Blocklist workaround - recreating spamgourmet in gmail.

General discussion re sg.

Blocklist workaround - recreating spamgourmet in gmail.

Postby michaeldlr » Tue Mar 15, 2022 11:37 am

have been experimenting for a while with recreating spamgourmet using a gmail account. Obviously this means that you get the privacy disadvantages of being monitored by google, however if you already have a gmail account that's no different from your current situation.

1) this will work on domains that block spamgourmet
2) you can use google spam reporting to directly block spammers for millions of other users

Disadvantages include the fact that watchword modification is horribly slow; I haven't been able to implement the message counter; privacy as above;

So far I have a number of features working

* an email address where you only get messages that are sent to sub addresses (not the main one)
* watchword enforcement
* dedicated email addresses

Basic configuration

0) set up a new gmail address which doesn't have your name and which you don't use for normal mail.
1) set up forwarding from your gmail address to your protected address
2) create a label "autoforward" which will be used to back up forwarded emails until you are absolutely sure everything is working right (then you can delete the label and references to it)
3) configure a filter rule like
Matches: from:(google.com)
Do this: Skip Inbox, Apply label "google/automatics", Never send it to Spam

Remember - google legitimately knows about your account so they are not spamming you if the send account related info. You may want to forward google information mails to your main account in case they send you something important such as a message that your account has been hacked.
4) configure a filter rule like:
Matches: {(to:myemailaddress+watchword) (deliveredto:myemailaddress+watchword)}
Do this: Skip Inbox, Apply label "autoforward", Forward to protectedaddress@protecteddomain.example.com, Never send it to Spam


You can now create a dedicated email address on demand as follows

Code: Select all
myemailaddress+watchword+keyword@gmail.com


Occasionally you can come into your account and select all the emails which are in your inbox. Mark these as spam and google will block those spammers making them less effective.

I think this approach is great because it allows use of spamgourmet type features with people who are trying to block that; because it shows that the features of spamgourmet are nothing special and adding spamgourmet to blocklists is a not sensible and finally because it allows a level of targeting of people who are using blocklists to ensure that they can sell email addresses to spammers.

I'd like to encourage everyone to post equivalent solutions for other free email providers.
Last edited by michaeldlr on Tue Mar 15, 2022 11:55 am, edited 1 time in total.
michaeldlr
 
Posts: 23
Joined: Sun Jul 10, 2016 5:57 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby michaeldlr » Tue Mar 15, 2022 11:39 am

If anyone's interested in this but having difficulty with the setup, especially of the rules, I can make an attempt to make images of how the configuration should look. Please give it a go and ask any questions.
michaeldlr
 
Posts: 23
Joined: Sun Jul 10, 2016 5:57 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby greatwolf » Thu Jun 16, 2022 2:34 am

How do you add the
Code: Select all
deliveredto:
field? I don't see it as an option when configuring the filter.
greatwolf
 
Posts: 16
Joined: Mon Apr 23, 2012 8:11 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby VanguardLH » Sat Jul 16, 2022 6:03 am

The proposed scheme only works to *receive* e-mails (from untrusted senders) through the aliasing Gmail account (that forwards to your real e-mail address aka REA). It does not emulate Spamgourmet's mask sending feature. That is, if enabled in your SG account, you can reply to aliased inbound e-mails which go through SG to strip the headers (and try to modify signatures) to look like your reply to an aliased e-mail came from SG, and *not* your REA). If your scheme, replying to an aliased e-mail means divulging your REA to the sender of the aliased e-mail. You will be replying using your REA, not by using your alternate Gmail account, and definitely without using the alias you gave to the sender.

Give a sender an alias: acctname+alias@gmail.com
E-mail arrives at your alternate Gmail account: acctname
The e-mail gets forwarded to your REA: youracct@gmail.com
When you reply to the "aliased" e-mail, you divulged your REA: reply is sent from youracct@gmail.com

On a reply, it originates from your REA account, not from your alternate (aliasing) Gmail account. Perhaps some SG users don't enable the masking feature for replies. Ever since I've had SG accounts, I've had the "reply addressing masking" option enabled. There are tons of free and paid forwarding services. Those are not true aliasing services: they forward inbound e-mail to your true address, but any replies will get sent from your true address. A true aliasing service has replies to aliased messages go back through the aliasing service, so the headers show the reply originated from the aliasing service, NOT from your true address. With the "reply addressing masking" option disabled, SG is nothing more than yet another e-mail forwarding service. With the option enabled, SG is a full aliasing service.

Your proposal uses a non-primary Gmail account for forwarding messages. Gmail allows aliases via the plus (+) character, like you+alias@gmail.com, and it has the option to forward inbound messages to another account (a feature is a vast number of e-mail services). Yes, you can use Gmail aliasing to /forward/ messages to your REA, but you cannot reply to those forwarded message without divulging your REA.

Also, the syntax for Gmail aliasing is well known. Anyone to whom you give you+alias@gmail.com can send to you+otheralias@gmail.com, or just you@gmail.com, to get their message into that Gmail account which then forwards to your REA. Gmail's aliasing syntax sucks as it is extremely easy to abuse or circumvent. And all you're doing with the alternate/aliasing Gmail account is using it as a forwarding service, not as a true aliasing service.
VanguardLH
 
Posts: 51
Joined: Sun Oct 11, 2009 10:01 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby michaeldlr » Sun Jul 31, 2022 11:10 am

Hi VanguardLH

thanks for your comments - some responses

It does not emulate Spamgourmet's mask sending feature.


Although each individual address has to be approved (by accepting a mail on that address) it is possible to send outgoing mail from the gmail addresses using the standard Gmail "send as" feature and *as far as I can tell so far* there is no disclosure of the masked address. Obviously this is not as convenient as simply using spamgourmet reply masking but it isn't terrible in most cases.

Gmail's aliasing syntax sucks as it is extremely easy to abuse or circumvent.


I've managed to show that you can match in your gmail rules on the alias part of the address that is being sent to. That means that a) we can build watchword enforcement where only
Code: Select all
address+watchword+something@gmail.com
will be forwarded to you b) you can automatically mark everything else as spam so that people who abuse this actually harm themselves.

And all you're doing with the alternate/aliasing Gmail account is using it as a forwarding service, not as a true aliasing service


My current usage for this is specifically for two way communication with certain services which are blocking spamgourmet. I'm using a gmail account which is not linked to my main Google address which means that the spammers aren't getting the advertising and data linking value that they would get from having the details of my main gmail account. This is a clear demonstration that spamgourmet is not doing anything more "evil" than things that are possible with normal gmail accounts. I think that the main takeaway should be that, if someone thinks blocking spamgourmet is a good idea then they should also block gmail and probably also most other public mail providers.
michaeldlr
 
Posts: 23
Joined: Sun Jul 10, 2016 5:57 pm


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 3 guests

cron