Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

OT - GG Spammers

2 views
Skip to first unread message

Andrew Thompson

unread,
Mar 31, 2007, 1:22:29 AM3/31/07
to
I started a thread on Google Groups - asking why Google
could not do more to suppress the torrent of spam to the
comp.lang.java.* hierarchy groups, coming from Google
Groups posters.
<http://groups.google.com/group/Groups-Suggestions/browse_frm/thread/
2a5e4a9399cb8be7/#>

A GG apologist challenged me as to what proof I had
that these spammers were using GG. My 'best guess'
was the 'X-trace' shown in the full listing of the post. So
far, *8/8* of the most recent spam posts to c.l.j.p. have
had an X-Trace indicating ..

X-Trace: posting.google.com ...

Is that correct? Is the X-trace the best indication of
where a post originates?

Sorry, I was hoping the GGA challenger might have clarified
on the original thread, but they have been conspicuous in
their absence, since I started posting links to examples..

Andrew T.

Andrew Thompson

unread,
Apr 1, 2007, 11:54:41 PM4/1/07
to
On Mar 31, 3:22 pm, "Andrew Thompson" <andrewtho...@gmail.com> wrote:
> I started a thread on Google Groups - asking why Google
> could not do more to suppress the torrent of spam to the
> comp.lang.java.* hierarchy groups, coming from Google
> Groups posters.
> <http://groups.google.com/group/Groups-uggestions/browse_frm/thread/2a5e4a9399cb8be7/#>

Some amusing* things happened since then.

> A GG apologist challenged me as to what proof I had
> that these spammers were using GG.

- I began assembling the proof, by way of linking
to each spam post and quoting the 'X-trace' line.
So far, 10/11 show an origin of GG.
- The apologist slunk off into the shadows
- I got terse with them, asking if they were good
for anything besides weak challenges/apologies
- I myself was blocked by GG for making 'too many
posts'
- I opened an account with JavaKB so I could
continue posting.
- GG has since restored my posting abilities
(through mechanisms entirely unrelated to me,
since there own 'click this if you think it
is wrong' link was broken).

I will probably continue using JavaKB for the
time being** - I have been in contact with the
JavaKB staff and they have already indicated
an interest in making further changes to their
WITUN, in exchange for me promoting it over GG.

If that proceeds as hoped, the end advice will
probably be words to the effect of..
"You might want to change over to a WITUN that
is *not* the source of >90% of all spam to these
usenet newsgroups, so that users of news clients
who filter *all* posts from GG, might also see
your message."

Note that JavaKB not only a offers access to
a much more Java focused set of groups (so
they are inherently of less interest to the
spammers that wish to multi-post widely) but
the first comment below *every* reply to a
post, states..
"Do not post SPAM or messages that violate
any laws. Violation of this requirement will
result in account deactivation. "

* OK.. amusing to me, anyway. ;-)
** Failing posts to GGG's (Google Groups groups,
like the one linked above) ..and this post,
since strangely I could not find it in the
JavaKB listing - I will have to look further
into that. I suspect it was filtered, and I
do not agree that the WITUN should do that
(short of an user initiated *choice* to filter
spam).

Andrew T.

Wojtek

unread,
Apr 10, 2007, 9:55:07 AM4/10/07
to
Andrew Thompson wrote :

Well, from a recent posting, here is the entire header group:

Path:
edtnps91!newsfeed2.telusplanet.net!newsfeed.telus.net!news.glorb.com!postnews.google.com!d57g2000hsg.googlegroups.com!not-for-mail
From: jco...@gmail.com
Newsgroups: comp.lang.java.programmer
Subject: Web-based personal development co. looking for programmers
Date: 30 Mar 2007 17:07:48 -0700
Organization: http://groups.google.com
Lines: 65
Message-ID: <1175299668.3...@d57g2000hsg.googlegroups.com>
NNTP-Posting-Host: 71.204.145.237
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Trace: posting.google.com 1175299670 857 127.0.0.1 (31 Mar 2007
00:07:50 GMT)
X-Complaints-To: groups...@google.com
NNTP-Posting-Date: Sat, 31 Mar 2007 00:07:50 +0000 (UTC)
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O;
en-US; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11,gzip(gfe),gzip(gfe)
Complaints-To: groups...@google.com
Injection-Info: d57g2000hsg.googlegroups.com;
posting-host=71.204.145.237;
posting-account=7dWL_w0AAACvNT_8mV9yNiXdDZIctp49
Xref: newsfeed2.telusplanet.net comp.lang.java.programmer:768648

There are Google fingerprints all through the headers. The best one I
think is the Message-ID.

--
Wojtek :-)


Chris Uppal

unread,
Apr 10, 2007, 10:26:18 AM4/10/07
to
Wojtek wrote:

> posting-account=7dWL_w0AAACvNT_8mV9yNiXdDZIctp49

> There are Google fingerprints all through the headers. The best one I
> think is the Message-ID.

If some sort of proof is required, the GG posting account (part of the
Injection-Info: field that Google adds) looks as if it's probably a crypto-hash
of the account name (or something related to it), so that might serve as a
non-repudiable token (although one hopes that only Google can verify it).

Actually, I'm not too sure about Message-ID, that is one of the fields that can
be generated by the client rather than always being added/overwritten by NTTP
servers. As such, it's not so useful for this specific purpose, since we are
trying to find fields which people cannot forge to make it look as if they are
posting via Google. I don't have the experience of NNTP servers to know which
(if any) fields they strip/replace from untrusted submissions (which would make
them more difficult for spammers to forge). Perhaps the X-Trace field ?

-- chris


0 new messages