OT - GG Spammers

A

Andrew Thompson

I started a thread on Google Groups - asking why Google
could not do more to suppress the torrent of spam to the
comp.lang.java.* hierarchy groups, coming from Google
Groups posters.
<http://groups.google.com/group/Groups-Suggestions/browse_frm/thread/
2a5e4a9399cb8be7/#>

A GG apologist challenged me as to what proof I had
that these spammers were using GG. My 'best guess'
was the 'X-trace' shown in the full listing of the post. So
far, *8/8* of the most recent spam posts to c.l.j.p. have
had an X-Trace indicating ..

X-Trace: posting.google.com ...

Is that correct? Is the X-trace the best indication of
where a post originates?

Sorry, I was hoping the GGA challenger might have clarified
on the original thread, but they have been conspicuous in
their absence, since I started posting links to examples..

Andrew T.
 
A

Andrew Thompson

I started a thread on Google Groups - asking why Google
could not do more to suppress the torrent of spam to the
comp.lang.java.* hierarchy groups, coming from Google
Groups posters.
<http://groups.google.com/group/Groups-uggestions/browse_frm/thread/2a5e4a9399cb8be7/#>

Some amusing* things happened since then.
A GG apologist challenged me as to what proof I had
that these spammers were using GG.

- I began assembling the proof, by way of linking
to each spam post and quoting the 'X-trace' line.
So far, 10/11 show an origin of GG.
- The apologist slunk off into the shadows
- I got terse with them, asking if they were good
for anything besides weak challenges/apologies
- I myself was blocked by GG for making 'too many
posts'
- I opened an account with JavaKB so I could
continue posting.
- GG has since restored my posting abilities
(through mechanisms entirely unrelated to me,
since there own 'click this if you think it
is wrong' link was broken).

I will probably continue using JavaKB for the
time being** - I have been in contact with the
JavaKB staff and they have already indicated
an interest in making further changes to their
WITUN, in exchange for me promoting it over GG.

If that proceeds as hoped, the end advice will
probably be words to the effect of..
"You might want to change over to a WITUN that
is *not* the source of >90% of all spam to these
usenet newsgroups, so that users of news clients
who filter *all* posts from GG, might also see
your message."

Note that JavaKB not only a offers access to
a much more Java focused set of groups (so
they are inherently of less interest to the
spammers that wish to multi-post widely) but
the first comment below *every* reply to a
post, states..
"Do not post SPAM or messages that violate
any laws. Violation of this requirement will
result in account deactivation. "

* OK.. amusing to me, anyway. ;-)
** Failing posts to GGG's (Google Groups groups,
like the one linked above) ..and this post,
since strangely I could not find it in the
JavaKB listing - I will have to look further
into that. I suspect it was filtered, and I
do not agree that the WITUN should do that
(short of an user initiated *choice* to filter
spam).

Andrew T.
 
W

Wojtek

Andrew Thompson wrote :
I started a thread on Google Groups - asking why Google
could not do more to suppress the torrent of spam to the
comp.lang.java.* hierarchy groups, coming from Google
Groups posters.
<http://groups.google.com/group/Groups-Suggestions/browse_frm/thread/
2a5e4a9399cb8be7/#>

A GG apologist challenged me as to what proof I had
that these spammers were using GG. My 'best guess'
was the 'X-trace' shown in the full listing of the post. So
far, *8/8* of the most recent spam posts to c.l.j.p. have
had an X-Trace indicating ..

X-Trace: posting.google.com ...

Is that correct? Is the X-trace the best indication of
where a post originates?

Sorry, I was hoping the GGA challenger might have clarified
on the original thread, but they have been conspicuous in
their absence, since I started posting links to examples..

Well, from a recent posting, here is the entire header group:

Path:
edtnps91!newsfeed2.telusplanet.net!newsfeed.telus.net!news.glorb.com!postnews.google.com!d57g2000hsg.googlegroups.com!not-for-mail
From: (e-mail address removed)
Newsgroups: comp.lang.java.programmer
Subject: Web-based personal development co. looking for programmers
Date: 30 Mar 2007 17:07:48 -0700
Organization: http://groups.google.com
Lines: 65
Message-ID: <[email protected]>
NNTP-Posting-Host: 71.204.145.237
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Trace: posting.google.com 1175299670 857 127.0.0.1 (31 Mar 2007
00:07:50 GMT)
X-Complaints-To: (e-mail address removed)
NNTP-Posting-Date: Sat, 31 Mar 2007 00:07:50 +0000 (UTC)
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O;
en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11,gzip(gfe),gzip(gfe)
Complaints-To: (e-mail address removed)
Injection-Info: d57g2000hsg.googlegroups.com;
posting-host=71.204.145.237;
posting-account=7dWL_w0AAACvNT_8mV9yNiXdDZIctp49
Xref: newsfeed2.telusplanet.net comp.lang.java.programmer:768648

There are Google fingerprints all through the headers. The best one I
think is the Message-ID.
 
C

Chris Uppal

Wojtek said:
posting-account=7dWL_w0AAACvNT_8mV9yNiXdDZIctp49
There are Google fingerprints all through the headers. The best one I
think is the Message-ID.

If some sort of proof is required, the GG posting account (part of the
Injection-Info: field that Google adds) looks as if it's probably a crypto-hash
of the account name (or something related to it), so that might serve as a
non-repudiable token (although one hopes that only Google can verify it).

Actually, I'm not too sure about Message-ID, that is one of the fields that can
be generated by the client rather than always being added/overwritten by NTTP
servers. As such, it's not so useful for this specific purpose, since we are
trying to find fields which people cannot forge to make it look as if they are
posting via Google. I don't have the experience of NNTP servers to know which
(if any) fields they strip/replace from untrusted submissions (which would make
them more difficult for spammers to forge). Perhaps the X-Trace field ?

-- chris
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top