I saw that announcement yesterday, went through the list of fixed issues and decided to wait with the upgrade since none of them were relevant for me.

If I haven't just seen this on the second page of HN I would have probably deferred this upgrade for a few more days.

I've seen similar things posted on here before that had a binary build only and zero technical documentation. It was really hard to see any kind of research or education value in those.

Here's an excerpt from a 2013 article in Scientific American that appears on the first page of results when searching for "voyager left the solar system" [1]:

> Voyager 1 was starting to get a reputation as the spacecraft that cried wolf, after scientists repeatedly claimed it was leaving the solar system, only to change their minds and say it wasn’t quite there yet.

[1] https://www.scientificamerican.com/article/voyager-1-leaves-...

My thinking so far against was 1) after a few months I'm pretty sure I would hear about the real attack 2) Repeating too frequently. People aren't getting hacked all the time (I hope).

But who knows? Now I'm thinking that maybe some other step in the attack is failing and maybe the attackers just trigger the email bomb part pre-emptively in case they actually succeed in resetting the password/purchasing/whatever.

It's not even that much of a hassle. What worries me is that I don't understand why someone would go through the trouble of doing this for no apparent benefit. I hope I'm not somehow unknowingly enabling some sort of an attack on any of the entities sending these automated replies.

In recent months I'm seeing instances where random personal mail accounts on a server I run would receive a barrage of mail in a short amount of time.

Mail seems to be bounced via Google Groups - they are sent from Google's IPs and have headers like X-Google-Group-Id, List-*, etc. all pointing to Google Groups. The actual group ID changes after each individual instance of this. However when I actually check e.g. the List-Archive URL, the group appears to be already been deleted.

The content of mail looks like it originates from various (legit-looking) random public web services, support requests, issue trackers, web contact forms etc. For example, a common reoccurring one is Virginia Department of Motor Vehicles (as in something like "thank you for filing a document #123 with us").

No apparent phishing links, no attached malware, no short advertisements snuck into a text field etc. Just automated replies from "noreply@"-type addresses.

It does not seem to be the case of trying to hide another attack (as discussed here for example: https://news.ycombinator.com/item?id=47609882) - over many instances I've not seen any other malicious activity. And this mail is filtered out easily enough based on Google's headers.

It all looks like there is some bot that a) creates a Google group and subscribes (one or more) random email addresses to a Google group and then b) enters the group's mail address into a bunch of random web forms that then send their automated responses to the group.

What could be the motivation for this? After the fact it's filtered pretty easily based on headers. It's not nearly enough volume to DoS the server. But why would someone go through the trouble of setting this up?

This complaint was sent to Google, probably because the cloudinary.com URL appeared in their search results.

It's doubtful anyone at Fiverr was made aware of this - unless Google typically forwards these complaints to the actual host of the offending URL. Even then, it would go to Cloudinary who would in turn need to notify their client. Many hops with plenty of "someone else's problem" barriers for the message to overcome.

The article provides zero evidence for this claim except "our low-volume (by their own measure) marketing campaign gets marked as spam by gmail".

Google has a v2 of the postmaster tools that are actually useful now? Awesome news! I totally missed that.

All v1 ever showed me as a small-time mail server admin was equivalent to "nothing to see here".

But v2 now actually shows me things like compliance status and user reported spam rate for my domains.

I made a patch that made it a multiplayer networked game where each player controlled the space of one airport. When I was doing that I remember being surprised how the entire game was written as a parser in lex (or maybe yacc? not sure anymore) not straight C.

I think it tells a lot about AI-generated art. People prompting the AI find it fascinating because they look at it with in the context of their internal thoughts and moods that led them to it. But the generated artwork itself doesn't communicate that context at all. A complete stranger will find it derivative and boring.

I'm guessing that looking at AI art prompted by your friend and family may be a middle road somewhere. So maybe the fact that you have such a positive opinion on AI art is because it's the people you know closely that are doing it.

They said "thanks, we'll look into it" and kept sending broken mail for years.

My guess is if you're a big enough player Google learns to ignore your broken DMARC config or somebody knows somebody on the inside who can add an exception. And then your mail gets delivered to @gmail.com just fine and that means it's working and wtf is this guy complaining about.

I hope "LLM thinks your name is gibberish" won't become the new "your name can't include invalid characters".

> While the victim is drowning [...] the attacker is doing something else.

In the past months some personal mail accounts on a mail server I administer were victim of something that looked similar to what's described here.

Hundreds of mails apparently originating from various (legit-looking) random public web services, support requests, issue trackers, web contact forms etc. For example, a good part of them was from Virginia Department of Motor Vehicles (as in something like "thank you for filing a document #123 with us").

To make things even weirder, they were not sent directly to the address, but according to message headers were bounced through Google Groups (each time I checked the relevant group was already deleted). So as far as I can tell it was not the mail address hosted on my server that was being entered into those websites.

No phishing links, no attached malware, no short advertisements snuck into a text field etc. Just a huge amount of automated replies from "noreply@" legit entities.

I've seen several of these attacks and spent some time investigating them. To my knowledge these were not associated with any other malicious activity, like the author of the article mentions. If anything they were just a denial-of-service attack on a mail box (as in, making the human user trawl through garbage, the mail volume was far from saturating the server itself). What exactly would be a motivation for that I can't tell, except making the life of a small mail server admin even harder than it already is.

I'm pretty sure my old Dell XPS laptop with Windows 10 had pop-ups just like this.

"This device can run faster" or something.