on 11-10-2021 12:31
Hi - I keep getting spoof emails from the same domain, only the first part of the email is different each time, ie "myname@newstim.it". So putting them into the spam folder does nothing except block any further emails from that sender but as its different each time its pointless.
I have filters set and they go into the spam folder but I want to stop emails from that domain once and for all.
Anyone have a solution please.
John
Answered! Go to Answer
on 11-10-2021 14:44
Un/marking spam or moving an email from/to the Spam folder does not affect how future occurrence are handled, see How do I manage my Virgin Media email spam settings?, text after point 7.
If you are confident the filter rule is working as intended then consider using an Action of Discard but should Virgin Media's spam filters start correctly identify these emails as spam then they will appear in your Spam folder because your filter rules run only against those emails delivered to your Inbox folder.
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 11-10-2021 14:44
Un/marking spam or moving an email from/to the Spam folder does not affect how future occurrence are handled, see How do I manage my Virgin Media email spam settings?, text after point 7.
If you are confident the filter rule is working as intended then consider using an Action of Discard but should Virgin Media's spam filters start correctly identify these emails as spam then they will appear in your Spam folder because your filter rules run only against those emails delivered to your Inbox folder.
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 12-10-2021 14:57
Thanks for posting on our community forum!
Have you double checked the filters via the above link provided?
Regards
on 12-10-2021 18:37
on 12-10-2021 19:10
There is not point to setting a flag colour if the email is discarded.
As mentioned previously it is likely Virgin Media's spam filters are now correctly identifying these emails as spam and delivering them to your Spam folder; your filter rules only run against emails delivered to your Inbox. You can confirm this is the case by:
⋮
X-Spam: yes
⋮
X-Spam-Action: folder Spam
X-Spam-Reason: CMAE_SCORE=100.00
⋮
In descending order: Identified as spam, moved to Spam folder, spam classification determined by CloudMark
on 12-10-2021 19:23
on 06-12-2021 12:50
I keep getting similar emails, from a variety of spoofed organisations, including Virgin Media. Forwarding them as 'phishing' has had no effect.
All the emails have an identical format. IP addresses are always random as are the makeup of the names preceding the email and domain suffixes. Items that do not vary are highlighted in blue.
The source is below. The envelope seems to be designated as 'spam' but has bypassed all the filters I put in place and has made its way to my inbox. As with the recent McAfee/Norton deluge of spam, we got no help at all on this forum from VM, despite asking repeatedly for specific advice on how to set filter criteria.
Ironically, VM's algorithm insists on removing 'invalid html text' from the example below before allowing me to post, so I don't know how much use it will be.
Return-Path: <bbc@bbc.co.uk>
Delivered-To: (my email)
Received: from md8.tb.ukmail.iss.local ([212.54.57.69])
by mc4.tb.ukmail.iss.local with LMTP id GKiEAeieo2EwDgAAHW8Adg
for <(my email)>; Sun, 28 Nov 2021 16:23:20 +0100
Received: from smtpclienthelo ([212.54.57.69])
by md8.tb.ukmail.iss.local with LMTP
id qM5QAeieo2GcPwAAkRb9eQ
(envelope-from <bbc@bbc.co.uk>)
for <(my email)>; Sun, 28 Nov 2021 16:23:20 +0100
Received: from scale.terissos.info ([137.116.240.241])
by mx2.tb.ukmail.iss.as9143.net with ESMTP
id rLzbmfOc4MLjDrM0NmlOxf; Sun, 28 Nov 2021 16:22:15 +0100
Precedence: junk
X-Env-Mailfrom: bbc@bbc.co.uk
X-Env-Rcptto: (my email)
X-SourceIP: 137.116.240.241
X-Spam: yes
X-CNFS-Analysis: v=2.4 cv=UYaU9IeN c=1 sm=1 tr=0 ts=61a39ee8 cx=a_exe:a_idp_d
p=hv1DtMrR8JWsrZ9DKYv7fw==:17 a=hv1DtMrR8JWsrZ9DKYv7fw==:117 a=NLZqzBF-AAAA:8
a=jRKsYorTAAAA:8 a=oSr7OBjbAAAA:8 a=TTLc6RFeAAAA:8 a=1XWaLZrsAAAA:8
a=9rdSQkQ52-u5jp7TofgA:9 a=DivAgONQCKVmKXoh+IqY5ky6uBg=:19
a=Vg7TqVRMaTq20F7B4/lsBYnF+b0=:19 a=_W_S_7VecoQA:10 a=v8OJI9PRItsA:10
a=wW_WBVUImv98JQXhvVPZ:22 a=cYIWSGVbUNJgXl8CQBif:22 a=vpoA-iPDV-cE3hcsPclH:22
a=giNe4V_dm4n5HQyCi2aO:22 a=a497pFiASBiGg_yuK_bn:22 a=p-dnK0njbqwfn1k4-x12:22
a=7aar8cbMflRChVwg8ngv:22
X-Spam-Action: folder Spam
X-Spam-Reason: SMCH_ACTION=reject
X-Spam-Reason: CMAE_SCORE=100.00
Message-ID: <c22475d92d056532568ae899bf28e01dFu9gjjoS@egov.ba.it>
Date: Sun, 28 Nov 2021 15:18:27 +0000 (UTC)
Subject: Best of November
From: FuneralPlan <Fu9gjjoS@newstim.it>
Reply-To: wqsv <richardgoodman326Fu9gjjoS@egov.ba.it>
To: (my email)
MIME-Version: 1.0
Content-Type: text/html
Cci: (my email)
X-CMAE-Envelope: MS4xfKN7UHKr7rLIfMNK4tkjwe1rU//EEUSackaSlYQygPziHbfFdCp2RUSTwlp5XuRSIO4ZRQYMBKVEFCVSmNquYWS4kQDT9rL+DFwrBwCOQX8iypE64gFc
jiu9ebatdH/hUB/QjihCG6XI+dtanbbLeiXd/p7cKz51E9Vp1CgSd+btH+50HCNAYsxplTRXyzdja7szD51NX3SYqMz4T380ddE=
<html><body>
<p style="font-size:3px;">Your COSQMKVNMUZO Portal !</p>
<p style="font-size:3px;">received this mail in error or need You will be asked DOUFNIRKYOUM Portal with the link below:</p>
<p style="font-size:3px;">username:(my email) dfhd: 6223-RH7J4-7NR1-34C6X</p>
<center><br><a href="http://library.sust.edu/cgi-bin/koha/tracklinks.pl?biblionumber=32573&uri=//0xD26C9202?Mjc1OTgyNDU2P..."><font color="red" face="Times New Roman" size="6"><marquee>- Funeral Plan Quote; get yours for free today!. .
</marquee></font></p><br />
<img src="https://cdn.substack.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A...">
</a></center>
<p style="font-size:3px;">Please use the following one to change your fdhwhen logging in for the first time.</p>
<p style="font-size:3px;"><a href="http://[google.com]">[google.com]</a></p>
<p style="font-size:3px;">time fghto access the If you have assistance please contact our support team.</p>
</body></html>
on 06-12-2021 13:48
I have been getting similar emails, all from 'newstim.it' quoting a return path of 'bbc@bbc.co.uk. They purport to be from a number of different organisations, including Virgin Media, offering free prizes or vouchers. IP addresses are all random, as are the elements of the names preceding email or domain suffixes. I have attempted to set email filters without success. Forwarding the messages to 'phishing@ *** ' has had no effect. Just as with the recent deluge of Norton/McAfee spam, VM have done nothing by way of advice on how to set effective filter criteria to block these messages. An example of the source is below. Some of the html text directing the recipient to a phishing site has been removed. Recurring items have been highlighted.
From - Tue Nov 23 08:52:56 2021
X-Account-Key: account1
X-UIDL: 0000213d25ddb699
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <bbc@bbc.co.uk>
Delivered-To: (my email)
Received: from md10.tb.ukmail.iss.local ([212.54.57.73])
by mc4.tb.ukmail.iss.local with LMTP id YHTuKM+rnGF+NgAAHW8Adg
for <(my email)>; Tue, 23 Nov 2021 09:52:31 +0100
Received: from smtpclienthelo ([212.54.57.73])
by md10.tb.ukmail.iss.local with LMTP
id kDO5KM+rnGFCBAAAnwjGaw
(envelope-from <bbc@bbc.co.uk>)
for <(my email)>; Tue, 23 Nov 2021 09:52:31 +0100
Received: from necessary.racingo.in ([20.114.127.244])
by mx6.tb.ukmail.iss.as9143.net with ESMTP
id pRXNmntBlHg5wpRXNmVp1L; Tue, 23 Nov 2021 09:52:26 +0100
X-Env-Mailfrom: bbc@bbc.co.uk
X-Env-Rcptto: (my email)
X-SourceIP: 20.114.127.244
X-CNFS-Analysis: v=2.4 cv=CL854DnD c=1 sm=1 tr=0 ts=619cabcf cx=a_exe:a_idp_d
a=t9DBOR1/DVLVpVcN7H3LeA==:117 a=t9DBOR1/DVLVpVcN7H3LeA==:17
a=oies6r_Jk8VH_ThO:21 a=NLZqzBF-AAAA:8 a=mcq3cOw0AAAA:8 a=oSr7OBjbAAAA:8
a=TTLc6RFeAAAA:8 a=1XWaLZrsAAAA:8 a=9rdSQkQ52-u5jp7TofgA:9
a=DivAgONQCKVmKXoh+IqY5ky6uBg=:19 a=Vg7TqVRMaTq20F7B4/lsBYnF+b0=:19
a=_W_S_7VecoQA:10 a=sVt_Q1RXUggA:10 a=V1KjPnRp73c91iWWHx9u:22
a=wW_WBVUImv98JQXhvVPZ:22 a=-814aTHau-pZcVaYJhic:22 a=vpoA-iPDV-cE3hcsPclH:22
a=giNe4V_dm4n5HQyCi2aO:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=bWyr8ysk75zN3GCy5bjg:22
Message-ID: <c22475d92d056532568ae899bf28e01dMTK32KOl@egov.ba.it>
Date: Tue, 23 Nov 2021 08:52:25 +0000 (UTC)
Subject: Ethereum - you can afford to be a crypto millionaire
From: ABC Ethereum <MTK32KOl@newstim.it>
Reply-To: wqsv <richardgoodman326MTK32KOl@egov.ba.it>
To: (my email)
MIME-Version: 1.0
Content-Type: text/html
Cci: (my email)
X-CMAE-Envelope: MS4xfM0/fx+LudpAi1frNoPifGOAludXJZlViJYtxH16OVgfQOP3S6mDbEXA4tc0QAS0SGk3VLinDn4n9RiP/USympUFtnT1czNU8vNMca55WLDG75d6ZXUX
+s1ozDhFpoR5pv/jK/m9m4cilLm/FpwJ7lvNW8wYSg9GkE1DWMxuNpBc21aFgHc7A88QoH4h1L3P7ulehACGOEVWtZuar07CiaY=
<html><body>
<p style="font-size:3px;">Your VJSHLOSEXGOU Portal !</p>
<p style="font-size:3px;">received this mail in error or need You will be asked YJDXJYTUFTMU Portal with the link below:</p>
<p style="font-size:3px;">username: (my email) dfhd: E1B84-65G34-347X5-WGXL5</p>
<center><br><a href="http://cat.sustech.edu/cgi-bin/koha/tracklinks.pl?uri=//0xA3AC5470?Mjc1OTgyNDU2PTM4NDE5JjMzNTI1MDI9M..."><font SIZE="5" face='Elephant' color="black" >MAKE A GUARANTEED $10,000 A WEEK
</font></p><br />
<img src="https://cdn.substack.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A...">
</a></center>
<p style="font-size:3px;">Please use the following one to change your fdhwhen logging in for the first time.</p>
<p style="font-size:3px;"><a href="http://[google.com]">[google.com]</a></p>
<p style="font-size:3px;">time fghto access the If you have assistance please contact our support team.</p>
</body></html>
on 06-12-2021 16:50
Hi all,
Thank you for updates and I am so sorry that this has not helped with these spam issues.
I have contacted the relevant teams in regards to this to ask on how we further advise.
I will update this forum thread as soon as I hear back from the team.
Thanks again.
on 06-12-2021 17:54
Of the examples shown did the:
―
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer and solved, or use Kudos to say thanks