I have been getting a weird spam via someone/some bot on a mailing list I run via Mailman hosted at Sonic.
Every post is identical:
I was waiting until another one came in so I could look at the headers from the moderation section. Unfortunately, there is nothing obvious. I checked all the names and none of the keywords in the names are in my subscriber list.
Here are the headers from the one that came today (redacted for the name/address of the legit person whose post is quoted):
Note that it happens on one of my other mailing lists too. I just cross checked the hotmail subscribers to both lists and there is one in common. It's someone I've known for years but it's possible her account has become corrupted.
Is this the right path to follow? Contact her and see if I get a real person? Or is there something else to look into? Does anyone else get this spam?
Thanks!
Every post is identical:
Each post is in reply to a post made on the mailing list. Each one comes from a different address and not one subscribed to the list. Obviously there is a bot or mole on my list because every post quotes someone else's post. It is sent to the mailing list (caught by moderation filters of course) and also to the original poster.Hey [name of person replying to]
Really sorry to say someone literally just bought this from me.
I can tell you where I got it from.I just picked 4 of these from happybidshop.com .It's a on-line penny auction site where you can place bids on items and sometimes save up to 60 to 90% off the retail price.
All you need to do is buy a bid starter pack to get started.The trick is to watch the bidding slow down and then place in a bid .That's what I do and I win nearly every time.
Thank You
Sent via the Samsung Galaxy S? VI, an AT&T 4G LTE smartphone
I was waiting until another one came in so I could look at the headers from the moderation section. Unfortunately, there is nothing obvious. I checked all the names and none of the keywords in the names are in my subscriber list.
Here are the headers from the one that came today (redacted for the name/address of the legit person whose post is quoted):
I do not have other full headers to compare this to. But I do have partial headers and all but one come from Hotmail addresses. The other is from Outlook.Received: from l.mx.sonic.net (l.mx.sonic.net [69.12.210.141])
by listman.sonic.net (8.14.4/8.13.7) with ESMTP id u1MMIljb009541
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT)
for <ehn-chat@listman.sonic.net>; Mon, 22 Feb 2016 14:18:47 -0800
Received: from BLU004-OMC1S7.hotmail.com (blu004-omc1s7.hotmail.com [65.55.116.18])
by l.mx.sonic.net (8.14.9/8.14.9) with ESMTP id u1MMIahk001423
(version=TLSv1/SSLv3 cipher=AES128-SHA256 bits=128 verify=NOT)
for <ehn-chat@ehnca.org>; Mon, 22 Feb 2016 14:18:45 -0800
Received: from BLU437-SMTP29 ([65.55.116.8]) by BLU004-OMC1S7.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008);
Mon, 22 Feb 2016 14:18:36 -0800
X-TMN: [pA9csLTqEPmRncSy7hHsKK2F/h+iLxkQ]
X-Originating-Email: [naomasstallonso8621@hotmail.com]
Message-ID: <BLU437-SMTP29D1385BE38F14EDD44DDFA6A30@phx.gbl>
MIME-Version: 1.0
Date: Mon, 22 Feb 2016 22:18:17 -0800
X-Priority: 3 (Normal)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
Subject: Re: [EHN-Chat] which new washing machine?
From: "Sophia G. Dickey" <NaomasStallonso8621@hotmail.com>
To: "ehn-chat" <ehn-chat@ehnca.org>
X-OriginalArrivalTime: 22 Feb 2016 22:18:35.0730 (UTC) FILETIME=[F8E31320:01D16DBE]
X-Orthrus: tar=1 grey=no co=US os=Windows/7 or 8/1 spf=pass dkim=none
Note that it happens on one of my other mailing lists too. I just cross checked the hotmail subscribers to both lists and there is one in common. It's someone I've known for years but it's possible her account has become corrupted.
Is this the right path to follow? Contact her and see if I get a real person? Or is there something else to look into? Does anyone else get this spam?
Thanks!
