solution- I have myself attempted a solution as some in the past did get past spam filtering

I have filtered these out I hope using a header-

header -name- Content-Transfer-Encoding: 

-header -matches- base64

Past experience has shown header filters may not work so I willl test it out.

As emails containing base64 encoding are very rare to my virgin inbox, I may have to wait a while, have only had 10 in 4 years dating back to 2018, usually they are dating scam emails mainly or tv licence expired scams.

I have set up a filter folder purely for emails containing embedded images using  base64 encoding, not many use this and it requires some knowledge by the scam email sender.It may be the same scammer using this method and dating back over 4 years, like a trademark and some are sent to me but others go to a group of people.

alf28

Auto Forwarding of emails-sometimes fails.

I have a auto forward email set up from my virgin primary email address to my virgin secondary email address, this acts as a backup of my emails.

Most emails forward no problem, but some emails which have embedded content (base64 encoded) will not forward for some reason, just the odd one gets through.

The spam tag does not usually affect forwarding, so may be the email for some other reason will not forward.

An example of this is 4 dating emails which started on 17/4/2020 all failed to forward.

It particularly the base 64 content emails that can fail to forward, this means my backup emails are not complet but missing some emails.

One email did get through which was a money scam. (base64 email)

I am not sure if virgin block some emails from forwarding or if the email is set up so it can not be forwarded- which is it?

I do not manually foward embedded base 64 emails as this overides the text only version and switches on the embedded image/html content which will suddenly appear when you select forward.

I prefer to work all the time with text emails only as they are simpler and safer, however when needed to I do send images myself when needed, but only as attachment, (not embedded.)

alf28

correction wrong date

An example of this is 4 dating emails which started on 17/4/2022 all failed to forward.

-------------------------------------------

base64 encoded emails-

I looked at these emails and the sender domains are various such as my.com, attivamail.com, gmail.com, hotmail.com, tvlicence.co.uk, gmx.de, outlook.com & also some unknown domains consisting of numbers only.

There are probably a lot more I have not found yet. As some are not common domains they are easy to block with filtering

The emails have little or no text, just  link or attachment, some are just empty emails.

The subjects vary, some are unclear.

2 were spoofed from past contacts I know (fake) with no message

1 was for a money scam mozambique, elaborate money scam

6 were dating emails some with images embedded.

1 was a tvlicence scam

1 was  miracle gummies

16 were blackmail emails

-------------------------------------------

The base 64 encoded email seem to be the more dangerous type of scam email with hidden content and need scareful handling or deletion.

I also had one from the same  spoofed contact that showed up in antivirus scans later connected to a trojan 

They are often sent to a wide group of people including virgin email addresses  mixed in with others such as vodaphone, yahoo.sky etc.

alf28

spam filtering and our email security

Thanks for the link, I have read the advice.

I have these observations-

The spam sender changes the sender address each time so hard to block unless the domain is blocked in filters which I do

The spammer sends a batch of emails over a period of a few days, they are wanting a response or to deliver malware- I just ignore them.

The IP address changes each time as they are using  a hosted server with a range of ip adresses.

On checking the ip address  reputations, the dating emails are sent from IP addresses which are used for hacking, port scanning  and brute force attacks.

I will see if my header filter for base 64 encoding works and report back if it does work, previous attempts to filter using headers did not work when I tried to block an ip address.

I suspect that by using base 64 which is encoded, the spam content may then get past spam filters, some do and some do not, it is mixed.

Still unusual that this type of base64 encoded email will not auto forward.

By not ticking Allow HTML formatted email messages in settings, this prevents the html and therefore blocks any images from showing

Each email provider, web mail or email client have there own rules regarding the display of  attached images and inline images, and usually by adjusting settings some images can be blocked, but inline images can bypass image blocking, in the case of virgin it dose block all images if the html is not selected in settings. Images can be a security risk so I always switch them off email, unless I do want the images I then turn them on for a wanted  email.

alf28

I've received a couple of these scams lately but they have been automatically directed to 'Junk' where I've erased them without opening. I would rather these e-mails were blocked at source but, to me, the system is working well enough. It's not the old issue where scams landed in my 'Inbox'.

Your method to ignore the scam emails files going to the spam folder and not open these type of dangerous emails  is wise.

In the spam folder the links are lined out offering some protection.

Recent spam detections are good, but the spam filter can still miss the odd one so it could end up in the inbox, I had a dating email on 29/4/2022 that was not detected as spam  for some reason so the spam detection is not reliable all of the time.

I would estimate 40% acuracy in detecting spam looking at a batch  (107) of base 64 encoded emails.

Normal emails do not contain base64 encoding, they are usually scam emails from hackers/phishing etc.

I experimented with filtering out base64 using headers, but this failed so there is no way to know if an email has base 64 encoding other than looking at the header in view source which will have the header. (so no way to detect/filter out base 64 encoded emails?)

Content-Transfer-Encoding:base64-

followed by pages of text which is the binary to html encoding.

The email size is normal but I have had some as large as 800kb.

Virgin does block autoforward of the "spam tagged" dating emails which is unusual, but the one that got through untagged was forwarded, so the spam tag may prevent some from auto forwarding to another email adddess.

Some of the dating emails have 3 lots of base64 in one email, so they may also contain hidden code for hacking purposes.

alf28

EMAIL FILTERS IN SETTING

As the virgin spam filters <spam> tagging is generally good lately, but not 100%, I have spam from an unknown domain in the netherlands and most are tagged as spam, but the odd one from the same domain will not be picked up as spam.

One solution is to set up a filter for that domain and filter from contains @anamedwebsite.com, and action file to spam, or a folder or discard.

It will work untill the spammer changes the domain in the address.

This ensures these particualr emails from a particular email address "domain" are filtered out even if not tagged as spam.

alf28

spam emails

I noticed that my virgin ntlworld.com email  gets "signed up" by others for all sorts of  spam emails selling products and they then keep repeating.

They usually have an unsubscribe link, but I do not click on any links intentionally as the web site are usually unknown/foreign, although it is easy to click on a link accidently and I have done that recently, but if you display the emails in the spam folder to check what they are, then the links are not active (lined out) offering some protection.

I get many scams including virgin bill scams, car scams, tax scams, credit card/bank scams, dating scams, finance, insurance etc.

It is wise to run antivirus scans if you have clicked on scam emails and linked to anything, I am running scans myself.

I have stopped using the ntlworld.com  email address now, as it gets too much spam.

alf28