3 Jan
2021
3 Jan
'21
11:23 a.m.
On 1/3/21 8:40 AM, Peter Coghlan wrote:
Grant,
Hi Peter,
Do you think it is likely that an email address like
check212014 at gmail.com is used by an actual real person for their
personal email?
I absolutely do.
Multiply the odds of the above by the odds that some
spammer
or other individual of malicious intent has had the capability,
the persistence, tenacity and sheer ill will in them that it would
take to carry out a vendetta against poor old check212014 at gmail.com
for five long years, not to mention that when they only succeeed in
causing check212014 at gmail.com any actual difficulty is on the rare
occasions that their trawl of mail servers of the internet manages
to turn up an actual open mail relay?
I know multiple people that have signed victims up to mailing lists --
many of which were questionable content -- as an attack on said victims.
Pretending to send email from said victims to cause bounces and ire to
be (mis)directed at them seems quite the same to me.
Five years? Sure. Many people will create filters and simply ignore
the messages. As such, it's effectively internet background radiation /
wasted bits.
Whack-a-Mole works when everyone whacks their moles.
When one major
property owner decides they aren't going to whack the moles in their
garden when all the neighbours keep theirs under control, they are
going to end up with all the moles in their lawn. (We don't have
real live moles in the part of the world were I am so please forgive
me if my analogy is not accurate due to my lack of familiarity with
the species.)
I am not a lawyer but it appears to me that check212014 at gmail.com is
doing nothing that violates Google's terms of service for using Gmail,
So ... by your own words, there is nothing that Google should be doing
per their terms of service.
which indicates to me that the terms of service are
flawed because
they allow someone to use Google's infrastructure to scan for open
relays to exploit as spam delivery platforms. As far as I know,
no other email provider allows this.
I've not seen anything in any provider's terms of service that say
anything about what type of email they receive, save for exceedingly few
categories; child porn and illegal activity among the short list.
I have yet to see anybody state that sending an email to an invalid
email address and (potentially) receiving a bounce is illegal.
So, again, no grounds for Google to do anything.
Feel free to try to get Google to change their terms of service.
I don't see how this relates to Google allowing
their services to
be used to test my mail server (and likely thousands of others too)
numerous times over multiple years for being an open relay that could
be exploited to distribute spam.
Are the messages /originating/ from Google / Gmail?
Or are the messages /originating/ from somewhere else and causing the
bounces to go to Google / Gmail?
The former is something Google cares about. The latter quite likely is not.
If you burn a junk (snail) mail, could there be a
security lapse in
your furnace that would cause it to be replicated into a thousand
copies of itself, run up your chimney and distribute itself into
thousands of your neighbours letterboxes? If not, I think you can
rest easy in the knowledge that you are not causing the problem.
The /recipient/ of the messages is *not* the problem. The /source/ of
the messages *is* the problem.
What is done with what is received is independent of the source of the
problem.
Nothing. The problem is with the terms of service.
This is where
the evil is.
See above regarding terms of service.
I feel obliged to try suggestions made in good faith,
if nothing
else just to prove they don't work. I made one general report
regarding the issues with check212014 at gmail.com over the last
five years using the form Mike suggested. Since then, there have
been two further attempts to relay mail through my mail server to
check212014 at gmail.com. I have made two specific reports using the
form Mike suggested, providing all the details I have available to me.
Good for you. Thank you for trying to maintain the high road.
Interestingly, both attempts were made from
37.46.150.239.
Full stop.
37.46.150.239 is *NOT* Google IP address space.
According to WhoIs, that address space belongs to Serverion BV.
So, chances are quite good that your reports to Google are going to be
silently dismissed because the source of the abuse does not originate
from Google resources. If anything, Google's user
is also a victim.
The abuse contact email address for 37.46.150.239
listed in
whois.ripe.net is abuse at serverion.com. I have had reason to send 13
reports of abuse of my systems by various Serverion BV ip addresses to
abuse at serverion.com during December alone. I have had zero response
from them and the abuse from their ip address range continues daily.
Sadly, many companies leave a LOT to be desired when it comes to abuse
handling, especially when the abuse originates from their organization.
If you routinely have problems with Serverion, then I suggest you
consider blocking them.
Guess who handles the mail service for abuse at
serverion.com?
Who enables Serverion BV to drop abuse reports in the bitbucket
more likely. That's right, Google mail services. Why is this not
a surprise to me?
Who handles Serverion's incoming email has exceedingly little to with
who's responsible for traffic originating from Serverion's network.
Regards,
Likewise.
--
Grant. . . .
unix || die