Last modified: 2014-08-15 02:57:58 UTC
Please blacklist the domain, we're getting sick of these messages. Sure, mailman could be smarter at understanding who's the true sender, we could use the DKIM info better, convince badoo to save our lists as we did with LinkedIn or whatever, but this looks more efficient. Example: Received: by 10.15.81.194 with SMTP id x42csp124269eey; Mon, 11 Mar 2013 12:07:48 -0700 (PDT) X-Received: by 10.49.117.33 with SMTP id kb1mr20761785qeb.46.1363028867758; Mon, 11 Mar 2013 12:07:47 -0700 (PDT) Return-Path: <wikiit-l-bounces@lists.wikimedia.org> Received: from lists.wikimedia.org ([2620:0:861:1::2]) by mx.google.com with ESMTP id ep2si7304928qeb.18.2013.03.11.12.07.31; Mon, 11 Mar 2013 12:07:47 -0700 (PDT) Received-SPF: neutral (google.com: 2620:0:861:1::2 is neither permitted nor denied by best guess record for domain of wikiit-l-bounces@lists.wikimedia.org) client-ip=2620:0:861:1::2; Authentication-Results: mx.google.com; spf=neutral (google.com: 2620:0:861:1::2 is neither permitted nor denied by best guess record for domain of wikiit-l-bounces@lists.wikimedia.org) smtp.mail=wikiit-l-bounces@lists.wikimedia.org; dkim=neutral (body hash did not verify) header.i=@badoo.com Received: from localhost ([::1]:13283 helo=sodium.wikimedia.org) by sodium.wikimedia.org with esmtp (Exim 4.71) (envelope-from <wikiit-l-bounces@lists.wikimedia.org>) id 1UF84H-0001RG-S3; Mon, 11 Mar 2013 19:07:30 +0000 Message-Id: <E1UF84H-0001RG-S3@sodium.wikimedia.org> Received: from cluster1040.monopost.com ([159.253.178.66]:38379) by sodium.wikimedia.org with esmtp (Exim 4.71) (envelope-from <noreply+392367567@badoo.com>) id 1UF84D-0001QV-9m for wikiit-l@lists.wikimedia.org; Mon, 11 Mar 2013 19:07:28 +0000 Received: from scripts31.mlan (scripts31.mlan [10.10.126.32]) by cluster1040.monopost.com (Postfix) with SMTP id 14962FD2D0AD for <wikiit-l@lists.wikimedia.org>; Mon, 11 Mar 2013 19:07:23 +0000 (UTC) X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 cluster1040.monopost.com 14962FD2D0AD DomainKey-Signature: a=rsa-sha1; s=m23uiy45; d=badoo.com; c=nofws; q=dns; b=heOOXBpSBmhehdks3+4zdMMckfYhw3zHL8kce2/n+3KhDoTtPnMAJN3DzWKo9XLcE 0p/Wo5ZflMAjU74J6wbYWAAJ0tqNGLJiiZ6Wc4u1y4Jlm2ICw342f8jks3ORqTeiFKK FeXS3sRuY98OrzP0kFsYSJxzG8heGCdwHZzP/dc= X-DKIM: Sendmail DKIM Filter v2.7.2 cluster1040.monopost.com 14962FD2D0AD DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=badoo.com; s=m23uiy45; t=1363028843; bh=o8HYo0/QZeQwh18fka3V24m9DNlAlik+SgUD6i spcK4=; h=Date:To:MIME-Version:List-Unsubscribe:Content-Type:From: Reply-to:Subject; b=FiPmcWh2sIKr6x+VYQDWo8mtSIbeA/vUwgYuIJ6tAlRbSh z14lJde0B/JljjV5nSvblDBhK45Rzelu5sLrS1DWvdT1EyTcYP4eAwkbBIaxVYwPbD7 L/DF7DP2BizLuiQcTAnOAwKEyLBAvNKIE6mpzfL7jyQXTGVHEgZtVsdbkg= Received: by scripts31.mlan (sSMTP sendmail emulation); Mon, 11 Mar 2013 19:07:23 +0000 Date: Mon, 11 Mar 2013 19:07:23 +0000 To: wikiit-l@lists.wikimedia.org MIME-Version: 1.0 X-campaignid: badoo 008.63.1.110313190721 From: Badoo <noreply+392367567@badoo.com> X-Content-Filtered-By: Mailman/MimeDel 2.1.13 Subject: [WikiIT-l] =?utf-8?q?=E2=98=85_Wikiit_L=2C_Hai_ricevuto_un_messag?= =?utf-8?q?gio_da_Paolo?= X-BeenThere: wikiit-l@lists.wikimedia.org X-Mailman-Version: 2.1.13 Precedence: list Reply-To: silviolanducci@yahoo.it, Discussioni su Wikipedia in italiano / Italian Wikipedia discussion <wikiit-l@lists.wikimedia.org> List-Id: Discussioni su Wikipedia in italiano / Italian Wikipedia discussion <wikiit-l.lists.wikimedia.org> List-Unsubscribe: <https://lists.wikimedia.org/mailman/options/wikiit-l>, <mailto:wikiit-l-request@lists.wikimedia.org?subject=unsubscribe> List-Archive: <http://lists.wikimedia.org/pipermail/wikiit-l> List-Post: <mailto:wikiit-l@lists.wikimedia.org> List-Help: <mailto:wikiit-l-request@lists.wikimedia.org?subject=help> List-Subscribe: <https://lists.wikimedia.org/mailman/listinfo/wikiit-l>, <mailto:wikiit-l-request@lists.wikimedia.org?subject=subscribe> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: wikiit-l-bounces@lists.wikimedia.org Errors-To: wikiit-l-bounces@lists.wikimedia.org X-Spam-Score: 2.4 (++) X-Spam-Report: Spam detection software, running on the system "sodium.wikimedia.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hai ricevuto un messaggio da Paolo Il mittente di questo messaggio e il suo contenuto saranno visibili solo a te. Per scoprire che cosa c'è scritto nel messaggio e per rispondere subito, segui questo link: http://eu1.badoo.com/0315489781/in/toUBaWoLTx4/?lang_id=8&g=57&m=63&mid=513e2b690000000000080000014e98690000359a012a [...] Content analysis details: (2.4 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [159.253.178.66 listed in list.dnswl.org] 2.4 DNS_FROM_AHBL_RHSBL RBL: Envelope sender listed in dnsbl.ahbl.org -0.0 SPF_PASS SPF: sender matches SPF record 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
By the way, as we strip the Sender header ("feature" removed in mailman 2.1.14 or 3.0, but we're at 2.1.13 https://bugs.launchpad.net/mailman/+bug/266824 ), the Reply-To is the only way to know who's the responsible list subscriber, and some lists overwrite the Reply-To as well.
(In reply to comment #0) > Sure, mailman could be smarter at understanding who's the true sender [...] But they don't want to, see upstream report: https://bugs.launchpad.net/mailman/+bug/1154004/comments/1 (we could change our config, though).
Current bug summary: Blacklist badoo.com globally (★ fake emails and other spam) Why is there a star there?
(In reply to comment #3) > Why is there a star there? It's the character in their summaries by which I immediately spot their spam in my email...
see this part of what you pasted above: X-Spam-Score: 2.4 (++) X-Spam-Report: Spam detection software, running on the system "sodium.wikimedia.org", has identified this incoming email as possible spam. <-- so it has already been scanned by our servers and given a spam score and identified as spam. And mailman list admins can filter on that spam score in the headers. You can do that in the list web ui. http://www.gnu.org/software/mailman/mailman-admin/node24.html and http://www.washington.edu/itconnect/email/mailman/faqs.html#spam
Yes I know this, but I said "globally" for a reason. If you think that rejecting all messages with X-Spam-Score >= 2.4 on all lists is the solution, fine.
It's up to list admins to decide which spam score is their threshhold and what they want to block. I really don't want to get into global blocks if avoidable in any way and i think that is the case with list admins being able to do that. Mailman stuff really needs to be decentralized. If we do this once we'll get a ton of follow-ups for blocking other domains, removing domains for false positives etc.
We only had LinkedIn, Badoo and perhaps Twoo (?) spamming many lists. LinkedIn was solved centrally too, contacting LinkedIn. We have hundreds of lists...
(In reply to comment #8) > LinkedIn was solved centrally too, contacting LinkedIn. Does not sound like a blacklist "solution" then? Does that mean that contacting Badoo (and Twoo?) could also be sufficient instead of blacklisting on our side?
(In reply to comment #9) > (In reply to comment #8) > > LinkedIn was solved centrally too, contacting LinkedIn. > > Does not sound like a blacklist "solution" then? Does that mean that > contacting > Badoo (and Twoo?) could also be sufficient instead of blacklisting on our > side? No, we're not aware of such a possibility. They're more pirate-like.