Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Spam from you accounts

TermoSINteZ January 19, 2022

 

Hello dear Atlassian.

Today I got spam and fishing email from you domain.

 


photo_2022-01-19_15-03-17.jpgPlease check and restrict this. 

Thanks you. 

 

 

5 answers

2 accepted

3 votes
Answer accepted
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 19, 2022

Atlassian has a bit of a problem with their Cloud model - it is vulnerable to malicious users (in fact, almost entirely 'bots, rather than humans) setting up free Atlassian accounts, and then setting up free instances of Jira/Confluence/Bitbucket and so-on, and then host malicious files and send spam from them.

If you've been here in the community for a while, you can see it is prone to spam itself, I'm regularly killing off maybe 10 posts a week from Atlassian accounts created by 'bots.  (It's actually thousands, but the filters here have been tuned over the years and catch most of the attempts to spam and block the posts completely!)

Atlassian shut down these bad sites as soon as they are spotted, but don't really have good automatic detection of them, nor an easy dedicated route for reporting them - raising a support request is currently the best route!

I think, but don't know, that automation.atlassian.com is the domain the automation function uses by default when set up to send single mails.  So the bots can spam from there because they use automations to send mail.

Atlassian do also take the reports here in the community, I've flagged this one for attention, it might get seen faster than the support request!

TermoSINteZ January 19, 2022

Thank you for explain. I was very surprised, since this is probably the first spam from this domain for me. And I am surprised that atlassian allow send e-mail without subcribe or another acitons from this domains and his another sevices. 

In anyway I think this is a big problem, not all users can understand a malicious link or fishing site. 

Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 19, 2022

Yes, it's just because the Atlassian checks on new users can be passed by 'bots, there's not quite enough checking and some can get past them and hence create spam-generating free servers.

There's nothing Atlassian can do other than shut down malicious machines when found, not without imposing harder checks on the "people" commissioning them!

1 vote
Answer accepted
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 20, 2022

Hi @TermoSINteZ 

Thanks for reporting this problem.  Unfortunately, the screenshot alone here is insufficient for me to be able to track down which Atlassian Cloud site might be responsible for this spam message.

One way we can gather more information about this would be for you to take that spam message and then forward it directly to abuse@atlassian.com

This in turn will generate a support ticket with out anti-abuse team that should also provide them the information they need to investigate this problem further and shut down that site that is sending this spam.

Alternative to that, if you can post to us the email headers contained within this message that too might be able to provide us enough information to track this down further.

Please let me know if you have any problems with this.

Andy

TermoSINteZ January 20, 2022

Hello Andy. No problem. I will send (forward) spam email. 

Thanks you. In any case, I am interested in improving the service, and in the absence of this kind of spam in it.

0 votes
Johannes Schneider June 27, 2023

i have also the same problem. (aT least google search found this thread when I put in "atlasian spam"): 

Ingrid Surname has joined xxxx Hi Johannes myname.

Ingrid Surname ölaksjdöklj@vone-of my-customers-domain!.com) has just joined https://myconfluence.atlassian.net in xxx. They have access to the following products:

 

----------

Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 27, 2023

Please forward the spam on to abuse@atlassian.com

There's no need to give any detail or extra information, they only need the headers which most email clients will automatically include when you click "forward"

0 votes
Evgeni Nabokov
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 3, 2023

Hi! I get this spam regularly. Here is the metadata of one of the emails.

Delivered-To: [myemail]@gmail.com
Received: by 2002:ab3:e056:0:b0:4dd:59ee:4139 with SMTP id j22csp1985553qno;
        Mon, 1 May 2023 09:44:06 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ7niRMm2RyfQMKgDapa/LWLYNqphMIdqPagCrA5DGWutvfxz7U0K/MmU4XH364/QzVOnTpw
X-Received: by 2002:a17:902:f548:b0:1aa:e0c4:54e8 with SMTP id h8-20020a170902f54800b001aae0c454e8mr7453345plf.28.1682959445813;
        Mon, 01 May 2023 09:44:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1682959445; cv=none;
        d=google.com; s=arc-20160816;
        b=FWlTVSxGI4wPy01Km8TbovYi9YYZRBb/0hkk/9lekWfjxv2tIv1B/cX0kdM0ARfCK3
         siHGV964xY/aDXOgs4iPwPbnfMrEjVuXFVHxHLAAvnmcs+4j+LLoSvcWqSsrhgz/r3yp
         3xNFB7ouSbZzL6Nhv0EtsHu8siAdoC+7DYShvoCEg02i3DTPub+JTeaZvETTlWmCUMQb
         6DA6pI2GYq5Dkk/JLzu9pIHR+Nk0h6e6NshaTqlVG3wjF/mspKW/vfqayIT2iGb5agho
         egLSjYy6IKAZ7+fGEPdzjc72cPM7G5LgWPHDySMNu3eUXy+t7zmsL4mh2V7Vm+8Nsydx
         OyGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=sender:subject:from:message-id:reply-to:mime-version:date:to
         :dkim-signature;
        bh=Nkqp8yrmj3jResecPWJ8E15SP5K2JdZwEsg33pqK3i4=;
        b=DMvUCf5enLM0UHkoAJ/Q0A/4lp3Jyg6x5H3El4gx9PAncxx0XmN+yrMchLQqHPvlkf
         utE/uI1vPGk9P1/a7ZPGPQ/d+ENtQ4fZQtl/e0lxNt8bO6LsJSwFpstbUFT0KFHUTpcB
         GE+gUTYHwTordXWMWTZnq5Oyu/19ka4IlH6oCDPvbUGM9FPfaKepc91ohbFQC6x4rxNc
         EYRoBb88lmrW4gCdUj3BT92b5R4XLjB2W3pfMJO6US+BROjjMfbkl5o9QwhibtrECvhU
         GZjy9X+/6Kp/myamsEIOUxuYemu6DkraRcCKV3EiDlwaGqs8TMRA7qe2CPnXOrqrQROb
         kkFg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@automation.atlassian.com header.s=scph0521 header.b=ktvFSGzH;
       spf=pass (google.com: domain of no-reply@am.automation.atlassian.com designates 147.253.218.182 as permitted sender) smtp.mailfrom=no-reply@am.automation.atlassian.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=atlassian.com
Return-Path: <no-reply@am.automation.atlassian.com>
Received: from mta-218-182.sparkpostmail.com (mta-218-182.sparkpostmail.com. [147.253.218.182])
        by mx.google.com with ESMTPS id c5-20020a170902848500b001aadb1147e4si5404313plo.456.2023.05.01.09.44.05
        for <[myemail]@gmail.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 01 May 2023 09:44:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of no-reply@am.automation.atlassian.com designates 147.253.218.182 as permitted sender) client-ip=147.253.218.182;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@automation.atlassian.com header.s=scph0521 header.b=ktvFSGzH;
       spf=pass (google.com: domain of no-reply@am.automation.atlassian.com designates 147.253.218.182 as permitted sender) smtp.mailfrom=no-reply@am.automation.atlassian.com;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=atlassian.com
X-MSFBL: 68jk0PH0jiaGyPsDp18Nv5DY1fuyJTeYKiV9wXnMYV4=|eyJ0ZW5hbnRfaWQiOiJ hdGxhc3NpYW51cyIsInN1YmFjY291bnRfaWQiOiIwIiwiY3VzdG9tZXJfaWQiOiI xIiwibWVzc2FnZV9pZCI6IjY0M2VkZmVhNGY2NGUxY2UwYWMyIiwiciI6ImV2Z2V uaS5uYWJva292QGdtYWlsLmNvbSJ9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=automation.atlassian.com; s=scph0521; t=1682959071; i=@automation.atlassian.com; bh=Nkqp8yrmj3jResecPWJ8E15SP5K2JdZwEsg33pqK3i4=; h=To:Date:Content-Type:Message-ID:From:Subject:From:To:Cc:Subject; b=ktvFSGzHbmGey6rNkTlV3P9JAxRKiscPeNc0vqG3/h310Vd4hz2VGXoKkrhjaAguA
  en+v2im4TfGTHNCASWl9lCU0BCYymRy1a8fYJk0RwCR55KDYQe0rLQCbM8dAQw6LS+
  WE2XbYOdPTGxB2O4WppYgOzIlcEuIU/zLvdWj0Tk=
X-Atl-Atm-Execution: {"tenantContext":{"clientKey":"0093eb46-1eda-3b6b-a482-2f9b4ee96f5d","environment":"prod","tenantId":{"id":"5495eede-2bcd-4af4-9a08-0dee0ba4bc6c"}},"executionUuid":"3297374f-3922-4b1e-83f2-7475be8212c0"}
To: [myemail]@gmail.com
Date: Mon, 01 May 2023 16:37:51 +0000
Content-Type: multipart/alternative; boundary="_----M4CzNipxpMkFq/terPZ+pg===_CB/0C-39279-FDAEF446"
MIME-Version: 1.0
X-Atlassian-Mail-Message-Id: <715c9954-55ac-4096-9c24-751a374d7abf@automation.atlassian.com>
X-Atlassian-Mail-Transaction-Id: 715c9954-55ac-4096-9c24-751a374d7abf
X-Atl-Atm-TraceId: 11e59c3c-8146-4b37-a90a-7be11ec63168::00::11e59c3c-8146-4b37-a90a-7be11ec63168
Reply-To: "Юлия, техподдержка." <no-reply@automation.atlassian.com>
Message-ID: <715c9954-55ac-4096-9c24-751a374d7abf@automation.atlassian.com>
From: "Юлия, техподдержка." <no-reply@automation.atlassian.com>
Subject: [972240825779] Ваш электронный ящик попал в список - через одни сутки он будет удален.
X-Atl-Atm-Version: automation-prod-33026-290b545e21
Sender: no-reply@automation.atlassian.com
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 3, 2023

Thank you for the report and the email header, I have referred this to our abuse team.

Sorry for the inconvenience.

Andy

Like Nic Brough -Adaptavist- likes this
0 votes
Jack Brickey
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 19, 2022

You will need to reach out to Atlassian Support for such a concern. However, while "atlassian.com is, I do not believe that "automation.atlassian.com" is their domain.

TermoSINteZ January 19, 2022

Thanks, I try ask Support directly too. In any way this shouldn't happen with their subdomains.

Dirk Ronsmans
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 19, 2022

Well it's the domain used by the automation app which uses this as it's main mail domain. So while not their main domain, they will be responsible for this one too :)

Like Jack Brickey likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events