BitBounce Spam Replies From the Mailing List

[Tim Allen]

Hey friends, it seems we have a new scourge of spam on this list, and I'm curious if anyone else has gotten it.

After posting a message to the group this morning, I got two auto-replies from a "service" called BitBounce:

Hello! I use a new email filtering service called BitBounce to filter my email. To deliver your email to my inbox, please click the button below and pay the small cryptocurrency fee. Thank you!
$0.05 to deliver your email.

 

Thanks for emailing me! No, I haven’t been hacked :)
I signed up for a spam filtering service called BitBounce. To deliver your email to my inbox, please click the link below and pay the small Bitcoin fee. Thanks!
$999.99 to deliver your email.

Here's more about the "service": https://www.dalerodgers.co.uk/bitbounce-review/ 

I'm sure I'm not alone in this, and will likely get two more spams when sending this message. How should we proceed? I'm not sure if this was just an accident by two legit members, or targeted. I'm leaning towards the latter.

Regards,

Tim 

[Adam Johnson]

You're right you're not alone, I got them too at the same prices, so presumably from the same two addresses. With over 10k members on the list I doubt it's targeted and those two people have happened to sign up for the service forgetting django-developers. I clicked the "whitelist me" button on my bounce emails to try get through to them.

I talked about this with some friends and one who worked on a customer support system said they've seen many similar bouncers before, often using captchas (e.g. http://orchant.awayfind.com/ ). It's likely the bitbounce designers just haven't taken public mailing lists into account yet. I've tweeted at bitbounce as I suspect reaching them on email would be hard :) ( https://twitter.com/AdamChainz/status/1076912927612026881 ).

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/fee74846-4447-4500-848d-a83f9874d0c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Adam

[Tom Forbes]

I have also received these. I feel that these members should be removed from the mailing list, as anyone should be for spamming other members asking for money.

--

[Adam Johnson]

My tweet got some attention from a bitbounce developer. I would like to give the two members the benefit of the doubt, they probably signed up in attempt to stop genuine spam and didn't realize the tool would cause problems for mailing lists like this.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAFNZOJNG2vC8nVuokAaHD0PedM5q41WKSZOW3JqMVXEv8mxRjg%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

--

Adam

[Joshua Cannon]

I just got one for $2.00. So I assume either the two original "bouncers" fixed their settings and we have a new "bouncer" or one of them changed their dollar amount.

[Joshua Cannon]

Nevermind, got the $999.99 reply as well :)

[Daniele Procida]

On Sun, Dec 23, 2018, Tim Allen <fli...@peregrinesalon.com> wrote:

>Hey friends, it seems we have a new scourge of spam on this list, and
>I'm curious if anyone else has gotten it.
>
>After posting a message to the group this morning, I got two auto-
>replies from a "service" called BitBounce:
>
>Hello! I use a new email filtering service called BitBounce to filter my
>email. To deliver your email to my inbox, please click the button below
>and pay the small cryptocurrency fee. Thank you!
>$0.05 to deliver your email.

Well, I'm sure the people who signed up for BitBounce didn't realise the issues it would cause, but it's still a nuisance.

If it continues to be an issue I will disable their receipt of email temporarily. I assume I'll get the auto-replies myself to this message.

Daniele

[Daniele Procida]

On Tue, Jan 1, 2019, Daniele Procida <dan...@vurt.org> wrote:

>If it continues to be an issue I will disable their receipt of email
>temporarily. I assume I'll get the auto-replies myself to this message.

One user's email receipt disabled so far; the user has been informed.

Daniele

[Daniele Procida]

... and the other bounces from an email address that isn't even subscribed to the list!

That is extremely annoying.

Daniele

[Aymeric Augustin]

[[ I'm adding BitBounce support to this discussion, even though I expect I'll just get one more of their spam — "we'll ignore the spam problem we cause to you until you pay money to us". ]]

It's aggravating.

Here's one possible solution:

- we export the individual email addresses of django-developers subscribers — assuming Google Groups allows that

- we write a script that sends an email to each of them with a unique sender or subject — as far as I can tell these are the only parts of the original email that make it into BitBounce's spam

- when we get the BitBounce spam, we can map the sender or subject to the original email address, then we unsubscribe it

We can make tests by writing to aphi...@gmail.com — the address indirectly subscribed to django-developers that we're trying to remove.

It seems that BitBounce's spam takes a while to arrive. Yesterday I emailed the list at 23:24 and got the BitBounce spam at 00:00 (CET). Perhaps it's a hourly cron, perhaps just a slow queue.

Best regards,

-- 

Aymeric.

[Daniele Procida]

On Sun, Jan 6, 2019, Aymeric Augustin <aymeric....@polytechnique.org> wrote:

>[[ I'm adding BitBounce support to this discussion, even though I expect

>I'll just get one more of their spam -- "we'll ignore the spam problem we

>cause to you until you pay money to us". ]]

>Here's one possible solution:
>
>- we export the individual email addresses of django-developers

>subscribers -- assuming Google Groups allows that

Unfortunately, there are too many members on the list, and the Export button is thus disabled.

>We can make tests by writing to aphi...@gmail.com

><mailto:aphi...@gmail.com> -- the address indirectly subscribed to

>django-developers that we're trying to remove.

I've tried various ways to search though the list members for a potential match, to no avail so far.

<https://duckduckgo.com/?q=aphisosys> suggests that <aphi...@gmail.com> is a Reddit user with a fascination with cryptocurrencies.

I cannot imagine how much unwanted email BitBounce must be causing all over the world through this oversight - surely far more than they have ever stopped.

Daniele

[Aymeric Augustin]

I was pessimistic; it seems that a BitBounce employee might read this message.

So, BitBounce, if you’re reading this:

1. Please drop aphi...@gmail.com from your service before they do more harm to your reputation — there are thousands of subscribers to this mailing list — and until they unsubscribe from all their mailing lists.

2. Please make a donation of $2000 to the Django Software Foundation ($1000 if you’re cheap) to offset the trouble you’ve caused up to this point: https://www.djangoproject.com/fundraising/.You’re the ones who started suggesting money was an appropriate compensation for unsolicited email after all :-) and you sent quite a lot to us :-(

Looking forwards to a prompt resolution,

-- 

Aymeric.

[Nasir Hussain]

I've got same replies from bitbounse too. :/

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/96524150-766E-4DB8-9654-4EBB44CF3C89%40polytechnique.org.

[Shai Berger]

On Sun, 6 Jan 2019 11:11:38 +0100
Aymeric Augustin <aymeric....@polytechnique.org> wrote:

> I was pessimistic; it seems that a BitBounce employee might read this
> message.
>

Last week, Adam twitted at BitBounce about this, and I retweeted with a
comment. This week a person presenting themselves as a BitBounce
employee said they introduced some countermeasure.

https://twitter.com/stewart__dennis/status/1081426995450306560

This message is also a test to see if the fix works :)

[Patryk Zawadzki]

Sorry for resurrecting but this is still very much a problem. Same person, same autoresponder.

[Aymeric Augustin]

Since Twitter is the only place where BitBounce responded, I tried again: https://twitter.com/aymericaugustin/status/1097231848973967362

I'm skeptical about their willingness to fight spam: they're using it as their primary marketing channel. The more we're talking about them, the happier they are...

-- 

Aymeric.

On 29 Jan 2019, at 11:30, Patryk Zawadzki <pat...@gmail.com> wrote:

Sorry for resurrecting but this is still very much a problem. Same person, same autoresponder.

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/41722075-8e89-4777-8872-ee4660f14b26%40googlegroups.com.

[Kye Russell]

https://twitter.com/stewart__dennis/status/1081973497025331201?s=21

I’m sure that falsely replying to mailing list emails helps with these numbers. 

I’m just going ahead and marking them as spam, because that’s what they are. It’s negligence at this point.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/4C847606-C965-4C61-8851-63DA676381CF%40polytechnique.org.

[Tom Forbes]

I figured I’d email their CEO (stewart...@bitbounce.com) and ask if he can look into this, because it’s kind of ridiculous. I think I should have known beforehand what kind of automated reply I got…

I’ve also marked them as spam and so don’t receive them anymore but I can imagine it’s pretty annoying for anyone that has not.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CANK-ykmivQ4MOfPnWOEHKN_Cd2CT0S39_9doWrDVh3ZfsxDEQA%40mail.gmail.com.

[Aymeric Augustin]

They say they removed the offending user:  https://twitter.com/stewart__dennis/status/1097296853551337472?s=21

This isn’t a long term fix — we’ll have the same issue if another user subscribes to BitBounce — but at least it solves our immediate problem.

-- 

Aymeric.

[Adam Johnson]

Thanks for getting that done Aymeric.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/0E830FC6-B4C9-449E-A668-BB2DB965D58D%40polytechnique.org.

For more options, visit https://groups.google.com/d/optout.

--

Adam