SPAM-FROM MYSELF

I often get spam from my own name/email address which is spoofed therefore are forged emails.

Virgin filters do pick these up as spam, so credit where it is due.

usually they modify the sender address so it has my virgin name/number (myown.namexxx@ntlworld.com) but with a different domain which could be gmail or outlook etc., so would look like - (myown.namexxx@outlook.com) or (myown.namexxx@gmail.com)

They usually originate in usa or canada and the headers when analysed indicate at least 4 hops some via multiple  unknown servers and using outlook to send from "unknown" and links in the email are to unknown websites, probably on the dark web. These are not the usual spam but crafted by hackers I suspect.The content offers services/ products  and are  dubious/suspicious content and links/attachments etc.

Perhaps they think you will open and click on  the email if it from yourself??

In some cases by chance the email address does exist and belongs to someone else's account using the "same name combination" as my virgin email but with another domain. So it may be they abuse another person's email address for spoofing and they borrow this or hack it to use, or may even set it up as a live email or alias  to spam from.

I get these with regularity and report them to action fraud, the original source servers change every time so they hide their true identity by never sending from the same server more than once, probably to avoid the servers blocking them so they keep switching server name or use their own servers on the dark web. It is big business.

alf28

EMAIL SPOOFING DETECTION

If a spammers uses their own server and mail software, the sender address can be spoofed, the virgin spam filters hopefully should pick this up if switched on in settings.

The sender can mimic a company, a person ,yourself , basically any email sender address that they choose but the true sender is hidden somewhere in the headers.

I have a mixture of unknown sender emails but also get repeated ones from my own spoofed modified address changed to gmail or outlook, the same sender can send approx one per month with a fixed sender address, or in some cases a changing sender address from the same sender.Some have been coming for 3 years or longer, so the spammer/hacker/blackmailer constantly repeats the email regularly with some changes and new or repeated  scams.

I am reporting all to action fraud however many they send to me.

see-

How Spammers Spoof Your Email Address (and How to Protect Yourself) (lifehacker.com)

alf28

Hi Spam Sufferers,

Been getting dozens of these daily also.

I have several filters set up, but none appear to work.

I have set up

Address - Header From - Part All - Contains - 

be.ichbuiseness.com|reach.ewboutside.com|cmu.edu|store.nnzfitness.com|independent.co.uk|iam.ibm.com|adv.zdcfootball.com|per.xxwbuiseness.com|store.nnzfitness.com|adv.zdcfootball.com|iam.ibm.com|busline.com|em.biglots.com|roundhouse.org.uk|owner.pzpsport.com|lpandl.com|e-mail.justfab.com|independent.co.uk|on.thesecurise.com|info.yfkginous.com|ratrace.com|yourhealthcareprovider.co.uk|mx1.succ6.nl|nytimes.com|sporting-gift.com|tenderapp.com|scholar.yfkginous.com|night.dpxgainful.com|e.warnerrecords.com|e.atlanticrecords.com|nemona.ilsg.co|tenderapp.com|all.yfkginous.com|deals.qpbsublet.com

Set Action to Flag RED

File - Into Spam

Process to subsequent Rules is ticked

If have tried this with the '@' symbol added to all of the Domain names

I have tried Address - Header From - Part Domain - Contains - As above with and without the @ symbol

I have tried the Condition simply From with all variations

The only thing that works is to do From then Regex  with variations of the above conditions, but that pretty much flags everything and moves everything into Spam.

Sample being as follows, the others described as above

Just got an email from one of the domains above, it did not flag up or go to Spam. I really don't know what I'm doing wrong.

Would really appreciate any help - Thanks in advance

Hi BeestonBoy71,

If I've understood you correctly, the "@" doesn't have much bearing on the filters, just the constant parts of the spoofed email addresses. Whilst copying parts the the address, I've occasionally included it and other times clipped it out. Have you tried the one I suggest in message 61 in this thread?

Here's a current screenshot ...

Current filters here (some with, others without @) ......

@handelcloud.com|reprecial.com|use.hjxbloc.com|avanquest.com|infoscape.eu|dpdukdomain.co.uk|zIYDmc792tzLa2DBP7|81.cn|audise.com|@tsongbrio|bwhhealth|@adhamdannaway|@allwording|@kuslarinselami|@giantlottos|snd.115promo|@haob.eupedesker|@ubi.com|@naturetoday.com|@e.ea.com|@tmstor.es|@bbox.fr|news.tulipsmail.eu|umberd.com|tvlicensing.co.uk.g|hargray.com|dealbistro.co.uk|hkjhkhj@|webmail.bell.ca|basogho.onthewifi|@giorgioss.com|@mail.com|bropuld.com|@viewdns|@razzball|@energysystem|@mthai.com|@zulu|@mightynetworks.com|@welshrugby.wales|@info.dealmates|@em.cowshed.com|@email.startribune.com|@moma.org|from@amazonaws.com|@openface.ca|@therdancer|from@telegram.org|onlineapplylearn|chatbot4u|cartimex|extremegb|@NextEmail.co.uk|@e1.llbean.com|@leveltimeshort|@individualdedicated|headlines@trib|latimes|CustomerService@Munchies|admin@turnoutpac|TUT.com|goodhousekeeping@|TermLifeAlert@|CryptoLibra|learning@ionbeamservices.co.uk|TestersKeepers|@trib|FlexibleDigitalSolutions|@uaonlineshop.com|microsoftstore@micserv|itcoin|from@privateserverspoint|@info.deal-mates|@tactical-timepieces

The alleged addresses are changing frequently as you're aware, so I have just one other filter running using the same method for the subject headings ...

Current Subject filters here....

your investment contract is complete|make millions|You could earn millions|Your application has been approved|Our limited offer is live now|Try our new samples|We are giving you the opportunity to test|sexual performance|Way To Become Rich|TELEGRAPHIC TRANSFER NOTICE|Your package is detained in the terminal|We have a new one here for you|We still have your Reward|What I have to reveal to you|Funeral plan|You have been selected|Never miss a parcel|Unable to authorise your payment details|TV Licensing|CBD oil|Gummy|Gummies|Do you have chronic Pain

So far, nothing I have added to the above two filters has got through to my inbox. There's always going to be variants / other headings that need adding.

The other thing I do is send everything off to SpamCop which has reduced scum coming in substantially. There's a little setting up to do initially, but afterwards you just save the scum as ".eml" and send it/them off to your allocated email address (given once you're joined up). Worth looking into if you're not going to move away from using Virgin's email addresses.

Hope this helps.

The multifilter you have shown can only be used with rejex   e.g from -rejex- firstcompany|secondcompany|third company (separated with vertical lines)

from-contains -is for a single filter only   from-contains -first company (just one filter element)

that is why you got it working in from - rejex

I use a similar system  to you with a lot of filters using from-contains, from-rejex, and subject- contains and subject- rejex as separate filters, more than one can be added to each filter, tick apply rule if any condition is met if several conditions are in one filter, could be from, subject, body

I have not used the address condition myself, but do use some header conditions. It is trial and error and takes time to test as the emails arrive in the inbox and if needed modify/correct filters one at a time till they prove to work directing the emails to the desired folders you have set up, I do exactly the same and mine work very well. If subsequent is ticked more than one filter sometimes picks up the same email but not really a problem, I allow that, but I pick and choose some with subsequent not ticked, so they go to a specific folder. Anything not picked up by the filters will go to the inbox.

Hope that helps, suggest you check the boothy99 posts on rejex filtering which explain it well.

alf28

ALTERNATIVE suggested METHOD OF SPAM CONTROL-ONE TIME SOLUTION-NEEDS just occasional UPDATING ONCE SET UP.

Just one spam holding folder needed or use spam folder.

CLASS EVERYTHING AS SPAM EXCEPT FOR YOUR KNOWN CONTACTS

USE "JUST ONE FILTER NEEDED"  very simple way- TO CONTROL SPAM- WITH EXCEPTIONS-YOUR WHITELIST

Filter instructions- (TICK APPLY TO ANY CONDITION IF MORE THAN ONE)

CONDITION- FROM- DOES NOT CONTAIN- YOURCONTACT1@VIRGINMEDIA.COM

CONDITION- FROM- DOES NOT CONTAIN- YOURCONTACT2@OUTLOOK.COM

ETC.

(or could be done with one SINGLE rejex filter-  FROM-NOT REJEX-YOURCONTACT1@VIRGINMEDIA.COM|YOURCONTACT2@OUTLOOK.COM|ETC.

Thus all is filtered to a chosen folder except the list of whitelisted exclusions (your whitelist of all your genuine contacts)

I HAVE TESTED THIS METHOD AND IT WORKS (over 9 days)

ACTION -FILE INTO -SELECT FOLDER -(SPAM OR NAMED FOLDER)

NOTE- THE SPAM folder  DELETES all emails AFTER 30 DAYS SO THEY WILL BE LOST, SO I PREFER A HOLDING FILE TO CHECK FILTERED SPAMS IN CASE A GENUINE EMAIL IS INCLUDED NOT YET ON THE WHITELIST.

THE ADVANTAGE OF THIS IS IT CATCHES ALL SPAM, BUT YOU MUST ENSURE ALLGENUINE CONTACTS-WHITELIST ARE EXCLUDED.

INITIALLY MAY NEED UPDATING, TO CATCH ALL WHITELIST CONTACTS, BUT ONCE DONE ALL THAT IS NEEDED IS TO CHECK THE FILTER FOLDER , CHECK SPAM AND DELETE IF REQUIRED, OR IF A GENUINE EMAIL HAS SLIPPED THROUGH IT COULD BE MOVED TO THE INBOX OR ANOTHER FOLDER and add to the whitelist exceptions.

be careful using this method in case you lose any genuine emails, it is is a trial I am doing.

the other filters you use will not be affected if you tick subsequent, so could be used alongside other filters.

ALF28

more on spoofing-tracing the original sender ip address

see- How to Determine The Origin of an Email Message (earthlink.net)

Some countries have a spam reporting email address, as well as the UK one I use, report@phishing.gov.uk, if the original first received ip source is usa,canada etc,

for example usa---  forward spam email to spam@uce.gov

canada-  forward spam email to    spam@fightspam.gc.ca

there may be many other reporting services across the world, easy to google this.

I did a test and  forwarded myself a spam email, and found that virgin forwarding removes the headers information, so wise to view source of email, copy and paste the header data into the forwarded email and also add any comment like unsolicited spam email, spoofed sender address etc.

alf28

I just reported a spoofed sender address email- sent from my own name.

I could send this to report@phishing.gov.uk-success

But the USA goverment  server blocked me from sending to  the spam email to SPAM@UCE.GOV

It could not be sent due to spam content, but this defeats the object of spam reporting.

Perhaps the spammers know how to prevent emails being reported by adding spam content, or perhaps UCE.GOV already have this one, but unlikely as it is specifically sent from myself????, so unusual.

It was an UNKNOWN UNSOLICITED email sent from my own other email address (not a virgin one) to my virgin ntlworld email address (from me to me???)- how odd.

alf28