spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gregorie <mar...@gregorie.org>
Subject Re: Spam from Googlegroups (rfc-ignorant)
Date Thu, 07 Jul 2011 12:18:33 GMT
On Tue, 2011-07-05 at 12:07 +0200, Michelle Konzack wrote:

> But the second link in the INVITE message which should point to an Abuse
> Form is working only, if you have an Google-Account to log in.  AND,  it
> is required, that you write the Abuse Complain from the E-Mail which was
> abused...
> 
OK, that catches me out too. Today I got the first of these messages
I've seen and, since it was fresh in my mind, I wrote a rule:

#
# Spamiferous Google Groups invitations
#
describe MG_GGROUPINV Unwanted invitation to join a Google Group
header   __MG_GGH1    From =~ /noreply\@googlegroups\.com/
header   __MG_GGH2    Subject =~ /^Google Groups:/
uri      __MG_GGY     /yahoo\.com/
body     __MG_GGRP    /the [a-z]{1,20}\d{1,6} group/
meta     MG_GGROUPINV (__MG_GGH1 && __MG_GGH2 && __MG_GGY && __MG_GGRP)
score    MG_GGROUPINV 8.5

This triggers on the message I received and the one Michelle posted. It
doesn't touch anything else in my spam test collection. It should be
fairly fast since most of its target regions in the message are short,
and even the body text containing the URI is pretty concise. I think it
will be hard to fool since everything it matches is standard Google
boiler plate and URIs apart from the Yahoo domain reference, which was
probably auto-generated from the address the spammer used to trigger the
invitation-spam.

Its an unspecific rule, in that it will trigger on any GG invitation
mail coming from Yahoo, but I don't care because I don't use Google
Groups, know very few Yahoo clients and think its a vanishingly small
chance that a Yahoo user would invite me to join a GG I'd be interested
in. However, ymmv.  


Martin



Mime
View raw message