on 14-02-2024 12:49
For some time now, I have been receiving weekly(ish) phishing blackmail scam emails saying he (the scammer) has taken very dodgy webcam footage of me, and will share with all my friends on family on social media unless I pay bitcoin to an untraceable account. Obviously there is no such footage so I'm not worried about that, and I'd normally just add the scammers email address to the Blocked Email address list (currently 250 limit) and move on. However, the scammer has managed to spoof the email sender details to make it look like the sender (me@blueyonder) email address is exactly the same as the receiving (me@blueyonder) email address! Obviously I'm not sending myself blackmail scam emails and can't add myself to the blocked list, so I currently just delete them them as they appear. Is there any way to stop them arriving in the first place? Regards, Tony.
14-02-2024 16:10 - edited 14-02-2024 16:55
Consider creating a webmail Filter Rule similar to the following:
NB: grey coloured Condition area is created by selecting Nested condition and the filter rule is only applied if a message is delivered to your Inbox folder and:
Be aware that the miscreants may workaround this Filter Rule.
It is important that you regularly review the content of the Spam folder to make sure the Filter Rule is working as expected. Once you are confident it is you may wish to change the action to just a Discard action so the message is permanently deleted on receipt.
--
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks
on 14-02-2024 16:29
Hi 用心棒
Many thanks - I will certainly try this. I have created the filter rule exactly as per the example (not RB@VM obviously) but I do have a question - should the Header condition say Does Not Match? I would have thought it should say Does Match? Can you clarify please? Regards, Tony
on 14-02-2024 16:49
Does not match is correct as using Match would result in the rule matching email you actually sent.
I have amended my previous post to handle the case where there is no X-Authenticated-Sender header.
on 14-02-2024 17:00
OK, thanks for the clarification. My email address is the old @blueyonder.co.uk version. Is this covered by the X-Authenticated-Sender thing? How do I know if it is, or it isn't?
on 14-02-2024 17:30
It seems likely that when the from email addresses is a blueyonder.co.uk alias the X-Authenticated-Sender will be alias's main email address, To confirm if this is the case send an email to yourself using an alias and:
on 15-02-2024 11:36
Hi - I tried 3 versions of filter rule as described (one with Does Not Exist, one with Does not Contain and one with both, but it directed ALL inbound emails to Spam. I also sent myself an email as suggested, and checked the Source, and emails sent to myself have X-Authenticated-Sender - see screenprint - but the scammer emails don't have X-Authenticated-Sender anywhere in the source data.
I did notice the MESSAGE-ID in the source data from scammer emails were different each time, but all were @blueyonder.co.uk. For example, the two most recent...
967607656.202402120135@blueyonder.co.uk and
65CA32BA.5060205@blueyonder.co.uk
Is it possible to set up a filter to send all emails from @blueyonder.co.uk to Spam? I would monitor it for genuine emails, but that's not a problem. Can you advise please?
on 15-02-2024 13:26
Sorry to read that but it is odd as the From condition excludes the rule from matching other email address,
Try the following to match all email addresses claiming to be from a blueyonder.co.uk address:
on 15-02-2024 14:00
Hi - I will try all the X-Authenticated-Sender options again, in case I made a mistake, and let you know. Many thanks for this alternative. I set up this new filter rule and sent myself an email - it went straight to Spam. If the X-Authenticated-Sender options don't work as intended, I will go with this. Thanks again.
Incidentally, if VM know these emails are Spam, why don't they just route them to the Spam folder automatically, rather than the Inbox?
on 15-02-2024 15:10
I wasn't using the nested option previously, so I tried editing the filter, exactly as you have it - my screenprints below - but it won't let me proceed, ie Save. Am I doing something wrong?