Hello Team,

I have received spam in the last few days, posted to one of my lists. The spam is from non-subscribers. I am wondering how this spam makes it to the list in the first place, and how to stop them. Below are the headers from one such spam:

Delivered-To: odhiambo@gmail.com
Received: by 2002:a05:6358:478c:b0:1f8:8ba6:62f4 with SMTP id
i12csp6474433rwn;
        Mon, 18 Aug 2025 13:08:57 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IHwGjDJGZU1VZV2Thd34wgXeV2X6aweYtnKYgygiua1m7FH5CCqq+Meam6X7EFnMO9s7JBE
X-Received: by 2002:a17:906:7314:b0:af4:11e1:f877 with SMTP id
a640c23a62f3a-afddcb70ffamr6800866b.21.1755547737149;
        Mon, 18 Aug 2025 13:08:57 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1755547737; cv=pass;
        d=google.com; s=arc-20240605;
        b=SxOZ4g+V75ZlHjnb68dGFk0C43UBXEiiHFbsec2Nd8CciQe2WoDWDKivUrl9AOXU8C

 JtJmmL+iQfTp/gAwWVbIys7CzEEKx3zoApV867a0tIoQO3GJpNz/wMJ2uJhNwNJ13rCZ

 3VpCG0/8yMKme8Gl+wi2hFlpTusPD5//yEvj+2nUjbPyqlQTsgiGK40IsE2dPSv7nuG7

 SLCJlXQCxPLlUVo7Qhi8TuK5jmbK2k0JP4L2QpGXISMX5oRUJJX7BoZT5bn8eXRPLGUq

 IYGEqw+PUP9E/qwBLRrJ+aESBQsfAwMtjQn9UC9jJHX3kXkjL3a5SuOrrbxlXnfnTijU
         w8NA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
        h=cc:from:list-unsubscribe:list-subscribe:list-post:list-owner
         :list-help:list-archive:archived-at:list-id:subject:reply-to
         :precedence:message-id-hash:message-id:to:date:mime-version
         :dkim-signature;
        bh=68hDV7fTzXN9aXRXs+9wXgUwlV63FoOfuranZTCGBok=;
        fh=LcmHOTIZU58Nx4GQGbrz/At1kQTaA+xCcs3xKrMC9Wg=;
        b=OIvR32zF5EzJs4iH6pixYvTBd9Iwk9uWSDONJeWI3PdG2RPnT36Tj5sApTR8UhVtir

 d2vO3HCSlHlFI4+uMXE/upRQ3KQVCWYPT6LQpnkoEVrRoMJjqHobtTceOtBlGxIX00G6

 Vfa8s7ZwcBoX2XjbRcesjHVB9mtrukG05CULR2u88JsS90d1qGMjSeitGuyY5QLEKJ+H

 S1q1s7b6fMKfnb267vEvxIKYerfeDdDOHanGNhD04NB3SlSyecm6b48AknFCZi7GzJsR

 EvLXXa3C2jibniaKXmEF5AG0VRtxoP0PBpHjUmIK/kZnuEpHCBYFu2tFgzFI5FCwNnYv
         6jbA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
header.s=20230601 header.b=lrYcmBua;
       arc=pass (i=1 dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=
gmail.com);
       spf=pass (google.com: domain of kictanet-bounces+odhiambo=
gmail.com@lists.kictanet.or.ke designates 62.169.28.150 as permitted
sender) smtp.mailfrom="kictanet-bounces+odhiambo=
gmail.com@lists.kictanet.or.ke";
       dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=
lists.kictanet.or.ke
Return-Path: <kictanet-bounces+odhiambo=gmail.com@lists.kictanet.or.ke>
Received: from eu.kictanet.or.ke (eu.kictanet.or.ke. [62.169.28.150])
        by mx.google.com with ESMTPS id
a640c23a62f3a-afcdcfe5991si517853766b.444.2025.08.18.13.08.56
        for <odhiambo@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 18 Aug 2025 13:08:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of kictanet-bounces+odhiambo=
gmail.com@lists.kictanet.or.ke designates 62.169.28.150 as permitted
sender) client-ip=62.169.28.150;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
header.s=20230601 header.b=lrYcmBua;
       arc=pass (i=1 dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=
gmail.com);
       spf=pass (google.com: domain of kictanet-bounces+odhiambo=
gmail.com@lists.kictanet.or.ke designates 62.169.28.150 as permitted
sender) smtp.mailfrom="kictanet-bounces+odhiambo=
gmail.com@lists.kictanet.or.ke";
       dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=
lists.kictanet.or.ke
Received: from localhost ([127.0.0.1]) by eu.kictanet.or.ke with esmtp
(Exim 4.98.1) (envelope-from <kictanet-bounces+odhiambo=
gmail.com@lists.kictanet.or.ke>) id 1uo6A4-0000000CHwU-30KF for
odhiambo@gmail.com; Mon, 18 Aug 2025 23:08:56 +0300
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=lists.kictanet.or.ke; s=key1;
t=1755547736;
b=WkY2XGB/eY32LXMsnCNNrNdXajnBtFGm4p5kjCBhIEAcd+rwyzcg26LYFQG7xp/C2eDHU
0Ij/iuvUvOll+9RGPyq73w8FOw15OR1M/h5mN/HbykF4Gnh+6pU8d8DaK2h7E9eTAMIRDDR
mOOdT73jjkynnevslUkGAIh/vxfWdjk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
lists.kictanet.or.ke; s=key1; t=1755547736; h=from : sender : reply-to :
subject : date : message-id : to : cc : mime-version : content-type :
content-transfer-encoding : content-id : content-description : resent-date
: resent-from : resent-sender : resent-to : resent-cc : resent-message-id :
in-reply-to : references : list-id : list-help : list-unsubscribe :
list-subscribe : list-post : list-owner : list-archive;
bh=68hDV7fTzXN9aXRXs+9wXgUwlV63FoOfuranZTCGBok=;
b=q+bZ206QFffk+jpGYRebx7cXXD8dTCLs1b68gzV3Uy+YFTO9p03p5ENBl9kr1DvcJALbh
7mPz/3YdH7Sa1CS3mZhelKmjqhYWQtZMOOzJ7/kXbO8jEUpHoEFXaxQO1HNNm28zaYy12pk
WAYeNDzfyGoGKKZKgzmuQKdAYCNk+Sk=
ARC-Authentication-Results: i=1; eu.kictanet.or.ke; dkim=pass header.d=
gmail.com; arc=none; dmarc=pass header.from=gmail.com
policy.dmarc=quarantine
Authentication-Results: eu.kictanet.or.ke; dkim=pass header.d=gmail.com;
arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record)
header.from=gmail.com policy.dmarc=quarantine
Received: from mail-oi1-f176.google.com ([209.85.167.176]) by
eu.kictanet.or.ke with esmtps
(TLS1.3:ECDHE_X25519__ECDSA_SECP256R1_SHA256__AES_128_GCM:128) (Exim
4.98.1) (envelope-from <quickshop444@gmail.com>) id 1uo69F-0000000CHw6-1JXW
for kictanet@lists.kictanet.or.ke; Mon, 18 Aug 2025 23:08:06 +0300
Received: by mail-oi1-f176.google.com with SMTP id
5614622812f47-435de702f1fso2631726b6e.1
        for <kictanet@lists.kictanet.or.ke>; Mon, 18 Aug 2025 13:08:04
-0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1755547683; x=1756152483; darn=
lists.kictanet.or.ke;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=VIfOtrMM7bTnhQ2Vwudc5SN3FMByl3WOhTpPHII44vg=;
        b=lrYcmBua+w6Bq0NF+BjwZgn8yxO7BXzLEigyKu+xeimln4TjDkkDHPzCJoW2qln051

 PB/DLqRobhXvFiB80p4tCguJkioXwsArwcLpz0eKrZi5+KFyFF4i3Y8aVOnHjZuQVoWn

 i0R3iRIWoK1J7dhhE+Z6SjRqgydk9t2nTKjWP8Qpgj+ONNUhF2RUeJnbZDPzVOXJOkOM

 g6pus9P42pT2Qp8xqunoYrwE1C5J4ziHPGGmAcIqZxK4TAL1rlHBWsy5efwaZZHBVvH4

 5+oh+lw0X8P6/lBaExCuf4O9xj0ktRnwF/oHKbxMc8OsNAsXUqK+7zJuGsVOlAxfI8tF
         eGaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1755547683; x=1756152483;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=VIfOtrMM7bTnhQ2Vwudc5SN3FMByl3WOhTpPHII44vg=;
        b=iyOUsbMz9IsR6xGEZ1Lvn+ragXtxE1CfvCDZHmTlRU4KKEykXa9RnRe6lmCFVJKQYH

 BMxZ59L87Vtf5AXa5Vt8LeTqULxxxHOztYCCv+csi+VxYtPBr1lUZSwnPUMO37iT1uvt

 QOr7AWvedxrt1MvxzfPhDQOarrOay9EChH0s9nXOysFdvjYXKHx2i0vhEGIXnjAj5ui2

 e53iIqnDMJ+iv6VSMxHE9O+3421rsuXaYogucRQ7FVhae9FPaxAe5cgtSk71wrqpKh6Y

 vWVKwlZVztPGcnX2R05ea2BKV0abHRJs0kioN036/2wwJcJX3m+tLqA0T0qU+Gea29tH
         4e0g==
X-Forwarded-Encrypted: i=1;
AJvYcCXJYQJTIxYe+ntWNIJiIQdkhulnObBqF1pTm+MLmzzHR4xeMvq7zSVVLgyN7kVydj7UNXu5A+KFGA==@
lists.kictanet.or.ke
X-Gm-Message-State:
AOJu0YzBFe9uK6i55MNFpUaAY6wiAhSx4GeurEwMn/DWn6BM4nk4ry8Z
ajoJRzQlF3Hwux2sHk4q5ra/GGkHMzgm1bayjVK8W9Xk4Dg5995oiNIHaIsRpd8g2xBOF9uTtxX
zAZJ2auVDEvfzWQCxSP+87j6Wd8HNP872LiKfSRralIoS
X-Gm-Gg:
ASbGncv/WYBdRjKCdN2pJTsDyku20b+nOFUnMvxuNuEGPQPuFCOpCp/MBCYuDl2lQWt
00iuEMQW9S+FLITUAOo8+QSRVOzIWknJTUsqmVz5NwK3sXpnuivw9BiWnIs1H5Blm4lJpMArMCs
npvmQuRwWfuA99g9LeiaxGiVoLxj9qhGJzRTKa+wVOR2OkCdK6BFtTwo1xl5gRqH/bRMWfa5HIK
1DO7Ro2XX7OAxSWonfeRQ==
X-Received: by 2002:a17:902:e54a:b0:240:3f4d:b9b1 with SMTP id
d9443c01a7336-2449d05e0a3mr8416945ad.29.1755547279353; Mon, 18 Aug 2025
13:01:19 -0700 (PDT)
MIME-Version: 1.0
Date: Mon, 18 Aug 2025 13:00:00 -0700
X-Gm-Features:
Ac12FXwU-LzlgvQbYAbxCFBjP5t_XgFleCuipXiCWzABWwrGt1wOQB1VonTnm7k
To: Odhiambo Washington <odhiambo@gmail.com>
X-DKIM: Status on eu.kictanet.or.ke (62.169.28.150) using Exim 4.98.1:
dkim=pass; signing_identity="gmail.com"
X-Spam-Score: 3.0 (++)
X-Spam-Report: Action: no action Symbol: DWL_DNSWL_NONE(0.00) Symbol:
ARC_NA(0.00) Symbol: R_DKIM_ALLOW(-0.20) Symbol:
RWL_MAILSPIKE_POSSIBLE(0.00) Symbol: FROM_HAS_DN(0.00) Symbol:
TO_DN_SOME(0.00) Symbol: FREEMAIL_FROM(0.00) Symbol: R_SPF_ALLOW(-0.20)
Symbol: MIME_GOOD(-0.10) Symbol: PREVIOUSLY_DELIVERED(0.00) Symbol:
URI_COUNT_ODD(1.00) Symbol: TO_MATCH_ENVRCPT_SOME(0.00) Symbol:
MID_RHS_MATCH_FROMTLD(0.00) Symbol: DKIM_TRACE(0.00) Symbol:
RCPT_COUNT_TWO(0.00) Symbol: DMARC_POLICY_ALLOW(-0.50) Symbol:
RCVD_IN_DNSWL_NONE(0.00) Symbol: SUBJECT_ENDS_EXCLAIM(0.00) Symbol:
FROM_EQ_ENVFROM(0.00) Symbol: MIME_TRACE(0.00) Symbol: RCVD_TLS_LAST(0.00)
Symbol: ASN(0.00) Symbol: RCVD_COUNT_TWO(0.00) Symbol:
FREEMAIL_ENVFROM(0.00) Symbol: R_UNDISC_RCPT(3.00) Message-ID:
CAEqek54J5Ad1Z65moLQ8zqKDYeF8Ri35QXVKpqjnJQghHo1dyw@mail.gmail.com
X-Spam-Score-Integer: 29
Message-ID: <
CAEqek54J5Ad1Z65moLQ8zqKDYeF8Ri35QXVKpqjnJQghHo1dyw@mail.gmail.com>
Message-ID-Hash: XWBI7NL5ECN4ZKRW2VWIBHDKXLD7UPCH
X-Message-ID-Hash: XWBI7NL5ECN4ZKRW2VWIBHDKXLD7UPCH
X-MailFrom: quickshop444@gmail.com
X-Mailman-Rule-Hits: header-match-kictanet.lists.kictanet.or.ke-18
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
banned-address; header-match-kictanet.lists.kictanet.or.ke-0;
header-match-kictanet.lists.kictanet.or.ke-1;
header-match-kictanet.lists.kictanet.or.ke-2;
header-match-kictanet.lists.kictanet.or.ke-3;
header-match-kictanet.lists.kictanet.or.ke-4;
header-match-kictanet.lists.kictanet.or.ke-5;
header-match-kictanet.lists.kictanet.or.ke-6;
header-match-kictanet.lists.kictanet.or.ke-7;
header-match-kictanet.lists.kictanet.or.ke-8;
header-match-kictanet.lists.kictanet.or.ke-9;
header-match-kictanet.lists.kictanet.or.ke-10;
header-match-kictanet.lists.kictanet.or.ke-11;
header-match-kictanet.lists.kictanet.or.ke-12;
header-match-kictanet.lists.kictanet.or.ke-13;
header-match-kictanet.lists.kictanet.or.ke-14;
header-match-kictanet.lists.kictanet.or.ke-15;
header-match-kictanet.lists.kictanet.or.ke-16;
header-match-kictanet.lists.kictanet.or.ke-17
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: "Kenya's premier ICT Policy engagement platform." <
kictanet@lists.kictanet.or.ke>
Subject: [kictanet] Never Miss a Moment: Discover our Ultimate Wireless
Mini Wi-Fi Security Camera! Easy to install, app-controlled, with night
vision and motion detection—stay secure and connected!
List-Id: "Kenya's premier ICT Policy engagement platform." <
kictanet.lists.kictanet.or.ke>
Archived-At: <
https://lists.kictanet.or.ke/archives/list/kictanet@lists.kictanet.or.ke/message/XWBI7NL5ECN4ZKRW2VWIBHDKXLD7UPCH/
>
List-Archive: <
https://lists.kictanet.or.ke/archives/list/kictanet@lists.kictanet.or.ke/>
List-Help: <mailto:kictanet-request@lists.kictanet.or.ke?subject=help>
List-Owner: <mailto:kictanet-owner@lists.kictanet.or.ke>
List-Post: <mailto:kictanet@lists.kictanet.or.ke>
List-Subscribe: <mailto:kictanet-join@lists.kictanet.or.ke>
List-Unsubscribe: <mailto:kictanet-leave@lists.kictanet.or.ke>
From: Quick Shop via KICTANet <kictanet@lists.kictanet.or.ke>
Cc: Quick Shop <quickshop444@gmail.com>
Content-Type: multipart/mixed;
boundary="===============5859792345051880634=="

--===============5859792345051880634==
Content-Type: multipart/alternative; boundary="000000000000f8ee83063ca93364"

--000000000000f8ee83063ca93364
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]