cancel
Showing results for 
would you rather see results for 
Did you mean: 
Need help?

Spam emails

Reply
8 REPLIES 8
Rochelle
Insightful One

Ever since the new webmail I have been getting the same spam emails EVERY DAY . I got to webmail and click Mark as Spam  BUT absolutely nothing is being done about it!!

They main ones are DailySavingsFinder, SkinTag remover, Energy Switching.. New one today is Tinnitus Solution.

Why is nothing being done about it?

Community Team

Hi Rochelle, I've asked about this repeatedly and am assured that clicking mark as spam will ensure mail will be blocked. I know one of my colleagues has reported a significant drop off in spam since he's been marking it. Is it coming from the same addresses every time or new addresses?

Rochelle
Insightful One

@OCE_Ady 

HaHa - just checked and they are from different email addresses each time. Surely they can block the title as well!!

Community Team

You would think so wouldn't you. I'm working on this at the moment, for now though I'm afraid you'll need to keep clicking on mark as spam. I'm also working to get the mail filters fixed in the new mail platform so that you can block specific words and therefore  block all mails with that word. 

cedlor
Participant

Hi

Perhaps I should start a new thread but this one is exactly my problem.

and if we can get answers to these simple questions maybe we can build on it.

I hear what  @Ady is saying but I am sure that last time someone asked if marking something as spam did anything they were told no and should set up their own filter.

 

Wrote this bit before coming online:
Hi - I am having a bad time with spam. I report these to Talktalk regularly to abuse.tbb@ sometimes directly and sometimes via spamcop ,to no avail.

I have tried various filters which did not work I think mainly due to the way the email sender and subject are formed.

However yesterday I put on this filter  (attached) which ( and perhaps you can correct me if mistaken) should for ANY email from Anyone that is NOT "Supersavvyme" should have appeared with a RED FLAG -- I have 3 emails today and none of them are flagged. (attached)

Will update tomorrow as I expect another lot will come.
Where should the flag appear?

This obviously doesnt stop the spam but it is a first step to find out if the filters ever work.

I cannot ever use the filter that says stop spam from as the from is almost certainly "spoofed" each time so my thinking is that if I use a negative filter and ask it to filterspamstop1.pngspamstop2.png something that is 

NOT (a legit, known sender, then the filter should catch it? YES?

Thanks

 

 

 

 

 

 

 

 

 

Rochelle
Insightful One

@OCE_Ady  Thanks, I appreciate what you are trying to do.  If you can do anything about the notifications from this Forum  going directly to my Trash folder that would be great. This is why I don't see them and answer promptly!!

Gondola
Community Star

Hi @cedlor 

 

I see you were editing that rule. Did you save it exactly as shown and made sure it was Enabled before testing with new incoming emails?

 

I ask because your logic is good. Using negative conditions is an easy way to create 'bulk safe senders' filtering. I have tested your Filter rule and it does work exactly as shown.

 

You might also try a 'domain senders' rule that works on the basis of - Address > Header - From, Part - Domain Not gmail > Not talktalk > Not yahoo > Flag Red - and that flags all emails not from the listed domains. Just to prove that bulk filtering does work.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer

cedlor
Participant

Thanks @Gondola  

I was sure I had and we are working fine today BUT I did go back in and

delete ALL my previous efforts in case they were affecting the red flag.

It does flag and also I actioned transfer to spam folder.

This is just the start and will try the Domain thing.  I am lucky that

the spam is on this email as I now only use it occasionally  so its good to have it to try and beat the spammers and at the same time not mess up

my main email.  Question: if I now want to expand my "allowed"  list

do I have to use a separate rule or can I just use separators and if so

is is  , . : ; > #  something else?

 

i.e.  can my rule read   From Does not contain Supersavvyme :TalkTalk: Microsoft: Asda: EON 

Obviously I can test this but maybe you know? I will set it up with a comma TalkTalk and see if that works.

 

On the Domain thing   here is a typical header for my spam

is the Domain Sendgrid,net?

Return-Path: <>
Delivered-To: 3@49337
Received: from imap-director-3.dovecot.tt.ham.xion.oxcs.net ([10.15.2.4])
by imap-backend-2.dovecot.tt.ham.xion.oxcs.net with LMTP id iL3QJfiwKF2pMQAAhAmNhw
for <3@49337>; Fri, 12 Jul 2019 16:10:32 +0000
Received: from mx.tt.xion.oxcs.net ([10.15.2.4])
by imap-director-3.dovecot.tt.ham.xion.oxcs.net with LMTP id CBRWJPiwKF0QQgAAMCsbaQ
; Fri, 12 Jul 2019 16:10:32 +0000
Received: from smtp-out-11.tiscali.co.uk (smtp-out-11.tiscali.co.uk [62.24.135.139])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx.tt.xion.oxcs.net (Postfix) with ESMTPS id 45ld7T3C68z6wHFm
for <xzxzxzxzxz@tiscali.co.uk>; Fri, 12 Jul 2019 16:05:40 +0000 (UTC)
Received: from ismtpd0005p1lon1.sendgrid.net ([178.128.242.26])
by mx.talktalk.net with SMTP
id ly1fhtqODNLjYly3HhSpUl; Fri, 12 Jul 2019 17:05:40 +0100
X-Delivered-To: XZXZXZXZXZ@tiscali.co.uk
From: ""Body products"" <dragon.judges.39208@weight.loss>
Subject: ""Dove: Go get your samples now!""
Content-Type: text/html; charset="UTF-8"
X-CMAE-Envelope: MS4wfPg6xnC9sWBPio013tpw/BrzXH5fxU3RBI6achLBNckZQNknbDkqxtskx+Jezne4xjwKfFYQVsIPiBR9Aj8iXMreBq7bUttlkpqkQGsX3MCZKfPUHach
O0EVG6jn3KaoiKULztTX6IsUjd3UtuwcioqxbVrDbb4zISMNxnQh3J9+</dragon.judges.39208@weight.loss></xzxzxzxzxz@tiscali.co.uk>

<center>

spamstop3.png

 

Gondola
Community Star

Hi @cedlor 

 

Filter rules operate in sequence.  If one of your previous rules, now deleted, was active and operated on the message but that rule didn't have the 'Process subsequent rules' active then the new rule wouldn't be processed. Now that you've deleted the unwanted ones I can see from your screenshot that your new rule is working as expected.

 

sendgrid.net is the bulk email sender for the 'fake' From: email domain weight.loss

 

You will be able to trap this message with the condition Header > Name: Received > Contains sendgrid.net

 

When using the Header condition the entire header is scanned for, in this case, the Received fields of which there are several.  These fields are the most reliable in determining where the email is routed but the 'Contains' condition does need to be carefully determined to avoid false positives.

 

Each condition in the Filter rule needs to be separate and on its own line. 

 

I don't recommend using the 'From' to try and trap senders' email address domains.  Sometimes this will work when a friendly name isn't used and what you see is the real originator's email address.

 

Most times a friendly name is used and spammers often encrypt in base64 so what looks like a friendly name still cannot be trapped because the filter is looking at the encrypted 'From' not the decrypted friendly name that the recipient sees.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer