Blocklist workaround - recreating spamgourmet in gmail.

General discussion re sg.

Blocklist workaround - recreating spamgourmet in gmail.

Postby michaeldlr » Tue Mar 15, 2022 11:37 am

have been experimenting for a while with recreating spamgourmet using a gmail account. Obviously this means that you get the privacy disadvantages of being monitored by google, however if you already have a gmail account that's no different from your current situation.

1) this will work on domains that block spamgourmet
2) you can use google spam reporting to directly block spammers for millions of other users

Disadvantages include the fact that watchword modification is horribly slow; I haven't been able to implement the message counter; privacy as above;

So far I have a number of features working

* an email address where you only get messages that are sent to sub addresses (not the main one)
* watchword enforcement
* dedicated email addresses

Basic configuration

0) set up a new gmail address which doesn't have your name and which you don't use for normal mail.
1) set up forwarding from your gmail address to your protected address
2) create a label "autoforward" which will be used to back up forwarded emails until you are absolutely sure everything is working right (then you can delete the label and references to it)
3) configure a filter rule like
Matches: from:(google.com)
Do this: Skip Inbox, Apply label "google/automatics", Never send it to Spam

Remember - google legitimately knows about your account so they are not spamming you if the send account related info. You may want to forward google information mails to your main account in case they send you something important such as a message that your account has been hacked.
4) configure a filter rule like:
Matches: {(to:myemailaddress+watchword) (deliveredto:myemailaddress+watchword)}
Do this: Skip Inbox, Apply label "autoforward", Forward to protectedaddress@protecteddomain.example.com, Never send it to Spam


You can now create a dedicated email address on demand as follows

Code: Select all
myemailaddress+watchword+keyword@gmail.com


Occasionally you can come into your account and select all the emails which are in your inbox. Mark these as spam and google will block those spammers making them less effective.

I think this approach is great because it allows use of spamgourmet type features with people who are trying to block that; because it shows that the features of spamgourmet are nothing special and adding spamgourmet to blocklists is a not sensible and finally because it allows a level of targeting of people who are using blocklists to ensure that they can sell email addresses to spammers.

I'd like to encourage everyone to post equivalent solutions for other free email providers.
Last edited by michaeldlr on Tue Mar 15, 2022 11:55 am, edited 1 time in total.
michaeldlr
 
Posts: 46
Joined: Sun Jul 10, 2016 5:57 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby michaeldlr » Tue Mar 15, 2022 11:39 am

If anyone's interested in this but having difficulty with the setup, especially of the rules, I can make an attempt to make images of how the configuration should look. Please give it a go and ask any questions.
michaeldlr
 
Posts: 46
Joined: Sun Jul 10, 2016 5:57 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby greatwolf » Thu Jun 16, 2022 2:34 am

How do you add the
Code: Select all
deliveredto:
field? I don't see it as an option when configuring the filter.
greatwolf
 
Posts: 18
Joined: Mon Apr 23, 2012 8:11 pm
Location: California

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby VanguardLH » Sat Jul 16, 2022 6:03 am

The proposed scheme only works to *receive* e-mails (from untrusted senders) through the aliasing Gmail account (that forwards to your real e-mail address aka REA). It does not emulate Spamgourmet's mask sending feature. That is, if enabled in your SG account, you can reply to aliased inbound e-mails which go through SG to strip the headers (and try to modify signatures) to look like your reply to an aliased e-mail came from SG, and *not* your REA). If your scheme, replying to an aliased e-mail means divulging your REA to the sender of the aliased e-mail. You will be replying using your REA, not by using your alternate Gmail account, and definitely without using the alias you gave to the sender.

Give a sender an alias: acctname+alias@gmail.com
E-mail arrives at your alternate Gmail account: acctname
The e-mail gets forwarded to your REA: youracct@gmail.com
When you reply to the "aliased" e-mail, you divulged your REA: reply is sent from youracct@gmail.com

On a reply, it originates from your REA account, not from your alternate (aliasing) Gmail account. Perhaps some SG users don't enable the masking feature for replies. Ever since I've had SG accounts, I've had the "reply addressing masking" option enabled. There are tons of free and paid forwarding services. Those are not true aliasing services: they forward inbound e-mail to your true address, but any replies will get sent from your true address. A true aliasing service has replies to aliased messages go back through the aliasing service, so the headers show the reply originated from the aliasing service, NOT from your true address. With the "reply addressing masking" option disabled, SG is nothing more than yet another e-mail forwarding service. With the option enabled, SG is a full aliasing service.

Your proposal uses a non-primary Gmail account for forwarding messages. Gmail allows aliases via the plus (+) character, like you+alias@gmail.com, and it has the option to forward inbound messages to another account (a feature is a vast number of e-mail services). Yes, you can use Gmail aliasing to /forward/ messages to your REA, but you cannot reply to those forwarded message without divulging your REA.

Also, the syntax for Gmail aliasing is well known. Anyone to whom you give you+alias@gmail.com can send to you+otheralias@gmail.com, or just you@gmail.com, to get their message into that Gmail account which then forwards to your REA. Gmail's aliasing syntax sucks as it is extremely easy to abuse or circumvent. And all you're doing with the alternate/aliasing Gmail account is using it as a forwarding service, not as a true aliasing service.
VanguardLH
 
Posts: 51
Joined: Sun Oct 11, 2009 10:01 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby michaeldlr » Sun Jul 31, 2022 11:10 am

Hi VanguardLH

thanks for your comments - some responses

It does not emulate Spamgourmet's mask sending feature.


Although each individual address has to be approved (by accepting a mail on that address) it is possible to send outgoing mail from the gmail addresses using the standard Gmail "send as" feature and *as far as I can tell so far* there is no disclosure of the masked address. Obviously this is not as convenient as simply using spamgourmet reply masking but it isn't terrible in most cases.

Gmail's aliasing syntax sucks as it is extremely easy to abuse or circumvent.


I've managed to show that you can match in your gmail rules on the alias part of the address that is being sent to. That means that a) we can build watchword enforcement where only
Code: Select all
address+watchword+something@gmail.com
will be forwarded to you b) you can automatically mark everything else as spam so that people who abuse this actually harm themselves.

And all you're doing with the alternate/aliasing Gmail account is using it as a forwarding service, not as a true aliasing service


My current usage for this is specifically for two way communication with certain services which are blocking spamgourmet. I'm using a gmail account which is not linked to my main Google address which means that the spammers aren't getting the advertising and data linking value that they would get from having the details of my main gmail account. This is a clear demonstration that spamgourmet is not doing anything more "evil" than things that are possible with normal gmail accounts. I think that the main takeaway should be that, if someone thinks blocking spamgourmet is a good idea then they should also block gmail and probably also most other public mail providers.
michaeldlr
 
Posts: 46
Joined: Sun Jul 10, 2016 5:57 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby jim » Thu May 04, 2023 3:25 am

greatwolf wrote:How do you add the
Code: Select all
deliveredto:
field? I don't see it as an option when configuring the filter.

If you just paste this into your gmail search box
Code: Select all
{(to:myemailaddress+watchword) (deliveredto:myemailaddress+watchword)}

Then click "Advanced search" you'll see that it pastes this search criteria into the "Has the words" field.
jim
 
Posts: 22
Joined: Mon Jul 30, 2018 11:37 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby jim » Thu May 04, 2023 3:26 am

michaeldlr wrote:have been experimenting for a while with recreating spamgourmet using a gmail account...

What a brilliant low tech solution that does most of my spamgourmet does right within gmail. Thanks for sharing. One question, why do you search for the "to" OR "deliveredto" addresses? Wouldn't just searching for "deliveredto" suffice?
jim
 
Posts: 22
Joined: Mon Jul 30, 2018 11:37 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby jim » Fri May 26, 2023 12:21 am

Instead of:
Code: Select all
Matches: {(to:myemailaddress+watchword) (deliveredto:myemailaddress+watchword)}
Instead I had to search for periods like this:
Code: Select all
Matches: {(to:myemailaddress.watchword) (deliveredto:myemailaddress.watchword)}

When I used the plus sign it found all of my email, "+" appears to be some sort of search wildcard. I've only set up one forward like this, but so far I'm only using
Code: Select all
deliveredto:myemailaddress.watchword
to filter and forward my email. "deliveredto:" seems to catch everything, I still don't understand when you'd need to use the "to:" search.
jim
 
Posts: 22
Joined: Mon Jul 30, 2018 11:37 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby lwc » Tue May 30, 2023 6:08 pm

jim wrote:Instead of:
When I used the plus sign it found all of my email, "+" appears to be some sort of search wildcard.

It might be regex. If so, the dot in myemailaddress.watchword will also catch myemailaddress2watchword, myemailaddress@watchword.com, etc.
Try to use myemailaddress\+watchword since if regex is used, it'll treat plus literally. Does it work?

"deliveredto:" seems to catch everything, I still don't understand when you'd need to use the "to:" search.

How do you use it in a filter, can you show a screenshot?
Attachments
filters.png
filters.png (17.43 KiB) Viewed 17034 times
lwc
 
Posts: 455
Joined: Sat Aug 28, 2004 9:09 am

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby user932847 » Thu Jun 08, 2023 9:45 pm

Just implemented this following your directions in the first post. I've used it for one site so far and seems to be working where my SG account didn't.
Thank you so much for these directions!
user932847
 
Posts: 1
Joined: Thu Jun 08, 2023 9:43 pm

Re: Blocklist workaround - recreating spamgourmet in gmail.

Postby jim » Sat Jul 22, 2023 4:17 pm

lwc wrote:
jim wrote:Instead of:
How do you use it in a filter, can you show a screenshot?


My gmail address is "myemailaddress@gmail.com" and I setup my filter to match "Has the words: deliveredto:myemailaddress.watchword"
Attachments
myFilterSettings.png
My gmail filter settings
myFilterSettings.png (18.77 KiB) Viewed 16442 times
jim
 
Posts: 22
Joined: Mon Jul 30, 2018 11:37 pm


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 5 guests

cron