You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2008/02/29 13:51:17 UTC
Time to blacklist google.
Ok, google/gmail emails back says 'this didn't come from us because people
are forging our domain'.
Reverse dns shows it google, dkim sig says its google.
Time to blacklist google.
Either google lies or they have been hacked and hackers are spamming through
them. Either case, till google fixes their network and attitude, we should
blacklist them.
SA:
header GOOGLEISBAD received =~ /google\.com/
score GOOGLEISBAD 100
Postfix ACL:
google.com REJECT GOOGLEISBAD
Received: from fg-out-1718.google.com (fg-out-1718.google.com
[72.14.220.156])
by fl.us.spammertrap.net (Postfix) with ESMTP id ABB5C2E11A
for <sc...@secnap.com>; Fri, 29 Feb 2008 02:08:33 -0500 (EST)
Received: by fg-out-1718.google.com with SMTP id 13so2466562fge.45
for <sc...@secnap.com>; Thu, 28 Feb 2008 23:08:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:message-id:date:from:to:subject:mime-version:
content-type:content-transfer-encoding:content-disposition:precedence:x-auto
reply;
bh=sL3vqqwqMdE5yWWphM0o1dUtNuEzLTPRmNUSyn+hD6s=;
b=razzMn3uCoyrvZErxj1Nud67bPfwzrESFSZM+Oo06FGxw00Dhg3wvDn7MCloiNk3eHA7zkNr/u
7LjInJ+LCl1KmHOi1AQENVOaVjt82b6o43N6/hUGivDC3HRSSRi9eYFouvmVufkwzxM9Y/Bvbx9Z
KnyXtB+ofa/k1SjY+tgbY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:date:from:to:subject:mime-version:content-type:content-transfer
-encoding:content-disposition:precedence:x-autoreply;
b=VFo5w/0cZsC3zDwg0h6+rKfTF+UgIcOUinVWWXe1xHzRan7ZkVlYcIrNnjc+KELNRoOyYu8EBg
3/ZgSF+WCoBXyYyipZxpqnr4+wAorfmYth0Kbe4PW4NR//kLL6CvVIRQZ4gkUf/NMccUWBgjRIKB
F43RHr0X34LkhbF9sjYm4=
Received: by 10.86.3.4 with SMTP id 4mr9872622fgc.69.1204268912528;
Thu, 28 Feb 2008 23:08:32 -0800 (PST)
Message-ID: <6b...@mail.gmail.com>
--
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBsd SpamAssassin Ports maintainer
Charter member, ICSA labs anti-spam consortium
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
Re: Time to blacklist google.
Posted by Blaine Fleming <gr...@digital-z.com>.
> If gmail has a problem, then without a doubt, blacklist them until they fix
> it. Seems pretty simple to me.
>
I know that the ISP's I run mail systems for would lose their customers
if they stop getting mail from Google. The customer attitude is that
the provider should take measures to block spam but don't you dare block
a legitimate message for any reason. Of course, every situation is
different. Personally, I'd rather put better filters in place at my end
than expect Google to control it. Same goes for Yahoo and Microsoft.
In theory I think it would be a good idea but just the number of mail
systems required to get the point across is too high to actually happen
soon. Looking at my mail history there is a lot of legitimate mail from
Google and very little spam (so far).
I do miss the days when spam filtering was a luxury and nobody really
needed it. Now I'm running thousands of dollars of hardware to handle
mail that is about 98% spam with a 99.995% successful filtering rate.
--Blaine
Re: Time to blacklist google.
Posted by Gene Heskett <ge...@verizon.net>.
On Friday 29 February 2008, SM wrote:
>The abuse contacts were removed from the Cc to prevent abuse.
>
>At 04:51 29-02-2008, Michael Scheidell wrote:
>>Ok, google/gmail emails back says 'this didn't come from us because people
>>are forging our domain'.
>>
>>Reverse dns shows it google, dkim sig says its google.
>
>If it passes DKIM verification, then it comes from them.
>
>>Time to blacklist google.
>
>The users may complain if you do that.
>
With all due regard for google & all that rot, the one thing they do
understand is when 10m customers suddenly start yelling cuz they can't send
an email. Like many, I have an email account there, but its like taking 2
baskets to gather eggs in, insurance. And I pop it with fetchmail as has
been mentioned on the fedora list just this evening, not by me but as a
recommendation to another who had something googlemail did screw with his way
of doing things.
Should that happen, it will get fixed, take it to the bank.
If gmail has a problem, then without a doubt, blacklist them until they fix
it. Seems pretty simple to me.
>Regards,
>-sm
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Warp 7 -- It's a law we can live with.
Re: Time to blacklist google.
Posted by John Rudd <jr...@ucsc.edu>.
Ralf Hildebrandt wrote:
> * SM <sm...@resistor.net>:
>
>>> Time to blacklist google.
>> The users may complain if you do that.
>
> To abuse@google.com? Problem solved!
>
No. Your users may complain to you that they're unable to receive email
from colleagues/friends/etc. who use google.
Though, depending on your environment, that may not be a problem.
Re: Time to blacklist google.
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* SM <sm...@resistor.net>:
>> Time to blacklist google.
>
> The users may complain if you do that.
To abuse@google.com? Problem solved!
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to snickebo@charite.de
Re: Time to blacklist google.
Posted by SM <sm...@resistor.net>.
The abuse contacts were removed from the Cc to prevent abuse.
At 04:51 29-02-2008, Michael Scheidell wrote:
>Ok, google/gmail emails back says 'this didn't come from us because people
>are forging our domain'.
>
>Reverse dns shows it google, dkim sig says its google.
If it passes DKIM verification, then it comes from them.
>Time to blacklist google.
The users may complain if you do that.
Regards,
-sm
Re: Time to blacklist google.
Posted by Ken A <ka...@pacific.net>.
Michael Scheidell wrote:
> Ok, google/gmail emails back says 'this didn't come from us because people
> are forging our domain'.
>
> Reverse dns shows it google, dkim sig says its google.
> Time to blacklist google.
>
> Either google lies or they have been hacked and hackers are spamming through
> them. Either case, till google fixes their network and attitude, we should
> blacklist them.
>
> SA:
> header GOOGLEISBAD received =~ /google\.com/
> score GOOGLEISBAD 100
>
> Postfix ACL:
> google.com REJECT GOOGLEISBAD
>
>
> Received: from fg-out-1718.google.com (fg-out-1718.google.com
> [72.14.220.156])
> by fl.us.spammertrap.net (Postfix) with ESMTP id ABB5C2E11A
> for <sc...@secnap.com>; Fri, 29 Feb 2008 02:08:33 -0500 (EST)
> Received: by fg-out-1718.google.com with SMTP id 13so2466562fge.45
> for <sc...@secnap.com>; Thu, 28 Feb 2008 23:08:32 -0800 (PST)
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
> d=gmail.com; s=gamma;
>
> h=domainkey-signature:received:message-id:date:from:to:subject:mime-version:
> content-type:content-transfer-encoding:content-disposition:precedence:x-auto
> reply;
> bh=sL3vqqwqMdE5yWWphM0o1dUtNuEzLTPRmNUSyn+hD6s=;
>
> b=razzMn3uCoyrvZErxj1Nud67bPfwzrESFSZM+Oo06FGxw00Dhg3wvDn7MCloiNk3eHA7zkNr/u
> 7LjInJ+LCl1KmHOi1AQENVOaVjt82b6o43N6/hUGivDC3HRSSRi9eYFouvmVufkwzxM9Y/Bvbx9Z
> KnyXtB+ofa/k1SjY+tgbY=
> DomainKey-Signature: a=rsa-sha1; c=nofws;
> d=gmail.com; s=gamma;
>
> h=message-id:date:from:to:subject:mime-version:content-type:content-transfer
> -encoding:content-disposition:precedence:x-autoreply;
>
> b=VFo5w/0cZsC3zDwg0h6+rKfTF+UgIcOUinVWWXe1xHzRan7ZkVlYcIrNnjc+KELNRoOyYu8EBg
> 3/ZgSF+WCoBXyYyipZxpqnr4+wAorfmYth0Kbe4PW4NR//kLL6CvVIRQZ4gkUf/NMccUWBgjRIKB
> F43RHr0X34LkhbF9sjYm4=
> Received: by 10.86.3.4 with SMTP id 4mr9872622fgc.69.1204268912528;
> Thu, 28 Feb 2008 23:08:32 -0800 (PST)
> Message-ID: <6b...@mail.gmail.com>
>
Are there any X- headers?
It's known that the captcha was cracked and that some webmail
auto-responders are being abused.
There might be a better way to ID this mail.
Ken
--
Ken Anderson
Pacific.Net
Re: Time to blacklist google.
Posted by Evan Platt <ev...@espphotography.com>.
At 06:16 AM 2/29/2008, Marc Perkel wrote:
>Some people might think you are over reacting ....
>
>I can only imagine what it would be like trying to control outgoing
>spam at Google.
The problem is Google does nothing.
I've reported dozens of google groups newsgroup spammers. They take
no action. What few spammers they have taken action against, they
have a 'defect' in their system where basically for their blogspot
services, if they cancel a blogspot webpage for someone who spams,
there's nothing to prevent the same person from signing back up and
recreating the blogspot site again.
Yes, I have spam I've reported to them as far back as 2006, with
absolutely no action taken.
I drop all Google Groups posts in my usenet client.
Re: Time to blacklist google.
Posted by Mark Johnson <sa...@astroshapes.com>.
> Michael Scheidell wrote:
>> Ok, google/gmail emails back says 'this didn't come from us because
>> people
>> are forging our domain'.
>>
>> Reverse dns shows it google, dkim sig says its google.
>> Time to blacklist google.
I read an article the other day about the bad people have cracked
gmail's captcha system and are automatically creating gmail accounts
with a success rate of 1 in 5.
http://www.virusbtn.com/news/2008/02_26.xml
--
Mark Johnson
http://www.astroshapes.com/information-technology/blog
Re: Time to blacklist google.
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* Marc Perkel <su...@junkemailfilter.com>:
> Some people might think you are over reacting ....
>
> I can only imagine what it would be like trying to control outgoing spam
> at Google.
Well, there's a difference between:
* we didn't do it (altough evidence says they did)
and
* we're sorry, we're working on it.
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to snickebo@charite.de
Re: Time to blacklist google.
Posted by Marc Perkel <su...@junkemailfilter.com>.
Michael Scheidell wrote:
> Ok, google/gmail emails back says 'this didn't come from us because people
> are forging our domain'.
>
> Reverse dns shows it google, dkim sig says its google.
> Time to blacklist google.
>
> Either google lies or they have been hacked and hackers are spamming through
> them. Either case, till google fixes their network and attitude, we should
> blacklist them.
>
>
Some people might think you are over reacting ....
I can only imagine what it would be like trying to control outgoing spam
at Google.
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3401
Re: Time to blacklist google.
Posted by Ralf Hildebrandt <Ra...@charite.de>.
* Michael Scheidell <sc...@secnap.net>:
> Ok, google/gmail emails back says 'this didn't come from us because people
> are forging our domain'.
>
> Reverse dns shows it google, dkim sig says its google.
> Time to blacklist google.
Yep. That's the whole point of DKIM.
> Either google lies or they have been hacked and hackers are spamming through
> them. Either case, till google fixes their network and attitude, we should
> blacklist them.
>
> SA:
> header GOOGLEISBAD received =~ /google\.com/
> score GOOGLEISBAD 100
>
> Postfix ACL:
> google.com REJECT GOOGLEISBAD
--
Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
IT-Zentrum Standort CBF send no mail to snickebo@charite.de