Pigdin.im |AdIQuity Mobile Ads: Proposal

Ethan Blanton elb at pidgin.im
Wed Jul 4 17:01:50 EDT 2012 

auto59872302 spake unto us the following wisdom:
> > I already put this guy in the spam filters, he won't be making it
> > through again.  There's no need, in general, to reply to the list to
> > "deal with" spam.  If you notice a high level of leakage, let a Pidgin
> > developer know so we can deal with it --- but note that almost all of
> > the "list" spam I get doesn't actually pass through lists on its way
> > to my inbox.  I believe spammers put list addresses in the To/Cc, but
> > send the mail directly, to try to defeat spam filters.  You can
> > determine if a spam actually passed through the list (as this one did)
> > by consulting the headers.
> 
> Ethan, sorry for any inconvenience I may have caused you. That was far
> from my intentions, I assure you. I will follow your advice about
> handing them in the future. But I have a question about one point in
> your instructions. So that I can recognize it better, would you explain
> this differently:

It's not an inconvenience to me, specifically, it's just added noise
on the list.  You're far from the first to do it, which is why I made
a list announcement about it.

> > "... all of
> > the "list" spam I get doesn't actually pass through lists on its way
> > to my inbox.  I believe spammers put list addresses in the To/Cc, but
> > send the mail directly, to try to defeat spam filters..."
> 
> I am not following your meaning there. Thanks.

I'm simply saying that, before someone starts sending me (or another
Pidgin developer) email saying "I got spam off the Pidgin support
list!", it's good to verify that that's actually what happened.  The
To: and Cc: fields on an email are not actually how the email servers
determine where to send the message.  They're largely cosmetic.  This
means that a user can construct a message that says:

    To: support at pidgin.im
    Subject: Free Nigerian Prince Money

    Dear beloved, it has come to my attention that you are probably
    very, very stupid and I would like to give you money, in the sense
    that I hope you will give me money.  Please go directly to Western
    Union and wire a not at all suspicious amount of money to Nigeria.
    As I am a prince in Nigeria, when I see this money I will
    understand that you are a wise individual in your stupidity and
    give you my massive fortunes so that you can keep them for no
    reason at all.  In this manner we shall both become rich.

    Prince "Moneybags" Dinga

They then tell the *mail server* to send this message to
elb at pidgin.im, in the hopes that I will receive it as spam, because my
mail filters "know" that support at pidgin.im is a legitimate list from
which I receive all kinds of emails.

So ... you want to look at the mail headers, and see if it actually
passed through a mailing list, before telling a mail server admin that
their list is spamming.  You can do this by checking the Received-By:
headers, as well as looking for mailing list headers such as
X-Been-There: or List-Id:.  These can also be spoofed, of course, but
as there's little point in doing so, spammers generally don't bother.

Ethan

More information about the Support mailing list