[Coral-List] spamming and Coral-List

Wed Jun 24 18:54:25 UTC 2020

Hello listers,

We've received two independent reports that some old Coral-List posts, both
apparently from June of 2018, have been forwarded back to their original
authors with covid-19 spam added into the body of the messages.

After investigating, we are confident that these messages are not related
to any activity on our server. So that's good.

One possibility is that someone who was subscribed to Coral-List in 2018
has recently had their email account hacked, and the hacker is forwarding
people's own messages back to themselves with the spam text added, based on
old messages in this person's email archives. I don't know how likely that
is because it seems like we'd get more than just two reports about it.

It's also possible some spam software is crafting these messages based on
material posted in our online archives. Again, I would have expected more
problem reports, so I'm not sure if this is very likely.

It may also be that there is a larger volume of these spam messages but
they are being recognized as spoofs by your email providers (our server has
rigorous security and message-signing protocols) and the spoofed messages
just aren't reaching people. That would be a good thing.

What's bad news is, one of our list members forwarded his spam message to
us and we accidentally approved it for distribution to the whole list. This
member attempted to follow up and warn people about what had happened but
moderation accidentally caught and deleted that warning.

So here is our apology to that list member, and here is our own warning: on
Monday morning (Miami time) we approved a message about a M.S. Graduate
Research Assistantship, University of Guam, and that message contained spam
text with a link that should not be clicked. The message was sent
individually to regular subscribers, and in "Coral-List Digest, Vol 142,
Issue 12" to digest subscribers a few hours later. We are in the process of
wiping that message from our online archives.

Finally here is my request to the list members: I would be interested in
hearing if any other list members have received covid-19 spam like I am
describing -- with headers that suggest it originated from Coral-List, or
containing text you may have sent yourself, many years ago, to the list. If
you are willing to work with me a little I would like to see the full
headers of any such message (e.g. "Show Original" in google mail). It might
help us figure out what servers these messages originated from.

Thanks, and on behalf of the list, apologies for the accidental forward of
that Monday message.

Mike, coral-list administrator