Closed Bug 1370957 Opened 7 years ago Closed 3 years ago

Spam autoresponders when writing to dev-l10n, tools-l10n

Categories

(Infrastructure & Operations :: Infrastructure: Mail, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: Mail
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: flod, Unassigned)

Details

Attachments

(6 files)

original_msg.txt
4.96 KB, text/plain
Details
original_msg.txt
4.96 KB, text/plain
Details
message that I got
4.92 KB, text/plain
Details
source_message.rtf
5.42 KB, text/rtf
Details
spam email
334 bytes, text/plain
Details
spam on tools-l10n
4.89 KB, message/rfc822
Details
Attached file original_msg.txt 
We're seeing the same issue as bug 1154650. You can see an example attached here.

I'm a moderator for dev-l10n, checked for the offending email address right after receiving the spam, but it wasn't subscribed to the mailing list.

Name remains the same, address changes
https://groups.google.com/d/msg/mozilla.dev.l10n/txrE9WuzFq0/oDhWGZvvBAAJ

I honestly have no clue how to get rid of this. Apparently other lists (devtools?) are affected.
Assignee: nobody → vhua
Status: NEW → ASSIGNED
Added the following email address to the ban list:

verdieevelyncwc@yahoo.com
macallankelly836@yahoo.com
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Reopening per IRC discussion. Sender's email changes every time, and they're not subscribed to the mailing list, so ban wouldn't work in these cases.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
:flod - I don't see any other options but to block the different senders as they come in.  Per bug 1154650, the sender was a member of the mailing list so I ended up removing it.  This time around I did not find verdieevelyncwc@yahoo.com nor macallankelly836@yahoo.com on the members list.
Status: REOPENED → RESOLVED
Closed: 7 years ago7 years ago
Resolution: --- → WONTFIX
Just wrote to dev-l10n and got yet another spam automated reply, plus another message from a localizer complaining about it because he got one of his own.

Originating address: shemekagrosvenorpkf@yahoo.com

As already explained, the sender changes every single time.

Honestly, marking this as WONTFIX is not acceptable. This is not a problem I want to live with, we should try to understand where these messages come from and figure out how to stop them.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Attached file original_msg.txt 
Here's the last one.

To start, I would really like to understand how they get access to my email address if they're not subscribed to the mailing list.
(In reply to Francesco Lodolo [:flod] from comment #5)
> To start, I would really like to understand how they get access to my email
> address if they're not subscribed to the mailing list.

The only explanation I can think of is someone subscribed to the mailing list, receives the email and replies with a different account off-list. If someone has ideas, I'm all ears.

Does mailman lets you see members in order of subscription?
Component: MOC: Service Requests → Infrastructure: Mail
QA Contact: lypulong → limed
Attached file message that I got 
Same here, here's the source.
Could we send some announcement to every subscribed e-mail address, but with unique ID in the subject, to see, which e-mail it will reply to?
Isn't it possible, that the spambot can be subscribed to the Google group https://groups.google.com/forum/#!forum/mozilla.dev.l10n directly?
(In reply to Michal Stanke (Mozilla.cz) [:MikkCZ] (use needinfo) from comment #8)
> Could we send some announcement to every subscribed e-mail address, but with
> unique ID in the subject, to see, which e-mail it will reply to?

That was my idea and the reason I asked for members in order of subscription. It might not work, but it's worth a shot

(In reply to Michal Stanke (Mozilla.cz) [:MikkCZ] (use needinfo) from comment #9)
> Isn't it possible, that the spambot can be subscribed to the Google group
> https://groups.google.com/forum/#!forum/mozilla.dev.l10n directly?

As far as I see, emails are not visible there.
Assignee: vhua → infra
I've got an email from that "Jessica Scott" half an hour ago. This is the text:

"Hey Michael,
I'm sorry to say i sold this to another guy. But i wont hide where i got it from. I picked up 2 brand new ones for under $70 from qbidsnow.com
It's very easy to win. The trick is to bid only when the counter hits 4 seconds.

Best regards,
Jessica"

The email address is shawndabreedanqra@yahoo.com this time.
Attached file source_message.rtf 
Got an email also right now. See attached for details.
Can add: Jessica Scott <pagechodorovapy@yahoo.com> too the list too
attaching message too
Attached file spam email 

    
  
Summary: Spam autoresponders when writing to dev-l10n → Spam autoresponders when writing to dev-l10n, tools-l10n

    
    

    
  

      
      
      
      

        Attached file
          
        spam on tools-l10n
      

    


  
And this one came after writing to tools-l10n
https://lists.mozilla.org/listinfo/tools-l10n

What needs to happen to figure out what's going on?

    
    

    
  
How does it work? Let's say somebody monitors the list, simply by periodically and anonymously reading the archive[1]. Then, it writes messages to people that have already written to the list. How those users are chosen, that might depend on many factors.

But where does it get the user's actual email address from? Well, it could be from a computer (from a subscribed user) that has been compromised, or from an archive of the list that exposes email addresses. For example, if you ever wrote to firefox-dev, or one of these lists[2] then you only have to go to the archive to get an actual email address. But it might be a lot easier, you just have to create an account in Bugzilla and you'll get to see them too, for reporters, commenters ...

So, one step would be to make sure Mozilla itself does not expose those lists[2] anymore with full addresses. But they have probably been already harvested. There might be other sources though. I don't know if something can be done about Bugzilla.

As I see it, given that I haven't received a single message from Jessica Scott (and I am subscribed and have written to those lists), the spammers are not using directly the subscriber's list. It does looks so, because they use the same subject and write to people that belong to the list. But they are using the names that appear in the list and then (out of band) they get the email addresses from some other source.

If I got it right and that's the case, I think this bug is probably a INVALID. But we might have to create another bug, a tracker for the individual bugs filed for mailing lists, bugzilla and whatever else might be leaking email addresses.

[1] https://groups.google.com/forum/?_escaped_fragment_=forum/mozilla.dev.l10n#!forum/mozilla.dev.l10n
[2] https://mail.mozilla.org/listinfo

    
    

    
  
IMO you're missing a much simpler explanation: someone is subscribed to the list, receives a copy of the emails, and replies with a random address. 

It also doesn't happen on all messages you send to dev-l10n, which makes it harder to figure out.

    
    

    
  
(In reply to Francesco Lodolo [:flod] from comment #17)
> IMO you're missing a much simpler explanation: someone is subscribed to the
> list, receives a copy of the emails, and replies with a random address. 

Yes, agreed it is a lot simpler (though I was thinking of something at a bigger scale, because it doesn't look like l10n- targeted spam).

I'd like to point out that your simpler explanation also points to the invalidity of this particular bug. If you are right, then there's not much we can do about it. Kick the bogus subscriber? (how often? and we'd have to find it first)

> It also doesn't happen on all messages you send to dev-l10n, which makes it
> harder to figure out.

The question is, do we have to figure it out? It's about *private* email with a borrowed subject. Sure, the subject is borrowed from our mailing lists, but we cannot avoid that.

Unless somebody comes up with an scenario where Mozilla can do something to alleviate the problem (like I was proposing), then I think this issue by itself does not deserve a bug.

    
    

    
  
What is the current status of Discourse support for mailing lists? Maybe moving dev-l10n there might solve the issue in case the sender is using the Google Group archive. IIRC the e-mails are not visible on Discourse. :hmitsch may be the right one to ask, what are the capabilities of Discourse here.

    
    

    
  
(In reply to Michal Stanke (Mozilla.cz) [:MikkCZ] (use needinfo) from comment #19)
> What is the current status of Discourse support for mailing lists? 

Is there such a thing? I know Test Pilot moved there, you basically have to subscribe to the section, and that's far from usable or intuitive.

    
    

    
  
(In reply to Michal Stanke (Mozilla.cz) [:MikkCZ] (use needinfo) from comment #19)
> What is the current status of Discourse support for mailing lists?

I would say we're doing pretty well, the feedback from our migration of MDN's mailing lists has been good.

If there's still one or two make-or-break features which would stop dev-l10n and tools-l10n migrating let me know and I'll proritise them.

> IIRC the e-mails are not visible on Discourse.

Yep, that's right, users' email addresses are only visible to admins and mods, so that would solve this problem. We also have very good spam protection generally.

(In reply to Francesco Lodolo [:flod] from comment #20)
> You basically have to subscribe to the section, and that's far from usable or intuitive.

I'm not sure I understand you here - don't you also have to subscribe to the dev-l10n and tools-l10n mailing lists to receive emails from them?

Again, if there's any make or break features you need here, I'm happy to prioritize them. We've been wanting to improve the sign up experience for more mailing list centered users for a while, so any feedback you have would be very helpful.

    
    

    
  
Does Discourse replace the whole mailing list (both mailman on lists.mozilla.org and the Google Groups archive), or can it work together with mailman and replace the Google Groups part only? If the second is possible, we could replace just the archive and live without any change for the people using mailman.

    
    

    
  
There are currently two "IT stacks" for discussion groups (aka forums) at Mozilla:

1.) Mailing lists
This is a complex technology stack allowing synchronization of discussions across newsgroups (NNTP), Mailman (e-mail mailing lists), and Google Groups (web).


2.) Discourse
Discourse allows for discussions using web and email.

Migrating from Mailing lists to Discourse usually means:
* We create the required categories and sub-categories on Discourse
* New discussion posts are submitted on Discourse 
* Old discussion entries can be accessed via the Mailing list archives (either mailman archives or Google Groups)

We do not intend to connect the two stacks. This means that it is not planned to connect Discourse to Mozilla's mailing lists infrastructure.

Hope this answer is helpful?
Best regards,
   Henrik

    
    

    
  
mailman and the nntp gateway has been decom'ed, closing old mail-related bugs.


Sorry this didn't get a particularly satisfying handling.


Status: REOPENED → RESOLVED
Closed: 7 years ago3 years ago
Resolution: --- → INVALID

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: