Menu
Reply
cockneyjohn1951
  • 13
  • 0
  • 4
On our wavelength
1,283 Views
Message 1 of 11
Flag for a moderator

Stop emails from a specific domain

Hi - I keep getting spoof emails from the same domain, only the first part of the email is different each time, ie "myname@newstim.it". So putting them into the spam folder does nothing except block any further emails from that sender but as its different each time its pointless.

I have filters set and they go into the spam folder but I want to stop emails from that domain once and for all. 

Anyone have a solution please.

John

0 Kudos
Reply
用心棒
  • 7.65K
  • 845
  • 2.55K
Very Insightful Person
Very Insightful Person
1,262 Views
Message 2 of 11
Flag for a moderator
Helpful Answer

Re: Stop emails from a specific domain

Un/marking spam or moving an email from/to the Spam folder does not affect how future occurrence are handled, see How do I manage my Virgin Media email spam settings?, text after point 7.

If you are confident the filter rule is working as intended then consider using an Action of Discard but should Virgin Media's spam filters start correctly identify these emails as spam then they will appear in your Spam folder because your filter rules run only against those emails delivered to your Inbox folder.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Travis_M
  • 3.92K
  • 140
  • 290
Forum Team
Forum Team
1,225 Views
Message 3 of 11
Flag for a moderator

Re: Stop emails from a specific domain

Hi @cockneyjohn1951

 

Thanks for posting on our community forum!

 

Have you double checked the filters via the above link provided?

 

Regards

Travis_M
Forum Team



New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
cockneyjohn1951
  • 13
  • 0
  • 4
On our wavelength
1,201 Views
Message 4 of 11
Flag for a moderator

Re: Stop emails from a specific domain

Hi - I wanted to block all emails received from the domain @newstim.it , it is a spam address, and the only way I could think of stopping them was to block and reject any mails with that address. As was suggested I applied filters and this is what i have set in place - Rule Name = Scam Adverts, Conditions = From @instim.it , Actions Flag Colour and discard.
I presumed that discard would delete the message but wrong they still come through and into my inbox. I`ll keep trying different actions and come back when and if something works.
Regards
John
0 Kudos
Reply
用心棒
  • 7.65K
  • 845
  • 2.55K
Very Insightful Person
Very Insightful Person
1,193 Views
Message 5 of 11
Flag for a moderator

Re: Stop emails from a specific domain

There is not point to setting a flag colour if the email is discarded.

As mentioned previously it is likely Virgin Media's spam filters are now correctly identifying these emails as spam and delivering them to your Spam folder; your filter rules only run against emails delivered to your Inbox. You can confirm this is the case by:

  • selecting the spam email and then > View source
  • use your browser's Find function to search for X-Spam headers, for example

 

⋮
X-Spam: yes
⋮
X-Spam-Action: folder Spam
X-Spam-Reason: CMAE_SCORE=100.00
⋮

 

In descending order: Identified as spam, moved to Spam folder, spam classification determined by CloudMark

0 Kudos
Reply
cockneyjohn1951
  • 13
  • 0
  • 4
On our wavelength
1,190 Views
Message 6 of 11
Flag for a moderator

Re: Stop emails from a specific domain

Thanks for that. I will keep you posted.
0 Kudos
Reply
Humblestrummer
  • 25
  • 0
  • 12
On our wavelength
925 Views
Message 7 of 11
Flag for a moderator

Re: Stop emails from a specific domain

I keep getting similar emails,  from a variety of spoofed organisations, including Virgin Media.  Forwarding them as 'phishing' has had no effect.

All the emails have an identical format. IP addresses are always random as are the makeup of the names preceding the email and domain suffixes.  Items that do not vary are highlighted in blue. 

The source is below. The envelope seems to be designated as 'spam' but has bypassed all the filters I put in place and has made its way to my inbox. As with the recent McAfee/Norton deluge of spam,  we got no help at all on this forum from VM, despite asking repeatedly for specific advice on how to set filter criteria.

Ironically, VM's algorithm insists on removing 'invalid html text' from the example below before allowing me to post, so I don't know how much use it will be.

 

Return-Path: <bbc@bbc.co.uk>
Delivered-To: (my email)
Received: from md8.tb.ukmail.iss.local ([212.54.57.69])
by mc4.tb.ukmail.iss.local with LMTP id GKiEAeieo2EwDgAAHW8Adg
for <(my email)>; Sun, 28 Nov 2021 16:23:20 +0100
Received: from smtpclienthelo ([212.54.57.69])
by md8.tb.ukmail.iss.local with LMTP
id qM5QAeieo2GcPwAAkRb9eQ
(envelope-from <bbc@bbc.co.uk>)
for <(my email)>; Sun, 28 Nov 2021 16:23:20 +0100
Received: from scale.terissos.info ([137.116.240.241])
by mx2.tb.ukmail.iss.as9143.net with ESMTP
id rLzbmfOc4MLjDrM0NmlOxf; Sun, 28 Nov 2021 16:22:15 +0100
Precedence: junk
X-Env-Mailfrom: bbc@bbc.co.uk
X-Env-Rcptto: (my email)
X-SourceIP: 137.116.240.241
X-Spam: yes
X-CNFS-Analysis: v=2.4 cv=UYaU9IeN c=1 sm=1 tr=0 ts=61a39ee8 cx=a_exe:a_idp_d
p=hv1DtMrR8JWsrZ9DKYv7fw==:17 a=hv1DtMrR8JWsrZ9DKYv7fw==:117 a=NLZqzBF-AAAA:8
a=jRKsYorTAAAA:8 a=oSr7OBjbAAAA:8 a=TTLc6RFeAAAA:8 a=1XWaLZrsAAAA:8
a=9rdSQkQ52-u5jp7TofgA:9 a=DivAgONQCKVmKXoh+IqY5ky6uBg=:19
a=Vg7TqVRMaTq20F7B4/lsBYnF+b0=:19 a=_W_S_7VecoQA:10 a=v8OJI9PRItsA:10
a=wW_WBVUImv98JQXhvVPZ:22 a=cYIWSGVbUNJgXl8CQBif:22 a=vpoA-iPDV-cE3hcsPclH:22
a=giNe4V_dm4n5HQyCi2aO:22 a=a497pFiASBiGg_yuK_bn:22 a=p-dnK0njbqwfn1k4-x12:22
a=7aar8cbMflRChVwg8ngv:22
X-Spam-Action: folder Spam
X-Spam-Reason: SMCH_ACTION=reject
X-Spam-Reason: CMAE_SCORE=100.00
Message-ID: <c22475d92d056532568ae899bf28e01dFu9gjjoS@egov.ba.it>
Date: Sun, 28 Nov 2021 15:18:27 +0000 (UTC)
Subject: Best of November
From: FuneralPlan <Fu9gjjoS@newstim.it>
Reply-To: wqsv <richardgoodman326Fu9gjjoS@egov.ba.it>
To: (my email)
MIME-Version: 1.0
Content-Type: text/html
Cci: (my email)
X-CMAE-Envelope: MS4xfKN7UHKr7rLIfMNK4tkjwe1rU//EEUSackaSlYQygPziHbfFdCp2RUSTwlp5XuRSIO4ZRQYMBKVEFCVSmNquYWS4kQDT9rL+DFwrBwCOQX8iypE64gFc
jiu9ebatdH/hUB/QjihCG6XI+dtanbbLeiXd/p7cKz51E9Vp1CgSd+btH+50HCNAYsxplTRXyzdja7szD51NX3SYqMz4T380ddE=

<html><body>
<p style="font-size:3px;">Your COSQMKVNMUZO Portal !</p>
<p style="font-size:3px;">received this mail in error or need You will be asked DOUFNIRKYOUM Portal with the link below:</p>
<p style="font-size:3px;">username:(my email) dfhd: 6223-RH7J4-7NR1-34C6X</p>

<center><br><a href="http://library.sust.edu/cgi-bin/koha/tracklinks.pl?biblionumber=32573&uri=//0xD26C9202?Mjc1OTgyNDU2P..."><font color="red" face="Times New Roman" size="6"><marquee>- Funeral Plan Quote; get yours for free today!. .
</marquee></font></p><br />
<img src="https://cdn.substack.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A...">
</a></center>

<p style="font-size:3px;">Please use the following one to change your fdhwhen logging in for the first time.</p>
<p style="font-size:3px;"><a href="http://[google.com]">[google.com]</a></p>
<p style="font-size:3px;">time fghto access the If you have assistance please contact our support team.</p>
</body></html>

0 Kudos
Reply
Humblestrummer
  • 25
  • 0
  • 12
On our wavelength
942 Views
Message 8 of 11
Flag for a moderator

Re: Stop emails from a specific domain

I have been getting similar emails, all from 'newstim.it' quoting a return path of 'bbc@bbc.co.uk. They purport to be from a number of different organisations, including Virgin Media, offering free prizes or vouchers. IP addresses are all random, as are the elements of the names preceding email or domain suffixes. I have attempted to set email filters without success. Forwarding the messages to 'phishing@ *** ' has had no effect. Just as with the recent deluge of Norton/McAfee spam, VM have done nothing by way of advice on how to set effective filter criteria to block these messages. An example of the source is below. Some of the html text directing the recipient to a phishing site has been removed. Recurring items have been highlighted.

From - Tue Nov 23 08:52:56 2021
X-Account-Key: account1
X-UIDL: 0000213d25ddb699
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <bbc@bbc.co.uk>
Delivered-To: (my email)
Received: from md10.tb.ukmail.iss.local ([212.54.57.73])
by mc4.tb.ukmail.iss.local with LMTP id YHTuKM+rnGF+NgAAHW8Adg
for <(my email)>; Tue, 23 Nov 2021 09:52:31 +0100
Received: from smtpclienthelo ([212.54.57.73])
by md10.tb.ukmail.iss.local with LMTP
id kDO5KM+rnGFCBAAAnwjGaw
(envelope-from <bbc@bbc.co.uk>)
for <(my email)>; Tue, 23 Nov 2021 09:52:31 +0100
Received: from necessary.racingo.in ([20.114.127.244])
by mx6.tb.ukmail.iss.as9143.net with ESMTP
id pRXNmntBlHg5wpRXNmVp1L; Tue, 23 Nov 2021 09:52:26 +0100
X-Env-Mailfrom: bbc@bbc.co.uk
X-Env-Rcptto: (my email)
X-SourceIP: 20.114.127.244
X-CNFS-Analysis: v=2.4 cv=CL854DnD c=1 sm=1 tr=0 ts=619cabcf cx=a_exe:a_idp_d
a=t9DBOR1/DVLVpVcN7H3LeA==:117 a=t9DBOR1/DVLVpVcN7H3LeA==:17
a=oies6r_Jk8VH_ThO:21 a=NLZqzBF-AAAA:8 a=mcq3cOw0AAAA:8 a=oSr7OBjbAAAA:8
a=TTLc6RFeAAAA:8 a=1XWaLZrsAAAA:8 a=9rdSQkQ52-u5jp7TofgA:9
a=DivAgONQCKVmKXoh+IqY5ky6uBg=:19 a=Vg7TqVRMaTq20F7B4/lsBYnF+b0=:19
a=_W_S_7VecoQA:10 a=sVt_Q1RXUggA:10 a=V1KjPnRp73c91iWWHx9u:22
a=wW_WBVUImv98JQXhvVPZ:22 a=-814aTHau-pZcVaYJhic:22 a=vpoA-iPDV-cE3hcsPclH:22
a=giNe4V_dm4n5HQyCi2aO:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=bWyr8ysk75zN3GCy5bjg:22
Message-ID: <c22475d92d056532568ae899bf28e01dMTK32KOl@egov.ba.it>
Date: Tue, 23 Nov 2021 08:52:25 +0000 (UTC)
Subject: Ethereum - you can afford to be a crypto millionaire
From: ABC Ethereum <MTK32KOl@newstim.it>
Reply-To: wqsv <richardgoodman326MTK32KOl@egov.ba.it>
To: (my email)
MIME-Version: 1.0
Content-Type: text/html
Cci: (my email)
X-CMAE-Envelope: MS4xfM0/fx+LudpAi1frNoPifGOAludXJZlViJYtxH16OVgfQOP3S6mDbEXA4tc0QAS0SGk3VLinDn4n9RiP/USympUFtnT1czNU8vNMca55WLDG75d6ZXUX
+s1ozDhFpoR5pv/jK/m9m4cilLm/FpwJ7lvNW8wYSg9GkE1DWMxuNpBc21aFgHc7A88QoH4h1L3P7ulehACGOEVWtZuar07CiaY=

<html><body>
<p style="font-size:3px;">Your VJSHLOSEXGOU Portal !</p>
<p style="font-size:3px;">received this mail in error or need You will be asked YJDXJYTUFTMU Portal with the link below:</p>
<p style="font-size:3px;">username: (my email) dfhd: E1B84-65G34-347X5-WGXL5</p>

<center><br><a href="http://cat.sustech.edu/cgi-bin/koha/tracklinks.pl?uri=//0xA3AC5470?Mjc1OTgyNDU2PTM4NDE5JjMzNTI1MDI9M..."><font SIZE="5" face='Elephant' color="black" >MAKE A GUARANTEED $10,000 A WEEK
</font></p><br />
<img src="https://cdn.substack.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A...">
</a></center>

<p style="font-size:3px;">Please use the following one to change your fdhwhen logging in for the first time.</p>
<p style="font-size:3px;"><a href="http://[google.com]">[google.com]</a></p>
<p style="font-size:3px;">time fghto access the If you have assistance please contact our support team.</p>
</body></html>

 

0 Kudos
Reply
Ashleigh_C
  • 4.23K
  • 170
  • 317
Forum Team
Forum Team
920 Views
Message 9 of 11
Flag for a moderator

Re: Stop emails from a specific domain

Hi all, 

 

Thank you for updates and I am so sorry that this has not helped with these spam issues. 

 

I have contacted the relevant teams in regards to this to ask on how we further advise. 

 

I will update this forum thread as soon as I hear back from the team. 

 

Thanks again. 

Ash_C
Forum Team



New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
用心棒
  • 7.65K
  • 845
  • 2.55K
Very Insightful Person
Very Insightful Person
907 Views
Message 10 of 11
Flag for a moderator

Re: Stop emails from a specific domain

Of the examples shown did the:

  • first appear in your Spam folder as indicated by the X-SPAM-* headers?
  • second contain the header Cci? If so then you can filter emails containing this odd header to your Spam folder with the following rule:
    2021-12-06.jpeg


I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click helpful.jpeg Mark as Helpful Answer and solved, or use thanks.jpeg Kudos to say thanks

 

0 Kudos
Reply