Google seems to try to invent new and interesting ways for spammers to spam me (and many others). I’ve still not worked out a good way to block “fake googlegroups” which follow this method:
- Make new fake gmail login
- Make new fake google group
- Add lots of people’s email addresses to the group
- Send lots of junk to these people
- Repeat when it gets closed down
I’m not sure why groups aren’t opt-in. A rather simple and standard way to stop this exact problem.
Anyhow, the next new spammer enablement that the nice folks at Google have come up with is the mygbiz.com domain. These are temporary email addresses you can use when setting up Google apps. The only thing I have ever seen from them is spam. So I thought I’d try to report some to Google. After looping around several help screens that were, despite their name, very unhelpful, I’ve come to the conclusion that Google isn’t too serious about fixing this problem.
If you have postfix, the solution is very simple:
- vi /etc/postfix/access_sender
- Add a line like “mygbiz.com REJECT”
- postmap /etc/postfix/access_sender
- postfix reload
I find the results to this method far superior to trying to get Google interested in being responsible for a domain they run. If you want to use google apps then spend the $50 and get a domain. Alternatively don’t use something that spammers abuse.
Does it work? You bet it does!
Sep 18 23:26:38 elmo postfix/smtpd: NOQUEUE: reject: RCPT from mail-ye0-f208.google.com[220.127.116.11]: 554 5.7.1 <[email protected]>: Sender address rejected: Do not send from mygbiz.com domains; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-ye0-f208.google.com>