October 9, 2025
updated October 10, 2025

Tags

Spamming with Google groups

Today I noticed a new way to send spam to many people: Google Groups, a mailing list platform.

In the last days I got many automatic replies from people and companies I don't know and never contacted: out-of-office reminders and "thank you, we will take care" mails.

The mails were sent to support@gh.onlinebildunchkeiten.de and all contained mailing list headers: 

Precedence: list
Mailing-list: list phn@gh.onlinebildunchkeiten.de; contact phn+owners@gh.onlinebildunchkeiten.de
List-ID: <phn.gh.onlinebildunchkeiten.de>
X-Spam-Checked-In-Group: suppsdhsdksdhee@gh.onlinebildunchkeiten.de
X-Google-Group-Id: 320817839263
List-Post: <https://groups.google.com/a/gh.onlinebildunchkeiten.de/group/phn/post>,
    <mailto:phn@gh.onlinebildunchkeiten.de>
List-Help: <https://support.google.com/a/gh.onlinebildunchkeiten.de/bin/topic.py?topic=25838>,
    <mailto:phn+help@gh.onlinebildunchkeiten.de>
List-Archive: <https://groups.google.com/a/gh.onlinebildunchkeiten.de/group/phn/>
List-Subscribe: <https://groups.google.com/a/gh.onlinebildunchkeiten.de/group/support/subscribe>,
    <mailto:support+subscribe@gh.onlinebildunchkeiten.de>
List-Unsubscribe: <mailto:googlegroups-manage+320817839263+unsubscribe@googlegroups.com>,
    <https://groups.google.com/a/gh.onlinebildunchkeiten.de/group/phn/subscribe>

This was a Google group mailing list! And as usual with Google things, there was no way to report spam or abuse.

I imagine the process to be as follows:

  1. Spammer creates Google group and marks it as private
  2. Spammer adds hundreds of e-mail addresses to the list
  3. Spammer sends spam e-mails to the list
  4. People get the spam, and some mail servers send automated replies to the list - which all subscribed people receive as well.

The nice thing for spammers is that Google servers have good reputation and won't be blocked by administrators. This spam mails have a high chance of passing mail filters.

It is possible to unsubscribe from this spam list by sending an e-mail to a personalized e-mail address that you can find in the e-mail's List-Unsubscribe header. Make sure you send it from the same e-mail address it is sent to; that can be found in one of the Received headers :(

Unsubscribing

When sending an e-mail to the unsubscription address, a confirmation comes back with an image:

Unsubscription footer image from https://www.google.com/a/cpanel/vay.xylontrix.cfd/images/logo.gif?service=groups2

The text is written in thai (according to ChatGPT):

โรงเรียนบ้านปางสุด - Ban Pang Sut School
สพป.นครสวรรค์ เขต 2 - Nakhon Sawan Primary Educational Service Area Office 2

At least the text part is signed with vay.xylontrix.cfd admins. cfd is a valid top-level domain, and xylontrix.cfd is registered, according to the ICANN lookup tool.

Written by Christian Weiske.

Comments? Please send an e-mail.