on 10-11-2020 11:46
I'm so sick & tired of VM's utterly useless Spam filter! VM is happy to allow any messages about Viagra, Bitcoin scams, phishing attacks through, but blocks many real e-mails! I've had 20 scam e-mails in the last 3 days trying to get me to renew Norton anti-virus (which I don't have). I mark them as Spam each time, but the system never learns!
As I said the system also blocks proper e-mails sometimes - e-mails from a Dutch company I deal with are always blocked, no matter how many times I mark them as not Spam. I even had an individual e-mail from a UK company acknowledging an order classed as spam.
Its useless, and its always been useless, and it never gets better! I wouldn't mind if the system ever learnt - isn't that what modern sophisticated systems are supposed to do???
Answered! Go to Answer
on 21-02-2021 17:15
Curiously, my flow of Spam has mostly ceased, apart from the odd Bitcoin scam. However, my Spam Filter is still randomly marking perfectly good e-mails as spam, without any rhyme or reason for what it picks!
I've been forwarding most of the spam emails to report@phishing.gov.uk
They claim to take down 000s of dodgy sites and email hubs - they may be more effective than VM!
on 21-02-2021 18:04
Hi ,
The date is the date of the spam batch that was delivered to the first smtp server . email addresses are harvested from know already data breaches .
The spammer uses an already compromised smtp server to to push out the spammed emails, Since this spammer sent out his emails through several smtp servers the first delivery date is that date I gave out .
Thanks for everyone’s input and glad your mail is now being caught.
welsh1lad 🤟🏻
on 22-02-2021 00:58
@welsh1lad wrote:Hi all ,
It would appear that the security emails are coming from a compromised smtp mail relay server in In Dallas , by changing your email filter to filter out headers with the following date.
Date: Wed4 Oct 2020 18:44:07 -0400
Check your spam box , for the headers that have this exact date & Time .
Ah thank you! Yes they’re all dated 4 October! I’ve just attempted to add a new filter and hoping I this will do the trick. Will let you know...
23-02-2021 11:15 - edited 23-02-2021 11:21
REPORTING EMAIL SCAMS to other countries outside of the uk
SEE
How to Report a Scam (consumerfraudreporting.org)
One regular spam email I am getting has been sent from Brazil, Argentina and Slovakia, the server keeps changing for the same sender address, so the scammer is bouncing the spam all over the world via different servers.
Some countries do have scam reporting addresses, I have just forwarded a scam to brazil reporting address mail-abuse@cert.br
However some counties do not seem to have reporting addresses and the internet is un-monitored and prone to fraud so used by scammers probably using spambots on personal computers.
I also report to UK action fraud and file to the spam folder, and since doing that, my spam has reduced dramatically, some days get zero now.
(spoke to soon just got another dating email from Italy saying they have my user page with my details, getting those mostly now, this one is a new sender)
However I can not report to the USA, all come up as mail delivery fail on uce@ftc.gov
With a google search look for other countries not listed to report scam emails. Some can only be reported if a crime has been committed
see Report Cybercrime online | Europol (europa.eu)
alf28
23-02-2021 11:41 - edited 23-02-2021 11:56
IMAGES GETTING THROUGH-dating emails- security violated.
Even though my email setting is unticked for -Allow HTML formatted email messages
I noticed first time ever if forwarding email to action fraud, the attached image displays as a thumbnail in the forwarded email to action fraud, picture of woman.
The concern here is the image may have a tracking pixel and code embedded, and should not be displayed, so the scammer is by-passing the virgin email settings and showing image when forwarding- perhaps this is a new tactic by hackers? (has never shown image before just empty box for image)
This concerns me as html is switched off???
The header of the email had was unusual very long,with many pages of dummy text added, it is enormous.
Is it still safe to forward these type of emails to action fraud using virgin web mail etc when html/images can appear even though html is switched off and email should be text only?
I have had this happen with thunderbird also where a forwarded email opens up the html/images even though set to read as text only version.
alf28
on 23-02-2021 11:45
Just save the spam as an .eml file, then forward that (those) as attachments.
23-02-2021 13:10 - edited 23-02-2021 13:21
boothy99
Thanks,for advice on .eml files. there is an option in thunderbird to save emails in that format, will try that.
My virgin ntlworld.com primary email now gets so many strange emails, for years now, so it has become a target for scammers, blackmail,dating and general crud, and I am transferring my contacts to other emails, the email is probably unsafe to use now due to hackings/dark web mailing lists etc.
Virgin do recognise and tag some as spam but I have stopped using the primary email now for communication but still get some valid emails from old accounts etc but eventually will discontinue using the primary and already have alternative emails which are not spammed.
Virgin do not permit the attached primary email to be swopped to a new address, so it will remain a target for spammers/scammers.
The hidden pixel that may be inside an image- switch images off to be safer.
see
Email Tracking Pixels Used for Pre-Hack Info Gathering (bleepingcomputer.com)
alf28
on 23-02-2021 18:11
@the_eyleys wrote:Set a filter in outlook to move to spam anything with "Wed4 Oct 2020" in the header, 100% success rate so far, good work buddy!
It worked - no spam for over 24 hours now 😁. Thank you
on 23-02-2021 19:40
THE DANGER OF FORWARDING SPAM EMAILS
SPAM EMAIL CAN BYPASS "VIEW IN TEXT ONLY" THUNDERBIRD mail and virgin web mail forwarding.
The scammers use images with tracking pixel probably or other html code.
A Dating email to my ntlworld.com email from Italy has managed to display an jpg image in thunderbird even though the view is set to read text only.
This may be because it was forwarded to action fraud and this action allows the image through and displays in thunderbird, so forwarding is the same as "allow images", so need to be aware of that one, also happens with apps on android. However the image does not show in the virgin webmail unless forwarded.
The reply is to click on the image of a woman, so the image may be hidden link or file posing as an image, but disguised as a jpg image.
These spam email are very dangerous and best just to delete or mark as spam, but even forwarding to action fraud can be risky.
It just needs one wrong click to be hooked by the scammer/hacker, so my intention now is just to not touch the spam at all just filter it to the spam folder.
DUPLICATE EMAILS- betting
Today got 3 x emails which "looked identical" but several minutes apart all tagged as spam, from a distribution list
On inspection, they were all from different ip address and a small difference in the layout and sender address some had an extra space.
Two sent by sendgrid, the other by mailgun. USA (perhaps they were trying to evade spam filters or I was on multiple distribution lists)
My advice is that spam emails are "extremely dangerous" and best not to even view them, just delete out or put to spam.
WARNING- danger of forwarding spam emails, even to action fraud-is it worth the risk, even though I have done it myself many times without issue got caught out today by a clever scammer.
Avoid forwarding spam emails in their raw state as this can allow images through, which may have hidden pixels and hidden links, code or exe files even where html/images is switched off- unless the advice of boothy99 is followed to save the email as an .eml file attachment.
alf28
23-02-2021 20:00 - edited 23-02-2021 20:04
CATCH ALL SPAM
MY filters- I have ditched all my fancy filters and use an extremely simple filtering system
whitelist filter-
condition from rejex list all know contact email addresses|vertical separator between
action file into select inbox
untick process subsequent files
----------------------------------------------------------------------------
spam filter- select apply rule if any condition is met
condition from contain @
condition to contains @
action file into select spam
action file into select holding file (if required to view/check spam beyond 30 days)
-------------------------------
This works every time and just need to update any new known contacts int the whitelist rejex filter- I am using this method now.
alf28