We’re seeing high levels of spam at the moment. This post is about what’s happening and what action we should take.
Currently, one or more persons are making accounts at
qq.com and using them to send mails to the #support and #development incoming addresses. We’re seeing about 40 mails per hour and this has been going on for some time. Discourse correctly rejects these mails, because the temporary email addresses don’t have a matching user here on the forum.
However - every mail gets a polite rejection from Discourse. This means that in the last month, we’ve sent over 50,000 rejections to this spam. Whilst it’s lovely that Discourse handles this for us, and we’ve not really noticed, it does mean we’ve gone way over our Mailgun allowance.
Fortunately, Mailgun does not operate hard limits, and the extra mails have cost us just $25 this month. However, we can’t ignore the situation, so I’d like to see what the community things we should do. There are three options:
- Remove the incoming addresses for #support and #development. This is my preferred option - it doesn’t remove the ability to reply by email, only the ability to start a thread by email. I don’t think this is a heavily used feature, and therefore safe to remove, but perhaps I’m wrong - hence this poll
- Block the
qq.comdomain at the Postfix level, dropping traffic at SMTP time. According to the DB we have just one valid user on this domain, who hasn’t been seen since Feb 2018, so this could be an acceptable route. It would block future users from this domain, of course.
- Do nothing - the spam continues, but we don’t seem to be affected too badly. We’ve have to allocate budget for the Mailgun costs, of course, and track the problem to make sure it doesn’t get worse
- Try to patch Discourse to not send this type of rejection mail. I’m not keen on patching Discourse, but we could start a conversation on Discourse Meta to see what could be done.
Here’s the poll:
- Drop support@ and devel@ incoming addresses
- Block qq.com
- Do nothing and pay up
- Refer the issue to upstream
Given this is literally costing us by the day, I’m closing the poll in one week. If there’s a clear consensus before then, I’ll take the appropriate action. Thanks!