Menu
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
1,026 Views
Message 51 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

LORUM IPSUM- TEST OF FILTERS

Thanks the suggestion,

I have done the test LOREM IPSUM in the filter  and as you confirmed, and  the filter is not case sensitive.

This means the filter will pick up the words and ignores the upper or lower case status, so that makes filtering easier.

I tested several conditions such as contains, matches, is exactly and sent my self emails 3 times and all worked with lower case  lorem ipsum in the subject and all were filtered to my test folder lorem ipsum. This makes setting up the filters simpler knowing this fact.

Thanks a lot for the help.

 

0 Kudos
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
959 Views
Message 52 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

LATEST UPDATED VERSION OF REGEX FILTER, "FROM" AND "SUBJECT" THAT I AM USING-

condition "from"     regex-  (updated 28/12/2020)

contact|notification|action|sainsbury|asda|customer|MBNA|Amazon|haob|CBD|Tesco|Russian|ebill|mamba|tulip|Dyson|hargrey|Canada|umberd|norton|lifelock|funeral|tsb|notice|Last|Auto|Renewal|licence|Subscription|Reminder|expired|Macafee|balance|payment

("from"- regex filter-note in some cases if you may want Tesco or Amazon  etc. then delete them out of the string. Be careful if discard is used as some wanted   emails could be discarded by this filter, I file to a named folder rather than discard, allowing inspection filtered emails)

 

---------------------------------------------------------------------------------------------------

condition "subject"     regex-   (updated 28/12/2020)

canada|verification|hello|claimed|contact|prize|account|balance|trial|beneficiary|offer|hi|compensation|quote|confirmation|coin|bit|infected|virus|£|MBNA|Russian|<SPAM>|free|win|selected|Ray Ban|McAfee|norton|funeral|tsb|Bit_coin|notice|Last|Auto|Renewal|licence|Subscription|Reminder|expired|Antivirus|BTC

("subject" -regex filter -note in some cases if you may want Norton or TSB  etc. then delete them out of the string. Note I have added <spam> in subject to catch tagged spam but be careful if discard is used as wrongly tagged emails could be discarded, I file to a named folder)

____________________________________________---

NOTES-

1.filters are not case sensitive so  upper and lower case duplications removed

2.keywords added that spammers use a lot in formatting emails

3.be careful using action discard or you might loose genuine emails, best to action to file -chosen named folder such as "unknownspam" allowing inspection.

4.modify filters to your own requirement, you may want tesco, amazon etc if you get genuine emails from companies you do use but beware of spoof emails faking genuine  companies.

NEW FILTER-suggested 

use a single filters to detect emails using your own name in the "from"and "subject" as this is often done with spam/spoofing

(they insert your name in the subject or from field to try and get your attention, they derive this from your email address if it contains your name e.g-

john.smith500@somewebsite.co.uk,  so will use john.smith500 typically)  I do this and it filters a lot of the spam.

------------------------------------------------------------------------------------------------------------------------------

condition "from" contains --your first name

condition "from" contains your surname

condition "subject" contains --your first name

condition "subject" contains your surname

 

--------------------------------

alf28

 

 

 

 

0 Kudos
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
947 Views
Message 53 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

NOTE OF CAUTION- your own name filtering

If filtering your own name and surname in "from" and "subject" fields to block spam, it could block emails for people with the same name(s) as yourself,

so may be better to filter with the full first part of the email and filter with contains "is exactly"

e.g.is exactly    john.smith500, this would prevent filtering of emails from john or smith

I am not sure what the difference is between filters "is exactly" and "matches"  ???

be careful what you filter.

alf28

0 Kudos
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
936 Views
Message 54 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

FILTER EMAILS NOT ADDRESSED TO YOU

I use a filter for emails not addressed to me-

example- condition "to"  does not contain    john.smith500@anywebsite.co.uk  (your own email address)

This picks up emails addressed to the wrong person or not direct to you, happens a lot with blind copies, use of cc,bb etc by spammers., so you may have another persons name in the "to" field like joe bloggs, not your own, I get this a lot.

use with care, could block newsletters, but you may want them.

alf28

0 Kudos
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
891 Views
Message 55 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

Last updates-

my recent updates to regex filter "from"

noingday|c.b.d|reactivate|morrisons|   (additions)

my recent updates to regex filter "subject"    

risk|activate|join|surprise|prize|morrisons|survey|cbd     (additions)

If you do receive genuine emails from morrisons do not add to the filter, in my case, morrisons is with a different email client ,so I know morrisons emails to my ntlworld.com email address are probably fake/spoofed

seems like everyone gets different spam at different times.

the filtering requirements in settings will be different for each person, and tailored to the type of spam received and the sender addresses, so no point in me providing further updates as they may not apply to other people, so will make these my last updates as they may not apply to most people.

I continue to use the boothy99 regex filter also catching repeat emails.

The method you use may be the same but the filter content may be different, tailored to suit the individual needs, if you decide to use regex filtering.

alf28

0 Kudos
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
817 Views
Message 56 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

spelling mistake on mcafee so published my recent filter updates again-

condition "from"     regex-  (updated 2/1/2021)

delivery|dpd|bbox|kailo|security|cannabis|noingday|c.b.d|reactivate|morrisons|contact|notification|action|sainsbury|asda|customer|MBNA|Amazon|haob|CBD|Tesco|Russian|ebill|mamba|tulip|Dyson|hargrey|Canada|umberd|norton|lifelock|funeral|tsb|notice|Last|Auto|Renewal|licence|Subscription|Reminder|expired|mcafee|balance|payment

 

("from"- regex filter-note in some cases if you may want Tesco or Amazon  etc. then delete them out of the string. Be careful if discard is used as some wanted   emails could be discarded by this filter, I file to a named folder rather than discard, allowing inspection of filtered emails, a lot of fake dpd delivery notices recently) 

 

---------------------------------------------------------------------------------------------------

condition "subject"     regex-   (updated 2/1/2021)

parcel|dpd|update|cart|weight|miracle|pain|important|risk|activate|join|surprise|prize|morrisons|survey|cbd|canada|verification|hello|claimed|contact|account|balance|trial|beneficiary|offer|hi|compensation|quote|confirmation|coin|bit|infected|virus|£|MBNA|Russian|<SPAM>|free|win|selected|Ray Ban|McAfee|norton|funeral|tsb|Bit_coin|notice|Last|Auto|Renewal|licence|Subscription|Reminder|expired|Antivirus|BTC

 

("subject" -regex filter -note in some cases if you may want Norton   etc. then delete them out of the string. Note I have added <spam> in subject to catch tagged spam but be careful if discard is used as wrongly tagged emails could be discarded, I file to a named folder for inspection)

____________________________________________

be careful of emails that may look genuine but are fake

alf28

 

0 Kudos
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
801 Views
Message 57 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

email headers- check the source.

Some emails evade spam filters using "office business software and mailbox exchange" which can hide the original email address and substitute a spoofed email sender address, so easy to do by professional spammers or businesses using software to format emails, they can use a specific sender address for each contact like an alias, hiding the true sender address.

I get some using "Microsoft office  & outlook software" which usually get past the virgin spam filters and the original sender's name/email is disguised, but can be viewed in the headers, so if unsure check "view source" to see the headers, and the IP addresses can be looked up, to check the "source  IP address" and other IP's in the email headers.

Many of the the email money scams use office software to generate the emails and bulk sending. The headers are usually very long and have strings of meaningless text included. 

Sometimes the original sender will not have a name, just random letters/numbers in the address, hard to identify or may use a temporary email address used for spamming which can be discarded. 

However some may be genuine, I do get some that that fall into this category but I know the sender/firm so not easy to separate fakes from genuine and they are not spam but they use software to generate the email or use a bulk email sender.

Most people know which emails are genuine as they get them regularly.

alf28

 

0 Kudos
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
735 Views
Message 58 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

useful email header analyzer-

Email Header Analyzer, RFC822 Parser - MxToolbox

look at view source to show headers-then

simply highlight headers, then copy and paste into the analyzer

a good tool to check email source ip address

-------------------------------------------------

recent fake spam- lidl

I have added lidl and git.hrqhealth to my from filter, and also the keyword "deal" to from and subject filters.

analysis shows that the lidl email (sender git.hrqhealth) is from an obscure american "email hosting server"  - looked up the source ip address and the email  of the sender using-

was sent via rocketman push dispatcher. SPF Authentication failed for ip address.

IP Tracker: Trace & Track IP Address, IP Tracer, Find My IP Location (ip-tracker.org)

Email Lookup, Checker, Tracker | Check Email Address For Free (ip-tracker.org)

If unsure about an email that may be fake/spam you could  analyze  the email using these tools/links 

alf28

 

0 Kudos
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
661 Views
Message 59 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

CAN I BEAT THE SPAMMER?- use their own spam advertising language against them.

My latest method is to use the same keywords as the spammers use, to filter the spam, beat them using their own spam words.

I am trialling new filters just based on "spam words only".

Observing spam over a few years, they repeat the same advertising phrases over and over again.

This is the most reliable method, as each email is unique so difficult to block a changing email address. Where an address does repeat then the last part of it can be used to filter e.g. @somecompany.com could be used in the from filter.

Examples of language used by spammers- congratulations, casino, won, win, prize, invest, cash, offer, exclusive, bit, coin, miracle, virus etc.

I have approx 100 words A to Z,  typically used by spammers most of the time in "subject" , "from" and "body".  I "split" them across a few regex filters to keep it manageable and just keep adding to it. Takes a while to type it all in, but once set up works for ever. I use spam A  to L,  spam M _ Z so filters do not get to big have split across two. It may be possible also to use numbers like 100% or  characters, but filters do not always accept things, I uses the £ which seems to work.

Although my existing filters block most spam, this will enhance the filtering close to 100% I hope.

However some spammers use special characters in words to prevent word filtering, so some will always get through.

I filter the spam to a named folder so it can be "checked" before deletion (some might be genuine), any spams that do get through  the spam filter are reviewed the and my filters then modified to catch it next time.

It is impossible to filter the ip address as they change all the time, or the sender email address which can change also.

IP addresses can be spoofed by some spammers.

(spammers often use their own servers and software  or use bulk mailers or bots to send out spam- probably why it is so difficult to block the spam)

(the majority of spam has a spoofed sender address, different to the received address so is spoofed or via a third party sender)

Blocking spam can protect against dangerous malware and fraud. Do not click on any  spam  links , attachments and  downloads or images.

Fake websites that are linked to spam emails can download keyloggers, trojans. malware etc,

Recently Virgin are letting a lot of "untagged spam" through, so I find my personal filters can do the job effectively but the spam is "so obvious" it is strange that the Virgin's own spam blockers do pick up the spam?

Latest spam is covid19, virus warnings, cindy, dyson.  Last few strange emails show all the html code in the body of the email.

alf28

0 Kudos
Reply
ALF28
  • 1.09K
  • 20
  • 117
Knows their stuff
601 Views
Message 60 of 60
Flag for a moderator

Re: VIRGIN MEDIA - AN IRRESPONSIBLE ORGANISATION - ALLOWS SPAM IN BUT NOT OUT

A very good article to keep your email safe and secure,

see  Q&A: How can I keep my email address off of spam email lists? (ricksdailytips.com)

I recently clicked on a fake delivery notice  and got something strange on my computer not found by antivirus but by antirootkit, it was called a trojan dropper and was hiding in a zip file, has since been added to some antivirus.

I use several methods to check for malware, best not to rely on just one.

alf28

 

0 Kudos
Reply