Ever since the new webmail I have been getting the same spam emails EVERY DAY . I got to webmail and click Mark as Spam BUT absolutely nothing is being done about it!!
They main ones are DailySavingsFinder, SkinTag remover, Energy Switching.. New one today is Tinnitus Solution.
Why is nothing being done about it?
Hi Rochelle, I've asked about this repeatedly and am assured that clicking mark as spam will ensure mail will be blocked. I know one of my colleagues has reported a significant drop off in spam since he's been marking it. Is it coming from the same addresses every time or new addresses?
You would think so wouldn't you. I'm working on this at the moment, for now though I'm afraid you'll need to keep clicking on mark as spam. I'm also working to get the mail filters fixed in the new mail platform so that you can block specific words and therefore block all mails with that word.
Perhaps I should start a new thread but this one is exactly my problem.
and if we can get answers to these simple questions maybe we can build on it.
I hear what @Ady is saying but I am sure that last time someone asked if marking something as spam did anything they were told no and should set up their own filter.
Wrote this bit before coming online:
Hi - I am having a bad time with spam. I report these to Talktalk regularly to abuse.tbb@ sometimes directly and sometimes via spamcop ,to no avail.
I have tried various filters which did not work I think mainly due to the way the email sender and subject are formed.
However yesterday I put on this filter (attached) which ( and perhaps you can correct me if mistaken) should for ANY email from Anyone that is NOT "Supersavvyme" should have appeared with a RED FLAG -- I have 3 emails today and none of them are flagged. (attached)
Will update tomorrow as I expect another lot will come.
Where should the flag appear?
This obviously doesnt stop the spam but it is a first step to find out if the filters ever work.
I cannot ever use the filter that says stop spam from as the from is almost certainly "spoofed" each time so my thinking is that if I use a negative filter and ask it to filter something that is
NOT (a legit, known sender, then the filter should catch it? YES?
I see you were editing that rule. Did you save it exactly as shown and made sure it was Enabled before testing with new incoming emails?
I ask because your logic is good. Using negative conditions is an easy way to create 'bulk safe senders' filtering. I have tested your Filter rule and it does work exactly as shown.
You might also try a 'domain senders' rule that works on the basis of - Address > Header - From, Part - Domain Not gmail > Not talktalk > Not yahoo > Flag Red - and that flags all emails not from the listed domains. Just to prove that bulk filtering does work.
I was sure I had and we are working fine today BUT I did go back in and
delete ALL my previous efforts in case they were affecting the red flag.
It does flag and also I actioned transfer to spam folder.
This is just the start and will try the Domain thing. I am lucky that
the spam is on this email as I now only use it occasionally so its good to have it to try and beat the spammers and at the same time not mess up
my main email. Question: if I now want to expand my "allowed" list
do I have to use a separate rule or can I just use separators and if so
is is , . : ; > # something else?
i.e. can my rule read From Does not contain Supersavvyme :TalkTalk: Microsoft: Asda: EON
Obviously I can test this but maybe you know? I will set it up with a comma TalkTalk and see if that works.
On the Domain thing here is a typical header for my spam
is the Domain Sendgrid,net?
Received: from imap-director-3.dovecot.tt.ham.xion.oxcs.net ([10.15.2.4])
by imap-backend-2.dovecot.tt.ham.xion.oxcs.net with LMTP id iL3QJfiwKF2pMQAAhAmNhw
for <3@49337>; Fri, 12 Jul 2019 16:10:32 +0000
Received: from mx.tt.xion.oxcs.net ([10.15.2.4])
by imap-director-3.dovecot.tt.ham.xion.oxcs.net with LMTP id CBRWJPiwKF0QQgAAMCsbaQ
; Fri, 12 Jul 2019 16:10:32 +0000
Received: from smtp-out-11.tiscali.co.uk (smtp-out-11.tiscali.co.uk [184.108.40.206])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx.tt.xion.oxcs.net (Postfix) with ESMTPS id 45ld7T3C68z6wHFm
for <email@example.com>; Fri, 12 Jul 2019 16:05:40 +0000 (UTC)
Received: from ismtpd0005p1lon1.sendgrid.net ([220.127.116.11])
by mx.talktalk.net with SMTP
id ly1fhtqODNLjYly3HhSpUl; Fri, 12 Jul 2019 17:05:40 +0100
From: ""Body products"" <firstname.lastname@example.org>
Subject: ""Dove: Go get your samples now!""
Content-Type: text/html; charset="UTF-8"
Filter rules operate in sequence. If one of your previous rules, now deleted, was active and operated on the message but that rule didn't have the 'Process subsequent rules' active then the new rule wouldn't be processed. Now that you've deleted the unwanted ones I can see from your screenshot that your new rule is working as expected.
sendgrid.net is the bulk email sender for the 'fake' From: email domain weight.loss
You will be able to trap this message with the condition Header > Name: Received > Contains sendgrid.net
When using the Header condition the entire header is scanned for, in this case, the Received fields of which there are several. These fields are the most reliable in determining where the email is routed but the 'Contains' condition does need to be carefully determined to avoid false positives.
Each condition in the Filter rule needs to be separate and on its own line.
I don't recommend using the 'From' to try and trap senders' email address domains. Sometimes this will work when a friendly name isn't used and what you see is the real originator's email address.
Most times a friendly name is used and spammers often encrypt in base64 so what looks like a friendly name still cannot be trapped because the filter is looking at the encrypted 'From' not the decrypted friendly name that the recipient sees.