Dear Ravenstar, Thanks for info. I think I've sorted my problem, have just put in new filter rules to discard any mail with the all or almost all of the subject heading words, such as Undeliverable, Mail Delivery Status, etc. I don't send out much mail and only get one or two returns in a year, so this should get rid of the immediate problem of 500+ spam mails flooding my phone or PC. I don't think it's just one sender, sounds like quite a few people have been affected by this kind of spam attack, so even if I went through 1500+ emails (do I really have the time, predilection or eyesight to go through so many attachments?!), I might still get similar spam from another or missed address.
The real issue is why isn't Virgin Media doing more about it. It was widely reported around the turn of the year that one of VM's address lists had been hacked in 2019, and my old ntlworld address has had more spam in the last 4 months than in the last 20 years. One of the other forum members said that changing passwords won't help as the spammers are using a backdoor in VM's own system. If I can adjust my spam filter rules, isn't it about time VM did something to weed out these spam mails as they go through VM's own servers?
Dear Ravenstar, Thanks for reply. I'm not worried about legit non-delivery bounce mails, maybe get one a year and if I don't hear from recipient, it's their lookout. One less thing to worry about! Haven't checked out any of the fake mails, as I deleted them all & haven't received any more for 10 days, so my filter rules to discard are probably working. By 'text editor' I presume you mean something like Notebook (think that's the only one I've got - does 'View source' count as one)? However I have changed my password just in case. Cheers, Ross
Unless I've checked the mails themselves I would start by assuming they were genuine UNLESS there was evidence to the contrary.
This is because Virgin Media use use SPF and sign their mails with DKIM INCLUDING the mailer-daemon emails. They also have a DMARC policy of Quarantine meaning spoofed bounce mails would end up in the spam folder.
So I will repeat what I said before:
If you are getting bounce mails with the address firstname.lastname@example.org then someone has been sending the emails using Virgin Media's mail servers.
To send from those servers you either need
A valid Virgin Media email address and password. OR A compromised computer on a Virgin Media IP address. (In which case the X-Authenticated header might be blank).
Worse if you are getting Bounce mails from email@example.com then that would indicate that the webmail system is involved.
Now we've seen evidence of all three in the past (in fact I can go one better, back in the days when Gmail was hosting the account, I came across evidence of a mail sent using the Gmail system back in 2013 I think it was) So we know that spammers have and still do use hacked Virgin Media email accounts to send mail.
Now if the bounce messages DON'T have virginmedia.com after the @Symbol, then that would indicate that someone had been spoofing using third party email servers.
With regards to view source. If you know how to be sure you're reading the text of the attachments then by all means you can use this, otherwise I normally recommend saving the attachments and viewing them in Notepad or Wordpad.
If this were my account I would disable the filter rules and see if the password change has put a stop to the bounces.
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks