On Mon, 2009-07-06 at 23:39 -0400, Bill Cole wrote:
The overwhelming majority of mail I am offered by the Gmail outbounds
is spam. Google has played games with how they will accept abuse
reports, giving the appearance of not really wanting them.
This is not our experience, so I was surprised, and had a look over the
last few days. We get a lot of main allegedly from 'gmail.com', but the
vast majority of that is not from gmail.com hosts. As the SPF info
has ?all, these get a NEUTRAL SPF status (and the sources mostly don't
get past Spamhaus). Not many of the messages which get an SPF PASS from
gmail.com are actual spam. And the great majority of the spam are 419
type scams, or other advance fee/financial scams.
[There was one rather nice "you've won a lottery" message sent to a
honeypot address which informed the recipient that they had won
"£2,500,000 (2 million, 5 hundred Great British Pound Starlings)"
That's a lot of rather heavy birds!]
I guess that 419 scammers, unlike most spammers, want a reply to their
message, so send it from an actual account used by an actual person.
A couple of weeks ago, the gmail.com account of someone we deal with was
hacked, and used to send spam. We saw a couple of messages, and one had
several recipients, which were clearly from that user's address book.
So, it was not being used for general spamming, but only to send
messages to those likely to have the sender in their address book, and
so avoid anti-spam measures, I presume.
It is perhaps not surprising that different sites see different
patterns. But we do not see the actual google outbound MTAs (as
indicated by the SPF info for _spf.google.com) as a significant source
of spam.
best regards
David
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg