Encrypted Spam via your mailing list
Is it normal that I now even receive encrpyted spam to a mailing list of yours, who was (as far as I see, never shared online, and the address is not too obvious)?
Some headers:
From: ******@schleuder.nadir.org
Sender: ******-bounce@schleuder.nadir.org
To: *******@*****
Message-ID: <5a634d5ede207_3a7b8c32f040274@schleuder.mail>
In-Reply-To:
References:
Subject: =?UTF-8?Q?Re:[1]_******@mail.ru_Business_offer_/?=
=?UTF-8?Q?_=D0=91=D0=B8=D0=B7=D0=BD=D0=B5=D1=81?=
=?UTF-8?Q?_=D0=BF=D1=80=D0=B5=D0=B4=D0=BB=D0=BE=D0=B6=D0=B5=D0=BD=D0=B8=D0=B5?=
Mime-Version: 1.0
Content-Type: multipart/encrypted;
boundary="--==_mimepart_5a634d5f25fe0_3a7b8c32f04059e";
protocol="application/pgp-encrypted"
Content-Transfer-Encoding: 7bit
List-Id: <******.schleuder.nadir.org>
List-Owner: <mailto:******-owner@schleuder.nadir.org> (Use list's public
key)
List-Help: <https://schleuder.nadir.org/>
List-Post: <mailto:******@schleuder.nadir.org>
I can send you the complete mail, if you not, but probably you also find them in your inbox/on your server.
Okay, I just saw that I accidentally published the address in mail dumps at #193 (comment 108640). I've deleted the comment, so it is not so easy to find again…
So questions, which I'd ask here:
- How did the spammer got the mail? (Probably though the dumps, but do they really parse .eml files…? Well, probably, yes.) Or was this spam manually sent? (I doubt so.)
- Does Schleuder offer any built-in spam protection? Or can addons extend it, you can use it with your existing spam protection tech, etc.?
- AFAIK the "invite process" was kinda complex. At least quite complex for a spammer, IMHO, so I doubt they followed that process? Can they just sent mails at a list without being member of the list? Can one limit this?
- Did the spammer also sent the mail encrypted or did you encryot it for them? For the ladder, would not it be good to only accept already encrypted mails? (not only for spam reasons, but also for security reasons)
- Any other ideas to protect against that? That's the very first time, I've got encrypted spam, so…
😂 (And naturally, it circumvented all other spam filters…)