I just received the email below as spam via wikimania-l@lists.wikimedia.org. However the email is clearly not sent via the mailing list as it is lacking the footer and subject and also am I not subscribed to that lists. It does however appear to be sent via the Wikimedia mail servers:
Delivered-To: bryan.tongminh@gmail.com Received: by 10.86.50.6 with SMTP id x6cs272598fgx; Sun, 16 Mar 2008 08:16:54 -0700 (PDT) Received: by 10.78.179.12 with SMTP id b12mr38227454huf.61.1205680613232; Sun, 16 Mar 2008 08:16:53 -0700 (PDT) Return-Path: mailman-bounces@lists.wikimedia.org Received: from lists.wikimedia.org (lists.wikimedia.org [91.198.174.5]) by mx.google.com with ESMTP id z40si14358886ikz.4.2008.03.16.08.16.52; Sun, 16 Mar 2008 08:16:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of mailman-bounces@lists.wikimedia.org designates 91.198.174.5 as permitted sender) client-ip=91.198.174.5; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of mailman-bounces@lists.wikimedia.org designates 91.198.174.5 as permitted sender) smtp.mail=mailman-bounces@lists.wikimedia.org Received: from localhost ([127.0.0.1]:60535 helo=lily.knams.wikimedia.org) by lily.knams.wikimedia.org with esmtp (Exim 4.63) (envelope-from mailman-bounces@lists.wikimedia.org) id 1JaubS-00049V-RN; Sun, 16 Mar 2008 15:16:52 +0000 Received: from [88.228.143.104] (port=1611 helo=localhost) by lily.knams.wikimedia.org with smtp (Exim 4.63) (envelope-from kvbzdlz@rentalsite.net) id 1JaubB-0003xM-JV; Sun, 16 Mar 2008 15:16:47 +0000 Message-Id: <3199094_@TLZ8679880_@TLZ> Date: Sun, 16 Mar 2008 08:15:53 -0800 X-Mailer: Talisma Mail Version 5.0 X-Mobile: Nokia 3D Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: wikimania-l@lists.wikimedia.org From: "cortney" kvbzdlz@rentalsite.net Original-recipient: rfc822;wikimania-l@lists.wikimedia.org Subject: is it you? cortney here X-Antivirus: avast! (VPS 080313-0, 13.03.2008), Outbound message X-Antivirus-Status: Clean Sender: mailman-bounces@lists.wikimedia.org Errors-To: mailman-bounces@lists.wikimedia.org X-Spam-Score: 9.0 (+++++++++) X-Spam-Report: Spam detection software, running on the system "lily.knams.wikimedia.org", has identified this incoming email as possible spam. If you have any questions, see the administrator of that system for details. Content analysis details: (9.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 1.9 MSGID_MULTIPLE_AT Message-ID contains multiple '@' characters -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.4 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org -0.7 AWL AWL: From: address is in the auto white-list
Are the Wikimedia mail servers being used as open relay, or am I missing something in the headers?
Bryan
---------- Forwarded message ---------- From: cortney kvbzdlz@rentalsite.net Date: Sun, Mar 16, 2008 at 5:15 PM Subject: is it you? cortney here To: wikimania-l@lists.wikimedia.org
Hi
My name is cortney. I found your email on that dating site. I also love sex on the side. I have a loving partner but he is working 16 hours a day and we have sex only once a week :( If you are interested and wanna see my pictures just email me at ccortney268@golovable.com Don`t reply, use the email above (my boyfriend doesn`t know about that email!)
Bryan Tong Minh wrote:
I just received the email below as spam via wikimania-l@lists.wikimedia.org. However the email is clearly not sent via the mailing list as it is lacking the footer and subject and also am I not subscribed to that lists. It does however appear to be sent via the Wikimedia mail servers:
Quite confusing, I concur. Are you a mailing list moderator/administrator? Mails sent to list admin addresses (like wikimania-l-owner@lists.wikimedia.org) are routed via wikimedia servers, but don't get lists footers. As they spam to many addresses the To: headers doesn't always match with the address from which you're receiving them. I have got mails at an owner address with a different owner mail set in the To:
My personal trick to deal with them is to configure a plus address http://en.wikipedia.org/wiki/E-mail_address#Plus_.28or_Minus.29_addressing at mailman, which is the one sending to my email. I then filter with the Delivered-To: header to a low read priority folder.
Also, obfuscating the addresses at the list page hugely decreases the amount of spam.
On Sun, Mar 16, 2008 at 4:47 PM, Platonides Platonides@gmail.com wrote:
Bryan Tong Minh wrote:
I just received the email below as spam via wikimania-l@lists.wikimedia.org. However the email is clearly not sent via the mailing list as it is lacking the footer and subject and also am I not subscribed to that lists. It does however appear to be sent via the Wikimedia mail servers:
Quite confusing, I concur. Are you a mailing list moderator/administrator? Mails sent to list admin addresses (like wikimania-l-owner@lists.wikimedia.org) are routed via wikimedia servers, but don't get lists footers. As they spam to many addresses the To: headers doesn't always match with the address from which you're receiving them. I have got mails at an owner address with a different owner mail set in the To:
I am a list moderator, but not of wikimania-l. I was made mod of daily-image-l yesterday and today I got <s>two</s> three spam mails. The first one was from aock-en-l@lists.wikimedia.org, the second from wikimania-l and the third one from aock-en-l@lists.wikimedia.org.
When I think about it, it is actually not that strange that the mails come through. The Wikimedia mail servers probably relay all images from and to wikimedia.org addresses, regardless of the originating IP address.
Do other people also receive this spam? Or only other list moderators?
Also, what does the envelope-from header mean?
Received: from [88.228.143.104] (port=1611 helo=localhost) by lily.knams.wikimedia.org with smtp (Exim 4.63) (envelope-from kvbzdlz@rentalsite.net) id 1JaubB-0003xM-JV; Sun, 16 Mar 2008 15:16:47 +0000
Bryan
Bryan Tong Minh wrote:
On Sun, Mar 16, 2008 at 4:47 PM, Platonides Platonides@gmail.com wrote:
Bryan Tong Minh wrote:
I just received the email below as spam via wikimania-l@lists.wikimedia.org. However the email is clearly not sent via the mailing list as it is lacking the footer and subject and also am I not subscribed to that lists. It does however appear to be sent via the Wikimedia mail servers:
Quite confusing, I concur. Are you a mailing list moderator/administrator? Mails sent to list admin addresses (like wikimania-l-owner@lists.wikimedia.org) are routed via wikimedia servers, but don't get lists footers. As they spam to many addresses the To: headers doesn't always match with the address from which you're receiving them. I have got mails at an owner address with a different owner mail set in the To:
I am a list moderator, but not of wikimania-l. I was made mod of daily-image-l yesterday and today I got <s>two</s> three spam mails. The first one was from aock-en-l@lists.wikimedia.org, the second from wikimania-l and the third one from aock-en-l@lists.wikimedia.org.
I checked the logs, and it looks like you received that mail as moderator of daily-image-l indeed. Although not visibile in the headers, the mail actually had a large number of lists as recipients, both list addresses and -owner aliases.
When I think about it, it is actually not that strange that the mails come through. The Wikimedia mail servers probably relay all images from and to wikimedia.org addresses, regardless of the originating IP address.
No, they certainly don't.
On Sun, Mar 16, 2008 at 7:39 PM, Mark Bergsma mark@wikimedia.org wrote:
Bryan Tong Minh wrote:
On Sun, Mar 16, 2008 at 4:47 PM, Platonides Platonides@gmail.com wrote:
Bryan Tong Minh wrote:
I just received the email below as spam via wikimania-l@lists.wikimedia.org. However the email is clearly not sent via the mailing list as it is lacking the footer and subject and also am I not subscribed to that lists. It does however appear to be sent via the Wikimedia mail servers:
Quite confusing, I concur. Are you a mailing list moderator/administrator? Mails sent to list admin addresses (like wikimania-l-owner@lists.wikimedia.org) are routed via wikimedia servers, but don't get lists footers. As they spam to many addresses the To: headers doesn't always match with the address from which you're receiving them. I have got mails at an owner address with a different owner mail set in the To:
I am a list moderator, but not of wikimania-l. I was made mod of daily-image-l yesterday and today I got <s>two</s> three spam mails. The first one was from aock-en-l@lists.wikimedia.org, the second from wikimania-l and the third one from aock-en-l@lists.wikimedia.org.
I checked the logs, and it looks like you received that mail as moderator of daily-image-l indeed. Although not visibile in the headers, the mail actually had a large number of lists as recipients, both list addresses and -owner aliases.
When I think about it, it is actually not that strange that the mails come through. The Wikimedia mail servers probably relay all images from and to wikimedia.org addresses, regardless of the originating IP address.
No, they certainly don't.
-- Mark Bergsma mark@wikimedia.org System & Network Administrator, Wikimedia Foundation
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Ok, thanks for the clarification :)
Bryan
wikitech-l@lists.wikimedia.org