Subject: [Tweeters] Requesting guidance regarding the continuing problem with sex oriented emails that began with the Tweeters Breach.
Date: Tue Aug 17 09:43:30 PDT 2021
From: dgrainger at birdsbydave.com - dgrainger at birdsbydave.com



Please review my comments, copied below, on this topic. The bottom line
is that there is very little that can be done about it other than
getting a robust Spam blocker such as Spam Assassin, and most
importantly, stop using the "free" email providers such as Gmail.. Here
are my comments; they were written after a dialogue with ELC and a lot
of analysis of the sources of the offensive spam:

From: dgrainger at birdsbydave.com
Subject: Re: [Tweeters] spam
Date: February 2, 2021 at 11:40:52 AM PST
To: [blanked out in this copy]

Unfortunately, you are not [the only one]. I have done a lot of
investigation and analysis of the spam that has been afflicting Tweeters
members, and have given ELC a lot of information and suggestions on how
to reduce it, but there is no 100% way to stop it. My examination of
the "source headers" on fifty of these massages reveals a couple of
common threads between them. First, nearly all of the originating
addresses are spoofed GMail accounts taken from stolen address books at
Google. The second thing is that a percentage of these are related
either in content or the way they are constructed to adult social media
sites. Third is that most are constructed in such a way as to evade
detection by anti-spam software, hence they have to be directly added to
spam filters at the consumer level, where possible. Many have a lot of
apparently blank space in the body of the message; that usually isn't
really blank, as the perpetrators have created HTML with the same color
for text as for background (white on white) so that it cannot be seen.
That may also include a PDF file which itself has a Javascript embedded
which cannot be seen, but is where the payload of malicious code is
enclosed.

Here is a link to Google's fraud office which will give you a way to
report to them. https://support.google.com/mail/contact/abuse?hl=en

I have provided them with a list 150 addresses long that were
originators of some of this spam, being careful not to point to a victim
of spoofing / faked use of an address.

One of the other problems with attempting to stop this stuff is that
spammers open GMail addresses full of random letters and numbers, use
that address as sender for a short time, then abandon it. Thus, using a
spam filter that looks only for sender address would not be able to keep
up.

I would consider switching away from GMail, Hotmail, AOL, or any of
those free e-mail providers because they are targeted by hackers, have
had massive thefts of address books. If your address is in someone
else's address book at GMail, and that address book is stolen, you are
right back into the spammer's clutches.

Small ISP's tend to have much more successful spam blocker software at
the server side. I have three email addresses, only one of which has
been getting this stuff; that address is hosted at the ISP that also
hosts my website, and does not have the robust filtration as does my
other two accounts.

[the above response was originally sent in January to the sender of the
following Tweeters posting:]

On 2021-01-14 10:26, [name blanked out] wrote:
problem with spam replies. Am I the only one?
_______________________________________________
Tweeters mailing list
Tweeters at u.washington.edu
http://mailman11.u.washington.edu/mailman/listinfo/tweeters







On 2021-08-17 08:36, Teresa Michelsen wrote:

> Most spamblockers or junk folders have a way to mark a certain person

> as allowed through - called a whitelist (as opposed to a blacklist).

> Yours may be called something different but it essentially bypasses

> the spam evaluation that sends it to that folder.

>

> Teresa Michelsen

> Hoodsport

>

> -----Original Message-----

> From: Karen Wosilait <karen.w.mobile at gmail.com>

> Sent: Tuesday, August 17, 2021 8:26 AM

> To: Teresa Michelsen <teresa at avocetconsulting.com>

> Cc: Dan Reiff <dan.owl.reiff at gmail.com>; tweeters at uw.edu

> Subject: Re: [Tweeters] Requesting guidance regarding the continuing

> problem with sex oriented emails that began with the Tweeters Breach.

>

> I'm not sure what is meant by "whitelist" in this context. I haven't

> been having the issue with explicit emails, but I hadn't noticed

> anything from Blair. He was in my contacts, but there were a number of

> emails from him in my junk folder. I added him to VIPs…maybe that will

> help?

>

> Karen Wosilait

> Seattle, WA

> karen.w.mobile at gmail.com

>

>> On Aug 17, 2021, at 7:39 AM, Teresa Michelsen

>> <teresa at avocetconsulting.com> wrote:

>>

>> If they have a consistent subject line or certain words or phrases

>> that would not be in normal e-mail, you can block them using the

>> subject line instead of the e-mail address - at least most blockers

>> allow this. Or you may need to install a more sophisticated spam

>> blocker that can use AI to identify spam. In the meantime, put the

>> people who are going into your spam on your "whitelist" and they will

>> get through in the future. You may still have to check for a while.

>>

>> I can tell you that I have never seen one of these, because

>> Microsoft's 365 default spam blocker is catching them. Occasionally I

>> do still have to rescue someone from the spam folder. If you are not

>> using 365 (and there are lots of good reasons not to) I would

>> recommend SpamBully. It can take a few adjustments but will take a lot

>> of the pain out of your life!

>>

>> Teresa Michelsen

>> Hoodsport

>>

>> -----Original Message-----

>> From: Tweeters <tweeters-bounces at mailman11.u.washington.edu> On Behalf

>> Of Dan Reiff

>> Sent: Tuesday, August 17, 2021 1:31 AM

>> To: Tweeters <tweeters at uw.edu>

>> Subject: [Tweeters] Requesting guidance regarding the continuing

>> problem with sex oriented emails that began with the Tweeters Breach.

>>

>> Hello Tweeters,

>>

>> I had never experienced receiving sexually-oriented email until the

>> Tweeters breach. At first I received them as a response to sending any

>> email to Tweeters. Others reported the same.

>>

>> I kept deleting them or sending them to junk mail, hoping I would stop

>> receiving them. Almost all of the 500+ I have received are now going

>> directly to junk mail.

>> Often 5-6 a day.

>> I do not open them, but I look in junk mail for real tweeters

>> postings.

>>

>> The emails to Tweeters by BB, Ellen, Gary, and several others go

>> directly to Junk mail and I value and don't want to miss- the

>> information they share.

>>

>> Each time I look for their emails to Tweeters, I find another 5-6

>> unwanted sexually oriented "offers".

>>

>> I would value any guidance anyone can offer me so that I can block

>> them. Receiving them is very annoying! How have others dealt with this

>> Tweeters breach?

>>

>> Thank you,

>> Dan Reiff

>> MI

>>

>> Sent from my iPhone

>> _______________________________________________

>> Tweeters mailing list

>> Tweeters at u.washington.edu

>> http://mailman11.u.washington.edu/mailman/listinfo/tweeters

>> _______________________________________________

>> Tweeters mailing list

>> Tweeters at u.washington.edu

>> http://mailman11.u.washington.edu/mailman/listinfo/tweeters

> _______________________________________________

> Tweeters mailing list

> Tweeters at u.washington.edu

> http://mailman11.u.washington.edu/mailman/listinfo/tweeters