Keyserver spam example

MFPA expires2010 at ymail.com
Fri Jun 11 02:16:21 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 10 June 2010 at 6:04:37 PM, in
<mid:201006101904.37296.mailinglisten at hauke-laging.de>, Hauke Laging
wrote:


> Am Donnerstag 10 Juni 2010 18:39:25 schrieb Jameson
> Rollins:
>> Speaking of spam, I'm getting more spam from some sort of automated
>> ticketing system that seems to be subscribed to this list that I ever
>> have from a keyserver.  The mail seems to come from:

>> secure.mpcustomer.com

>> and it often sets the From: to be from someone else.

Whenever I post to this list these days I get one of their
auto-replies, and they always spoof the from address to whatever I had
in the "to" field of my message to the list.


>> This is totally uncool.  Is there a list moderator
>> that can permanently ban anything From this address
>> from the list?

It comes straight to my address (not via the list) shortly after after
I post to this list. It seems somebody subscribed to GnuPG-users is
forwarding all their list mail immediately to that ticketing system.



> I asked them what this is about several days ago.

Asked who? secure.mpcustomer.com?

I tried contacting them a cvouple of weeks back but both the
postmaster@ and abuse@ addresses bounce with "host mail.mpcustomer.com
[208.43.138.199]: 550 No such person at this address"



> This ticket system does NOT send its replies via this
> list (it couldn't) but sends it directly to you. So
> taking "their" email address off this list is probably
> all our list admin could do.

I'm assured the ticketing system is not subscribed to this list.



> These guys seem not no be of the very clever kind as
> they see from which mailserver they get the unwanted
> emails so that IMHO they could have solved that with
> that MTA's admin or could have blocked that MTA.

They don't even have the "required" postmaster at domain and abuse at domain
email addresses operating; they possibly also don't communicate with
the admins of other servers.



> It would help to know when this has started – in case
> that the registration timestamp is stored.

I first noticed it around the beginning of May.


> If not then
> it may be possible to send a few test mails, to half of
> the left possible addresses in order to find out which
> address causes these replies.

I guess somebody with a list of the addresses subscribed to this list
could find out by sending a test message to each member in turn until
the auto-reply is tripped, then ask that person to stop forwarding and
delete them if they don't. Or one message to everybody with a
customised subject line for each. Alternatively, those of us who are
fed up with the messages could simply filter them out ourselves. (-;


- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

Ballerinas are always on their toes.  We need taller ballerinas!
-----BEGIN PGP SIGNATURE-----

iQCVAwUBTBGAaqipC46tDG5pAQq75wQAxWA5v8lUjdxCz9ToZ/yS+HUIYMfIOHQ6
706KlZCzICTDjiO3WYb+CbO8dzS1uVXBL9V2v9EZIJoA/ndpksLYT6vcBfhOE65y
qya9frJiQfZRqUrQ8VK24U4FeQEMAzSYlRHaLfE5eNiIT2UmNGOgrCP+eA8xTZ12
9dcNLoqvzv8=
=Wgx8
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list