Greetings all! Since yesterday NWR-Hist mailing list is getting different spam emails. All of them was held automatically and users were blocked afterwards but the number of this mails doesnt't look good: we've got 6 so far, and one of them was literal scam mail pretending to be some Wikimedia staff mail about spam problem (but with fake lookalike address). Do I have to do something except that I've done already? Or should I notice someone in WMF?
Hi,
On 12/19/21 2:13 PM, Nikolay Bulykin wrote:
Greetings all! Since yesterday NWR-Hist mailing list is getting different spam emails. All of them was held automatically and users were blocked afterwards but the number of this mails doesnt't look good: we've got 6 so far, and one of them was literal scam mail pretending to be some Wikimedia staff mail about spam problem (but with fake lookalike address). Do I have to do something except that I've done already? Or should I notice someone in WMF?
Unfortunately these kind of spam mails are pretty common. Most larger lists are configured to reject or discard emails from addresses not subscribed to the list, rather than holding them.
If someone is impersonating WMF staff, we can globally block the address, but usually it's some LTA/troll who quickly moves onto a new throwaway address.
If you notice any common patterns in the spam, like a common domain or something else, we can try to set up global filters on that basis.
-- Kunal
listadmins@lists.wikimedia.org