Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,298,528
Community Members
 
Community Events
165
Community Groups

Reporting atlassian.net sites that are sending spam

Edited

12 answers

4 votes
Daniel Eads Atlassian Team Mar 02, 2021

Hi @rolecan , welcome to the Community!

We're currently investigating some sites that have been abusing our platform to send emails related to a bitcoin scam. 5 of the 7 sites you listed are known to us already (as well as more) - if you are willing to list any additional sites, I can ensure we are taking action against them.

As for the cause of this spam, unfortunately we are still working through the technical details on blocking this type of abuse of Jira. The send email functionality is critical to Jira's functionality. We do have some limits in place regarding the number of emails a new site can send, but as you've seen, this attack has defeated that mechanism by simply spinning up a number of sites at once. We shut these sites down when they are known - example above, we've taken action against 5 you've listed already but your report helped identify another 2. We're also working on the mechanisms needed to detect this type of email before it leaves a Jira Cloud site. Again, if you are willing, please continue reporting these sites - and thank you for the ones you have reported already.

Cheers,
Daniel | Atlassian Support

Please stop sending me emails!

I really don't care to hear about new Jira features, etc... not at the rate your spamming me with in-product popups, notifications and emails.

Like Maximilian Dietrich likes this

This conversation is nothing to do with the Atlassian mail-outs you have signed up for.

Go to https://preferences.atlassian.com/main and log in, you may need to click on "email preferences".  This page allows you to unsubscribe yourself from the mail you signed up for before.

There is an "unsubscribe all" at the top you might find useful.

Like # people like this
1 vote

Another one from today

jira@5fgdf.atlassian.net

Andy Heinzer Atlassian Team Mar 11, 2022

Thanks for reporting it. I have filed it with our anti-abuse team to review.  Sorry for the inconvenience.

Is there a better way to report these in the future?

In another thread on the same topic, the last suggestion was to simply forward any spam email (with as much of the email header detail as you can include easily, and no need to comment or complain) to abuse@atlassian.com

I think that's still the case, but Andy will correct me if it's changed recently!

Like # people like this

Still happening!

 

jira@sfjfkgkjjhrg.atlassian.net

jira@sdghadgsd.atlassian.net

jira@sfdbdffgd.atlassian.net

............

 

Now coming in every day. I am about to blacklist all emails from atlassian and only whitelist those really needed :)

 

Anything being done about that ?

Thanks

Daniel Eads Atlassian Team Oct 28, 2021

Hi @portalzine , thanks for this report.

We've started the process to investigate and suspend these sites. Reporting helps terminate sites that violate our terms of service and are being used for mail spam faster, and improves our detection of these instances. Thanks for taking the extra time to mention which email addresses you received spam from.

Cheers,
Daniel | Atlassian Support

Like Maximilian Dietrich likes this
0 votes

Got some spam today from:

confluence@l5619yfoy68dpqj.atlassian.net

confluence@nqrz4ylkvuhkbl4.atlassian.net

confluence@1tzavs7b7g5fr85.atlassian.net

confluence@vnjovc6wjnovzvq.atlassian.net

confluence@s2mpvk2t3lsb5ue.atlassian.net

There's another conversation about these where Atlassian have asked us to send on spam from these dubious sites to abuse@atlassian.com (forward the email with full headers, no more information needed)

Like Gytis Liutkus likes this
Andy Heinzer Atlassian Team May 05, 2022

Thanks for flagging this. Sorry for the inconvenience.

Thanks, I will use abuse@atlassian.com for reporting malicious sites going forward.

Had spam from

jira@5fgdf.atlassian.net

0 votes
A new spam run.  Here are headers.

Received: by jcsu.edu id b7r55dv3s2i7 for <dREDACTED>; Fri, 11 Mar 2022 09:13:09 -0500 (envelope-from <info@jcsu.edu>)
Delivered-To: adinafieste@gmail.com
Received: by 2002:a55:835a:0:b0:14d:e4a5:ad1f with SMTP id 26csp253741egz;
Fri, 11 Mar 2022 06:07:52 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxF+JX+MvaivX5hsp9xLnENUwTR3r5Fpkm4y9dwC1nDNel/pvW6PK+Xk51nss7lwFJAn4NE
X-Received: by 2002:a05:6a00:ad2:b0:4f1:2734:a3d9 with SMTP id c18-20020a056a000ad200b004f12734a3d9mr10061588pfl.61.1647007672352;
Fri, 11 Mar 2022 06:07:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1647007672; cv=none;
d=google.com; s=arc-20160816;
b=QHXeCHiEe77148RpKr6dKDtkS4/GKCihlxD0BwmfXwzenXYaZp5JryW8jwN2vlqC0o
iO8jZJEMnCDyLNmhP6XCfaHGNVQ6KyiTJMnrUgjIPy07tIgM0LaCiWfO37x6LnG9FFGX
1qEoD/v2P7Z9LUCXqW+fuBiGM5R6OI5stMW30WUEYQtqTVUEfYsHRdXdH9gofv8pFcvV
AN3QYZAv6GVA5lzvlvHti3qzh7vY2WEvdwarQgakfj/8Xej/Pkz0JGR9v+AM5huSi+vb
pclZB1N75PfJo8vdm7Lcd1eE7qlviI0MjHIxXwyT6A26UAgqoHQe8O4jFRUqIkmuyAlT
jSSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=mime-version:precedence:auto-submitted:date:delivered-to
:atlassianmail-meta-obsolete-id:atlassianmail-meta-transaction-id
:message-id:subject:reply-to:from:dkim-signature;
bh=tIcHWQWpkow4chmsV8TnTPTTffVngWfhrSc8kEj+Jjg=;
b=LqbVCy5xUTML77CR0qMhMwS12ONjRC6kLeVZCPqndbnY6D0WZrF0AXtX/Dthz1DQMd
RIwKtNJ5SDT/RFFOtCW8wXYJVFh4pCFoNmwwhZfCHYfoVlLxQkDI/BUEB6W2nZXG3RT1
DPgSSQ2UmVJr+wV0/Vq1RxPuaZRU2LF8Upbo/RuBVesqBEyspq+n9EtcgINbKXH0QyGD
cyiFjGwXE5JjQz+ruLv2VC+Agv8SdXVWS6wYUIdSlSPoWOYzhYV7EQ5yg8+kktquji8b
282W0LQ7LOIK7qArZAEHADeXj5CN00KtBH9bzYvvf3S1FKZLvgEJLDFxCbm2JlxBiha4
aEgQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@mail-us.atlassian.net header.s=atl201805 header.b=mmRVLaKn;
spf=pass (google.com: domain of jira@mail-us.atlassian.net designates 192.174.81.96 as permitted sender) smtp.mailfrom=jira@mail-us.atlassian.net;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=atlassian.net
Return-Path: <jira@mail-us.atlassian.net>
Received: from mta-81-96.sparkpostmail.com (mta-81-96.sparkpostmail.com. [192.174.81.96])
by mx.google.com with ESMTPS id q11-20020a170903204b00b00151c6f5d7basi6682346pla.4.2022.03.11.06.07.51
for <adinafieste@gmail.com>
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Fri, 11 Mar 2022 06:07:52 -0800 (PST)
Received-SPF: pass (google.com: domain of jira@mail-us.atlassian.net designates 192.174.81.96 as permitted sender) client-ip=192.174.81.96;
Authentication-Results: mx.google.com;
dkim=pass header.i=@mail-us.atlassian.net header.s=atl201805 header.b=mmRVLaKn;
spf=pass (google.com: domain of jira@mail-us.atlassian.net designates 192.174.81.96 as permitted sender) smtp.mailfrom=jira@mail-us.atlassian.net;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=atlassian.net
X-MSFBL: z7QGoogk+6Ca04CyT29/aRLp8fAYhuJYiEPxnOj07fk=|eyJzdWJhY2NvdW50X2l
kIjoiNCIsInIiOiJhZGluYWZpZXN0ZUBnbWFpbC5jb20iLCJ0ZW5hbnRfaWQiOiJ
hdGxhc3NpYW51cyIsIm1lc3NhZ2VfaWQiOiI2MjJhYjc1NzJiNjIzODhmNWU0YiI
sImN1c3RvbWVyX2lkIjoiMSJ9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=mail-us.atlassian.net; s=atl201805; t=1647007671;
i=@mail-us.atlassian.net;
bh=tIcHWQWpkow4chmsV8TnTPTTffVngWfhrSc8kEj+Jjg=;
h=From:Subject:Message-ID:Date:Content-Type;
b=mmRVLaKn7MkLXB1d1se61oNoT2u2BYD7JmPuMXkVQ6578r4pSAsZUClU8DMNtKe/6
cJBsE/jptYw7oE8fEdizlX0ljq2fyciHN5jTWMrRGB1/eD5/7D5bOe27lPkt6yxpAu
+3vVd9FJknjmH16zZymT7mzZBZuQKv5TvlQJomKM=
From: "NFT daily" <jira@5fgdf.atlassian.net>
Reply-To: <jira@5fgdf.atlassian.net>
Subject: [JIRA] This is your time! Seize the moment and get on board with NFTs
Message-ID: <2028006580.31.1647007670848@ef6c7e00f855>
AtlassianMail-Meta-Transaction-ID: 01FXWMX8TJW3MDE1JV30K1DDHV
AtlassianMail-Meta-Obsolete-ID: 01FXWMX8TJW3MDE1JV30K1DDHV
X-Atl-Queueid: DABB11C6-8D58-4503-A195-710B2162F3E1
Delivered-To: adinafieste@b89a1cf3f383
Date: Fri, 11 Mar 2022 14:07:49 +0000 (UTC)
Received: from ef6c7e00f855 (ef6c7e00f855 [10.106.86.104]) by gmail.com with SMTP id f3426ea4b4854361866e002cfcbc5d8b@gmail.com; Fri, 11 Mar 2022 14:07:51 +0000
X-Atl-Mail-Meta: cloud_id="8d59a599-86de-48bb-912b-57f0c68fe5c8",product="jira",tenant="https://5fgdf.atlassian.net",fe="jira@5fgdf.atlassian.net"
Auto-Submitted: auto-generated
Precedence: bulk
X-Jira-Fingerprint: c9a0f0436f04a573b2ad3db8d2f22217
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=enmime-4f64d24e-8646-4f87-a199-b001e4e9600f
0 votes
jvisc I'm New Here Feb 25, 2022

Hello, I would like to report the following which has sent me spam via Jira

jira@diabetsoluenva.atlassian.net

There's another conversation about these where Atlassian have asked us to send on spam from these dubious sites to abuse@atlassian.com (forward the email with full headers, no more information needed)

Like Andy Heinzer likes this
Andy Heinzer Atlassian Team Feb 26, 2022

@jvisc Thanks for reporting it to us.  I have flagged this site for investigation by our anti-abuse team. 

Hi Jira support team,

We are also encountering SPAM from a variety of your subdomains, including

  • jira@adinisthefreed.atlassian.net
  • jira@benchdrak.atlassian.net
  • jira@dd3sx.atlassian.net

Since you have been made aware of this issue in March this year and it still persists, I would like to know how you are planning on mitigating the issue and a time frame when we can expect it to be solved.

 

Thanks in advance for your help.

 

Kind regards

Maximilian Dietrich | IT system administrator | SAXOPRINT GmbH

Daniel Eads Atlassian Team Dec 06, 2021

Hi @Maximilian Dietrich ,

Thank you for reporting these sites. One of the three you mentioned has already been disabled by our anti-abuse team. Based on your report, we've marked the other two for takedown.

Some information about the steps we're taking to reduce this type of email abuse is in previous replies. For Free sites, we do limit the number of emails that can be sent. Sites generating content like this are often identified automatically, but we do appreciate being notified of any spam emails you get in order to take down the sites and improve our detection capabilities. I have asked our internal anti-abuse team if there is additional information we can share at this time!

Thanks,
Daniel Eads | Atlassian Support

Hi,

actually I got spam from jira@balimaakyahabibi.atlassian.net

I'm not able to adress a support request so I try to adress this issue here, hopefully you can help.

Spam is annouced as shopping voucher from LIDL.

Anybody in the same situation?

Best regards Christian

Andy Heinzer Atlassian Team Nov 15, 2021

Thanks for reporting that subdomain @Christian Seuß I will report this to our anti-abuse team for further investigation.

Like Nic Brough _Adaptavist_ likes this

Hello, 

We would like to report more email addresses from which we got a lot of spam the last weeks:

jira@ffd5.atlassian.net
jira@ddcx.atlassian.net
jira@4dx.atlassian.net
jira@nrf8uj.atlassian.net

Thank you for taking care of them.

Best regards,
Nina

Daniel Eads Atlassian Team Sep 29, 2021

Hi @Nina Eickeler , thank you for this report!

Our anti-abuse team has already suspended two of these sites, and I've started the process on the other two.

Cheers,
Daniel | Atlassian Support

Like Nic Brough _Adaptavist_ likes this

Hello, 

I also would like to report some mail addresses from which we got a lot of spam mails. It would be great if you could block them as well:

 

jira@zamata.atlassian.net
jira@antropo.atlassian.net
jira@s3dsf.atlassian.net
jira@az3s.atlassian.net
jira@c5f.atlassian.net
jira@x4fd.atlassian.net
jira@nbtc2.atlassian.net
jira@ssc5.atlassian.net
jira@ccx3.atlassian.net
jira@oo9sd.atlassian.net
jira@dd7s.atlassian.net
jira@l9omn.atlassian.net
jira@v6hj.atlassian.net
jira@s3dd.atlassian.net
jira@btcweek.atlassian.net
jira@8jnmf.atlassian.net
jira@g4hj.atlassian.net
jira@v6ikdf.atlassian.net
jira@n8djf.atlassian.net
jira@g54h.atlassian.net
jira@hnd8nf.atlassian.net
jira@nd8hnd.atlassian.net

 

Thanks & Cheers,
Nina

At a glance, the couple of those I've just tried are "unavailable", which makes me think Atlassian have already caught them and killed off the spam systems, so you shouldn't get any more.

Daniel Eads Atlassian Team Jul 30, 2021

Hi @Nina Eickeler , welcome to the Community!

We've flagged these sites for takedown. Thanks for reporting - this helps us get them out of your way and points at some cases to help improve our anti-abuse capabilities.

Cheers,
Daniel | Atlassian Support

0 votes

Um, this report actually looks like spam itself, as there's a link to a website behind all the emails.  I guess that that is an artefact of where you copied the addresses from.

The list is all email addresses that would have come from Cloud Jira systems where you have been added as a user, or someone has used a 3rd party app to send emails from them.

This is not really something Atlassian could deal with - someone has set up all those systems and then used them (or allowed them to be used) for spam.  Technically, you should be getting in touch with the administrators to ask them to remove you from their system, but if they're malicious spammers, that's actually the worst thing you could do (confirms there's a human on the end of your email so you'll actually get even more)

I do know Atlassian has a problem with spam accounts - in order to create an Atlassian Cloud system, you have to have an Atlassian account (same as you do to post here) and it's clear from the amount of spam the Community gets posted that it is too easy to create a throwaway Atlassian account which you can then use for spam, I didn't know the bots were also capable of commissioning entire Cloud systems to do more spam!

I'll get some Atlassians to have a look at this for you, I think it's important for them to see the general problem as well as doing something about the specific Cloud Jiras that have spammed you.

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you