cancel
Showing results for 
Search instead for 
Did you mean: 

Spam - VM's filter is useless!

timbo42
Dialled in

I'm so sick & tired of VM's utterly useless Spam filter! VM is happy to allow any messages about Viagra, Bitcoin scams, phishing attacks through, but blocks many real e-mails! I've had 20 scam e-mails in the last 3 days trying to get me to renew Norton anti-virus (which I don't have). I mark them as Spam each time, but the system never learns!

As I said the system also blocks proper e-mails sometimes - e-mails from a Dutch company I deal with are always blocked, no matter how many times I mark them as not Spam. I even had an individual e-mail from a UK company acknowledging an order classed as spam.

Its useless, and its always been useless, and it never gets better! I wouldn't mind if the system ever learnt - isn't that what modern sophisticated systems are supposed to do???

133 REPLIES 133

Curiously, my flow of Spam has mostly ceased, apart from the odd Bitcoin scam. However, my Spam Filter is still randomly marking perfectly good e-mails as spam, without any rhyme or reason for what it picks!

I've been forwarding most of the spam emails to report@phishing.gov.uk

They claim to take down 000s of dodgy sites and email hubs - they may be more effective than VM!

welsh1lad
On our wavelength

Hi , 

 The date is the date of the spam batch that was delivered to the first smtp server . email addresses are harvested from know already data breaches .

 The spammer uses an already compromised smtp server to to push out the spammed emails, Since this spammer sent out his emails through several smtp servers the first delivery date is that date I gave out .

Thanks for everyone’s input and glad your mail is now being caught.

welsh1lad 🤟🏻

 


@welsh1lad wrote:

Hi all , 

  It would appear that the security emails are coming from a compromised smtp mail relay server in In Dallas , by changing your email filter to filter out headers with the following date.

Date: Wed4 Oct 2020 18:44:07 -0400

 Check your spam box , for the headers that have this exact date & Time . 

 

 


Ah thank you!  Yes they’re all dated 4 October!  I’ve just attempted to add a new filter and hoping I this will do the trick.  Will let you know...

REPORTING EMAIL SCAMS to other countries outside of the uk

SEE 

How to Report a Scam (consumerfraudreporting.org)

One regular spam email I am getting has been sent from Brazil, Argentina and Slovakia, the server keeps changing for the same sender address, so the scammer is bouncing the spam all over the world via different servers.

Some countries  do have scam reporting addresses, I have just forwarded a scam to brazil reporting address mail-abuse@cert.br  

However some counties do not seem to have reporting addresses and the internet is un-monitored and prone to fraud so used by scammers probably using spambots on personal computers.

I also report to UK action fraud and file to the spam folder, and since doing that, my spam has reduced dramatically, some days get zero now.

(spoke to soon just got another dating email from Italy saying they have my user page with my details, getting those mostly now, this one is a new sender)

However I can not report to the USA, all come up as mail delivery fail on uce@ftc.gov  

With a google search look  for other countries not listed  to report scam emails. Some can only be reported if a crime has been committed

see    Report Cybercrime online | Europol (europa.eu)

alf28

 

 

IMAGES GETTING THROUGH-dating emails- security violated.

Even though my email setting is  unticked for -Allow HTML formatted email messages

I noticed first time ever if forwarding email to action fraud, the attached image  displays as a thumbnail in the forwarded email to action fraud, picture of woman.

The concern here is the image may have a tracking pixel and code embedded, and should not be displayed, so the scammer is by-passing the virgin email settings and showing image when forwarding- perhaps this is a new tactic by hackers? (has never shown image before just empty box for image)

This concerns me as html is switched off???

The header of the email had was unusual very long,with many pages  of dummy text added, it is enormous.

Is it still safe to forward these type of emails to action fraud using virgin web mail etc when html/images can appear even though html is switched off and email should be text only?

I have had this happen with thunderbird also where a forwarded email opens up the html/images even though set to read as text only version.

alf28

 

 

 

Just save the spam as an .eml file, then forward that (those) as attachments.

boothy99

Thanks,for advice on .eml files. there is an option in thunderbird to save emails in that format, will try that.

My virgin ntlworld.com primary email now gets so many strange emails, for years now, so it has become a target for scammers, blackmail,dating and general crud, and I am transferring my contacts to other emails, the email is probably unsafe to use now due to hackings/dark web mailing lists etc.

Virgin do recognise and tag some as spam but I have stopped using the primary email now for communication but still get some valid emails from old accounts etc but eventually will discontinue using the primary and already have  alternative emails which are not spammed.

Virgin do not permit the attached primary email to be swopped to a new address, so it will remain a target for spammers/scammers.

The hidden pixel that may be inside an image- switch images off to be safer.

see

Email Tracking Pixels Used for Pre-Hack Info Gathering (bleepingcomputer.com)

 

alf28

 


@the_eyleys wrote:

Set a filter in outlook to move to spam anything with "Wed4 Oct 2020" in the header, 100% success rate so far, good work buddy!


It worked - no spam for over 24 hours now 😁. Thank you 

THE DANGER OF FORWARDING SPAM EMAILS

SPAM EMAIL CAN BYPASS "VIEW IN TEXT ONLY" THUNDERBIRD mail  and virgin web mail forwarding.

The scammers use images with tracking pixel probably or other html code.

A Dating email to my ntlworld.com email from Italy has managed to display an jpg image in thunderbird even though the view is set to read text only.

This may be because it was forwarded to action fraud and this action allows the image through and displays in thunderbird, so forwarding is the same as "allow images", so need to be aware of that one, also happens with apps on android. However the image does not show in the virgin webmail unless forwarded.

The reply is to click on the image of a woman, so the image may be hidden link or file posing as an image, but disguised as a jpg image.

These spam email are very dangerous and best just to delete or mark as spam, but even forwarding to action fraud can be risky.

It just needs one wrong click to be hooked by the scammer/hacker, so my intention now is just to not touch the spam at all just filter it to the spam folder.

DUPLICATE EMAILS- betting

Today got 3 x  emails which "looked identical" but several minutes apart all tagged as spam, from a distribution list

On inspection, they were all from different ip address and a small difference in the layout and sender address some had an extra space.

Two sent by sendgrid, the other by mailgun.  USA (perhaps they were trying to evade spam filters or I was on multiple distribution lists)

My advice is that spam emails are "extremely dangerous" and best not to even view them, just delete out or put to spam.

WARNING- danger of forwarding spam emails, even to action fraud-is it worth the risk, even though I have done it myself many times without issue got caught out today by a clever scammer.

Avoid forwarding spam emails in their raw state as this can allow images through, which may have hidden pixels and hidden links, code or exe files even where html/images  is switched off- unless the advice of boothy99 is followed to save the email as an .eml file attachment.

alf28

 

 

CATCH ALL SPAM

MY filters- I have ditched all my fancy filters and use an extremely simple filtering system

whitelist filter-

condition  from  rejex     list all know contact email addresses|vertical separator between

 action file into select  inbox

untick process subsequent files

----------------------------------------------------------------------------

spam filter- select apply rule if any condition is met

condition from contain  @

condition to contains @     

action file into select spam

action file into select holding file (if required to view/check spam beyond 30 days)

-------------------------------

This works every time and just need to update any new known contacts int the whitelist rejex filter- I am using this method now.

alf28