Menu
Reply
TryingToBeHappy
  • 19
  • 0
  • 6
On our wavelength
469 Views
Message 21 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

Still getting these every couple of days - just long enough to allow you to think it’s stopped!!! 

0 Kudos
Reply
Jodi_S
  • 1.78K
  • 105
  • 182
Forum Team
Forum Team
449 Views
Message 22 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

Hi TryingToBeHappy,

 

thanks for posting on our community forums. We understand what a nuisance spam emails can be and how frustrating it is when they are relentlessly appearing in your inbox.

 

As our valued community members have already offered you a wealth of knowledge and advice we can only apologise these emails are still appearing.

 

We would like to share a few links with you in the hope this might alleviate some of the emails you're receiving. 

 

Please check here. We have also included another here.

 

Kind regards Jodi.

 

ALF28
  • 855
  • 14
  • 90
Well-informed
437 Views
Message 23 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

Good advice from jodi_s with the spam help page links.

The spam seems to have reduced lately I am pleased to report.

I had nine up to now  from 1/3/21 to 7/3/21   (7 day period)

5 are tagged spam, 4 not tagged

breakdown-

3 x dating spam   

3 x betting emails- always get these some from Australia

1 x newsletter possibly forged version political  (regular one but has different source to usual)

1 x gmail spoofed sender with my own name (regular one) since 2018

1 x spoofed sender no subject just with link  (regular one)- unknow since 2018

I put them all in the spam folder.

alf28

0 Kudos
Reply
ALF28
  • 855
  • 14
  • 90
Well-informed
415 Views
Message 24 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

DATING EMAILS

I have 3 different senders ;

some are from goodtastestories and have no message just a link

others are from sender aativamail.com that do show a message but no link

Looking at the headers, the format is the same for both senders with similar header content, so they are by the same author but no readable text message shown In the body, yet the aativamail.com does show readable  messages.

I have never seen this before, where text in the body is not shown in the header unless the text is also remote content?

The sender address is spoofed so, probably sent via an smpt relay or a spambot.

The source changes every time so is probably via spambot/botnet.

examples-

from- pretty,girl.lotte,eva,emma, julia., dating1

subjects are- good day, greetings, I like you, hello there, I am bored, I am in love, I want XXX, hallo

I also have one from another source different which is similar to the Canadian pharmacy spam where it is addressed to a list of  5 people all with ntlworld.com addresses, that particular spammer has been sending for a few years. Strange they do not us blind copies but put all the names in the TO header, most spammers use bcc.

The code used in some of these emails may contain remote content, attachments,downloads, links and look to be by a hacker after data or trying to deliver malware, and they may bypass text only views if you forward them or click on anything.

virgin is tagging all these as spam which is excellent.

I will continue to ignore these dangerous emails which have suddenly started  since 15/2/2021

alf28

 

 

 

 

 

0 Kudos
Reply
Robert_P
  • 2.57K
  • 129
  • 218
Forum Team
Forum Team
405 Views
Message 25 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

Thanks ALF28, if there is more we can look into please just let us know.

 

Rob

0 Kudos
Reply
TryingToBeHappy
  • 19
  • 0
  • 6
On our wavelength
392 Views
Message 26 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

Thank you for the updates.  I got another this morning... 

Robert_P - what VM can do is STOP DELIVERING THESE SPECIFIC MAILS TO THIER USERS.

 

ALF28 has identified the offending domains and/or markers - so just stop them. 

 

 

 

 

ALF28
  • 855
  • 14
  • 90
Well-informed
350 Views
Message 27 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

EMAIL ENVELOPES

I notice with spam emails they use "envelopes" in the header to spoof from/to headers and also in the body to hide the content so when delivered the envelope is opened similar to a letter.

The subject is complex and is html code, but I have looked this up-

see-   Anatomy of an Email: Envelope & Body Content - Email Marketing Rules

Email Marketing 101: Anatomy of an Email | Oracle Marketing

Email messages: header section of an email-message, email-message envelope, email-message body and S...

What is email envelope and email header - MyBlueLinux.COM

Spam/scam emails are very complicated and some have remote content which can be dangerous, I make sure that html, images and graphics are not ticked in email setting , in fact the only one I tick is show read receipts.

mail Display  (settings)

Allow HTML formatted email messages
Allow pre-loading of externally linked images
Display emoticons as graphics in text email messages
Colour quoted lines
Use fixed-width font for text email messages
Show requests for read receipts
 
Looking at older emails from 2020 the techniques used in the header code is very similar, sometimes the email message is just  a block of random text which is odd and is  "Content-Transfer-Encoding: base64"  (as in goodtastestories.com dating emails)
 
 
The mind boggles.
alf28
0 Kudos
Reply
ALF28
  • 855
  • 14
  • 90
Well-informed
343 Views
Message 28 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

 aativamail.com , goodtastestories.com (dating emails)

I still get these (  aativamail.com yesterday-often repeated) but they are tagged spam so to be ignored, they have been reported to action fraud but "not stopped", some can contain images.

They may be hard to stop as the spammer  switches server and country each time to hide the true sender-they are spoofed, but the sender address is fixed and that can be used to filter them.

Virgin can inspect any new spam similar to this if put in the spam folder.

alf28

0 Kudos
Reply
coenoby
  • 1.98K
  • 273
  • 1.22K
Super solver
320 Views
Message 29 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

 


@ALF28 wrote:

 aativamail.com , goodtastestories.com (dating emails)

I still get these (  aativamail.com yesterday-often repeated) but they are tagged spam so to be ignored, they have been reported to action fraud but "not stopped", some can contain images.


To be honest, the main thing agencies such as Action Fraud or The National Cyber Security Centre  should be focused on is to engage with the relevant hosting authorities to get any malicious links that get reported closed down at the earliest opportunity. Closing down those links prevents more potential victims from being scammed although of course the scammers can still open new ones.

Expecting them to stop new phishing / scam email messages being sent is very optimistic for the reasons you give in your post.

As an aside, I don't use Virgin Media email for many reasons. I do have an ntlworld.com address and a virginmedia.com address but I only use them for testing purposes when helping on this forum.

Up until a few months ago both those accounts received zero spam. However, now the ntlworld.com address gets a steady trickle of aativamail.com and goodtastestories.com emails but none from elsewhere. The VM spam filters do catch them though. 👍

Coenoby

 

 

*******************************
I am just another Virgin Media customer.
If someone posts a useful reply you can say thanks by clicking on the thumbs up sign in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as a Helpful Answer
TryingToBeHappy
  • 19
  • 0
  • 6
On our wavelength
310 Views
Message 30 of 56
Flag for a moderator

Re: Stopping SPAM from being delivered..

I really appreciate everyone weighing in here - you're patient responses are both reassuring and informative. The anxiety caused by this situation is real so thanks for this.

It is indeed great that the flood is now a trickle. It is also great that the trickle is being successfully caught and sent to the spam folders.

What I fail to understand, now that the offending mails are so clearly understood and easily identifiable, is why they even have to be delivered. Just block them at source??