The latest annoyance with Google Groups

January 8, 2012

The Google Groups spam attempts continues to roll in. This recently led me to yet another unpleasant discovery about Google Groups: as far as I can tell, there is no way to unsubscribe from a Google Groups mailing list (at least through the website). At least there's no way from the outside; it might be possible if you made a Google Groups account for yourself under the email address that is being spammed. For all of the obvious reasons I have no interest in doing that.

At this point I really don't know whether Google is evil or merely indifferent, and it doesn't really matter which. Providing people with no way to unsubscribe is yet another total failure of anything approaching responsible mailing list management. It's also a complete spammer (non-)feature; spammers never bother to implement unsubscription because of course they have no interest in ever seeing addresses go away.

Sidebar: how the spamming appears to work

I did some Groups searching using message IDs that I had, and it appears that the spammer is slightly sophisticated in their use of Groups. They have a 'distribution' mailing list, which is what I and more than 20,000 other people are on, and then they have a series of small, low-activity 'feeder' lists, which the main list is subscribed to. They send the spam to today's feeder list, the feeder list passes it to the main list, and then the main list spams us. I suspect that the feeder lists are all owned by different Google Groups identities than the main list.

This is an obvious exploit of automated anti-spam systems. From the perspective of a dumb system, clearly the problem is today's feeder list; it must have been set up by a spammer who is exploiting a legitimate main list. So eventually the system flags or does whatever to the feeder list but leaves the (apparently) innocently exploited main list alone, which just causes the spammer to make a new feeder list. This may seem stupid, but you can see why doing this the other way around would allow spammers to exploit an automated system to close down mailing lists that they don't like. Of course the real problem here is the automated abuse handling system, because you can't handle abuse reports entirely with automation.

Written on 08 January 2012.
« Why you might want multiple keys for disk encryption
What my physical desk is like »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Jan 8 01:29:39 2012
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.