a whitelist for gmail and googlemail. All non-whitelisted mail is plonked.

http://www.belle-aurore.com/mike/comments.php?id=182_0_1_0_C



Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
IPv6
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Contact Me
email - Chris Linfoot
skypeme
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info


My Amazon wish list Wishlist


Wikio - Top Blogs - Technology
Like what I do?
Then please consider a donation to support the work of Research Autism.

Idea Jam
Planet Lotus
Dilbert