There is not point to setting a flag colour if the email is discarded.

As mentioned previously it is likely Virgin Media's spam filters are now correctly identifying these emails as spam and delivering them to your Spam folder; your filter rules only run against emails delivered to your Inbox. You can confirm this is the case by:

• selecting the spam email and then ☰ > View source
• use your browser's Find function to search for X-Spam headers, for example
  

⋮
X-Spam: yes
⋮
X-Spam-Action: folder Spam
X-Spam-Reason: CMAE_SCORE=100.00
⋮

In descending order: Identified as spam, moved to Spam folder, spam classification determined by CloudMark

I keep getting similar emails,  from a variety of spoofed organisations, including Virgin Media.  Forwarding them as 'phishing' has had no effect.

All the emails have an identical format. IP addresses are always random as are the makeup of the names preceding the email and domain suffixes.  Items that do not vary are highlighted in blue. 

The source is below. The envelope seems to be designated as 'spam' but has bypassed all the filters I put in place and has made its way to my inbox. As with the recent McAfee/Norton deluge of spam,  we got no help at all on this forum from VM, despite asking repeatedly for specific advice on how to set filter criteria.

Ironically, VM's algorithm insists on removing 'invalid html text' from the example below before allowing me to post, so I don't know how much use it will be.

Return-Path: <bbc@bbc.co.uk>
Delivered-To: (my email)
Received: from md8.tb.ukmail.iss.local ([212.54.57.69])
by mc4.tb.ukmail.iss.local with LMTP id GKiEAeieo2EwDgAAHW8Adg
for <(my email)>; Sun, 28 Nov 2021 16:23:20 +0100
Received: from smtpclienthelo ([212.54.57.69])
by md8.tb.ukmail.iss.local with LMTP
id qM5QAeieo2GcPwAAkRb9eQ
(envelope-from <bbc@bbc.co.uk>)
for <(my email)>; Sun, 28 Nov 2021 16:23:20 +0100
Received: from scale.terissos.info ([137.116.240.241])
by mx2.tb.ukmail.iss.as9143.net with ESMTP
id rLzbmfOc4MLjDrM0NmlOxf; Sun, 28 Nov 2021 16:22:15 +0100
Precedence: junk
X-Env-Mailfrom: bbc@bbc.co.uk
X-Env-Rcptto: (my email)
X-SourceIP: 137.116.240.241
X-Spam: yes
X-CNFS-Analysis: v=2.4 cv=UYaU9IeN c=1 sm=1 tr=0 ts=61a39ee8 cx=a_exe:a_idp_d
p=hv1DtMrR8JWsrZ9DKYv7fw==:17 a=hv1DtMrR8JWsrZ9DKYv7fw==:117 a=NLZqzBF-AAAA:8
a=jRKsYorTAAAA:8 a=oSr7OBjbAAAA:8 a=TTLc6RFeAAAA:8 a=1XWaLZrsAAAA:8
a=9rdSQkQ52-u5jp7TofgA:9 a=DivAgONQCKVmKXoh+IqY5ky6uBg=:19
a=Vg7TqVRMaTq20F7B4/lsBYnF+b0=:19 a=_W_S_7VecoQA:10 a=v8OJI9PRItsA:10
a=wW_WBVUImv98JQXhvVPZ:22 a=cYIWSGVbUNJgXl8CQBif:22 a=vpoA-iPDV-cE3hcsPclH:22
a=giNe4V_dm4n5HQyCi2aO:22 a=a497pFiASBiGg_yuK_bn:22 a=p-dnK0njbqwfn1k4-x12:22
a=7aar8cbMflRChVwg8ngv:22
X-Spam-Action: folder Spam
X-Spam-Reason: SMCH_ACTION=reject
X-Spam-Reason: CMAE_SCORE=100.00
Message-ID: <c22475d92d056532568ae899bf28e01dFu9gjjoS@egov.ba.it>
Date: Sun, 28 Nov 2021 15:18:27 +0000 (UTC)
Subject: Best of November
From: FuneralPlan <Fu9gjjoS@newstim.it>
Reply-To: wqsv <richardgoodman326Fu9gjjoS@egov.ba.it>
To: (my email)
MIME-Version: 1.0
Content-Type: text/html
Cci: (my email)
X-CMAE-Envelope: MS4xfKN7UHKr7rLIfMNK4tkjwe1rU//EEUSackaSlYQygPziHbfFdCp2RUSTwlp5XuRSIO4ZRQYMBKVEFCVSmNquYWS4kQDT9rL+DFwrBwCOQX8iypE64gFc
jiu9ebatdH/hUB/QjihCG6XI+dtanbbLeiXd/p7cKz51E9Vp1CgSd+btH+50HCNAYsxplTRXyzdja7szD51NX3SYqMz4T380ddE=

<html><body>
<p style="font-size:3px;">Your COSQMKVNMUZO Portal !</p>
<p style="font-size:3px;">received this mail in error or need You will be asked DOUFNIRKYOUM Portal with the link below:</p>
<p style="font-size:3px;">username:(my email) dfhd: 6223-RH7J4-7NR1-34C6X</p>

<center><br><a href="http://library.sust.edu/cgi-bin/koha/tracklinks.pl?biblionumber=32573&uri=//0xD26C9202?Mjc1OTgyNDU2P..."><font color="red" face="Times New Roman" size="6"><marquee>- Funeral Plan Quote; get yours for free today!. .
</marquee></font></p><br />
<img src="https://cdn.substack.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A...">
</a></center>

<p style="font-size:3px;">Please use the following one to change your fdhwhen logging in for the first time.</p>
<p style="font-size:3px;"><a href="http://[google.com]">[google.com]</a></p>
<p style="font-size:3px;">time fghto access the If you have assistance please contact our support team.</p>
</body></html>

I have been getting similar emails, all from 'newstim.it' quoting a return path of 'bbc@bbc.co.uk. They purport to be from a number of different organisations, including Virgin Media, offering free prizes or vouchers. IP addresses are all random, as are the elements of the names preceding email or domain suffixes. I have attempted to set email filters without success. Forwarding the messages to 'phishing@ *** ' has had no effect. Just as with the recent deluge of Norton/McAfee spam, VM have done nothing by way of advice on how to set effective filter criteria to block these messages. An example of the source is below. Some of the html text directing the recipient to a phishing site has been removed. Recurring items have been highlighted.

From - Tue Nov 23 08:52:56 2021
X-Account-Key: account1
X-UIDL: 0000213d25ddb699
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <bbc@bbc.co.uk>
Delivered-To: (my email)
Received: from md10.tb.ukmail.iss.local ([212.54.57.73])
by mc4.tb.ukmail.iss.local with LMTP id YHTuKM+rnGF+NgAAHW8Adg
for <(my email)>; Tue, 23 Nov 2021 09:52:31 +0100
Received: from smtpclienthelo ([212.54.57.73])
by md10.tb.ukmail.iss.local with LMTP
id kDO5KM+rnGFCBAAAnwjGaw
(envelope-from <bbc@bbc.co.uk>)
for <(my email)>; Tue, 23 Nov 2021 09:52:31 +0100
Received: from necessary.racingo.in ([20.114.127.244])
by mx6.tb.ukmail.iss.as9143.net with ESMTP
id pRXNmntBlHg5wpRXNmVp1L; Tue, 23 Nov 2021 09:52:26 +0100
X-Env-Mailfrom: bbc@bbc.co.uk
X-Env-Rcptto: (my email)
X-SourceIP: 20.114.127.244
X-CNFS-Analysis: v=2.4 cv=CL854DnD c=1 sm=1 tr=0 ts=619cabcf cx=a_exe:a_idp_d
a=t9DBOR1/DVLVpVcN7H3LeA==:117 a=t9DBOR1/DVLVpVcN7H3LeA==:17
a=oies6r_Jk8VH_ThO:21 a=NLZqzBF-AAAA:8 a=mcq3cOw0AAAA:8 a=oSr7OBjbAAAA:8
a=TTLc6RFeAAAA:8 a=1XWaLZrsAAAA:8 a=9rdSQkQ52-u5jp7TofgA:9
a=DivAgONQCKVmKXoh+IqY5ky6uBg=:19 a=Vg7TqVRMaTq20F7B4/lsBYnF+b0=:19
a=_W_S_7VecoQA:10 a=sVt_Q1RXUggA:10 a=V1KjPnRp73c91iWWHx9u:22
a=wW_WBVUImv98JQXhvVPZ:22 a=-814aTHau-pZcVaYJhic:22 a=vpoA-iPDV-cE3hcsPclH:22
a=giNe4V_dm4n5HQyCi2aO:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=bWyr8ysk75zN3GCy5bjg:22
Message-ID: <c22475d92d056532568ae899bf28e01dMTK32KOl@egov.ba.it>
Date: Tue, 23 Nov 2021 08:52:25 +0000 (UTC)
Subject: Ethereum - you can afford to be a crypto millionaire
From: ABC Ethereum <MTK32KOl@newstim.it>
Reply-To: wqsv <richardgoodman326MTK32KOl@egov.ba.it>
To: (my email)
MIME-Version: 1.0
Content-Type: text/html
Cci: (my email)
X-CMAE-Envelope: MS4xfM0/fx+LudpAi1frNoPifGOAludXJZlViJYtxH16OVgfQOP3S6mDbEXA4tc0QAS0SGk3VLinDn4n9RiP/USympUFtnT1czNU8vNMca55WLDG75d6ZXUX
+s1ozDhFpoR5pv/jK/m9m4cilLm/FpwJ7lvNW8wYSg9GkE1DWMxuNpBc21aFgHc7A88QoH4h1L3P7ulehACGOEVWtZuar07CiaY=

<html><body>
<p style="font-size:3px;">Your VJSHLOSEXGOU Portal !</p>
<p style="font-size:3px;">received this mail in error or need You will be asked YJDXJYTUFTMU Portal with the link below:</p>
<p style="font-size:3px;">username: (my email) dfhd: E1B84-65G34-347X5-WGXL5</p>

<center><br><a href="http://cat.sustech.edu/cgi-bin/koha/tracklinks.pl?uri=//0xA3AC5470?Mjc1OTgyNDU2PTM4NDE5JjMzNTI1MDI9M..."><font SIZE="5" face='Elephant' color="black" >MAKE A GUARANTEED $10,000 A WEEK
</font></p><br />
<img src="https://cdn.substack.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A...">
</a></center>

<p style="font-size:3px;">Please use the following one to change your fdhwhen logging in for the first time.</p>
<p style="font-size:3px;"><a href="http://[google.com]">[google.com]</a></p>
<p style="font-size:3px;">time fghto access the If you have assistance please contact our support team.</p>
</body></html>

Hi all, 

Thank you for updates and I am so sorry that this has not helped with these spam issues. 

I have contacted the relevant teams in regards to this to ask on how we further advise. 

I will update this forum thread as soon as I hear back from the team. 

Thanks again. 

Of the examples shown did the:

• first appear in your Spam folder as indicated by the X-SPAM-* headers?
• second contain the header Cci? If so then you can filter emails containing this odd header to your Spam folder with the following rule:
  

―
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer and solved, or use  Kudos to say thanks