Blocking spam emails that say the sender is me
I am having unwanted spam emails coming into my inbox. It shows that the sender is my email address so I cannot block it. Looking at the header I can see 2 or 3 "Received from" servers which I want to block. The subdomains keep changing for example one might be: Received: from bospopproxy12.eigbox.net ([10.20.15.3]) by bospop36.eigbox.net with LMTP and the next day maybe: Received: from bospopproxy18.eigbox.net ([10.20.15.9]) by bospop36.eigbox.net with LMTP How can I block the domain eigbox.net or maybe their IP range? Further down the header might be other "Received from"servers, which one is the last so that blocking it would be enough? Thanks
Alle antwoorden (6)
Yes, I get those types of spam as well.
I looked at the 'View' > 'Message Source'
I discovered many of these emails had a 'Reply-to' setup in the headers. check the source to see if it also has a 'Reply-to' header included.
I set up a 'Message Filter' which used this:
- Getting New Mail and 'Filter after Junkclassification'
- 'Match ANY of the following'
- 'Reply-to' 'contains' and typed the domain part of email address - the bit after the @ sign.
This means I can easily edit this Filter by adding an additiona; condition click on the small + to add another line for any other 'Reply-to' domain
Action:
- 'Set junk status to' and 'Junk'
- 'Move Message to' and chose Junk on account.
The 'Received:' headers are just various servers and they may be legit. The 'REceived' which is nearest the top is received onto the the server holding your account. As you read down it's going back in tiime, so the one which is at the bottom and neat the FROM, SUBJECT, REply-to section is the first server to receive the email, but it received it from the sender, so I would not base anything just on the server name.
The domain eigbox.net doesn't have a website but it appeared the domain is used for a hosted e-mail service. The Hosting Provider is 'iPage'. So someone has paid for that domain to be used for email.
There is nothing indicating it not legit. I also checked it here: https://uk.godaddy.com/whois/results.aspx?domain=eigbox.net&isc=cjc99com&cjelbDays=45&AID=11774111&utm_source=cj&utm_medium=affiliate&utm_campaign=xx-xx_corp_affiliate_11774111_001&utm_content=Digital.com%2c+LLC_5431449&tgt=100126636&cjdata=MXxZfDB8WXww
Thanks Toad-Hall, Unfortunately the source doesn't have any "Reply-to" reference so I can't create the filter that you suggested. However it has a "Return-Path" (which is also my address) is this the same as "Reply-To"
By the way, what is the difference between "Delibered-to" and "Envelope-to"?
Bewerkt door thebowman op
It might be helpful to post an image showing the souce content - you can mask out anything that specifically mentions your email address.
Attached is the code. My email is blurred. Thanks
You can add the received header to filters as a custom entry, but the results can be more than a little random as the filter acts on the first occurrence of the field. Those have multiple occurrences,my understanding is will generally action the occurrence nearest to the top of the message header. You would think this would meet your need. Probably not.
The first two entries on that list have an IP in the 10.x.x.x range. Like those in a 192.x.x.x range those addresses are for an internal (private) network. At one time my local home network used the 10.x.x.x range. The literals used are therefore local network addresses.
The real originating address is with hilan telecom hilan.com.br apparently from Valparaíso de Goiás in Brazil.
For your purpose, the header X-Originating-IP may be the thing to use. That is unless you know folk or deal with Hilan customers. You could just block mail where the originating IP is that shown. (But it might not be stable if someone is sending it from a home internet connection to pay their bills) But received headers are really a hopeless issue as indicated by Toad Hall.
Matt is totally correct.
The other consideration you might be able to use is the 'Subject'.
See if there are any words you seem to get in those types of email which you would be unlikely to get in a normal email. Such as 'suspected' or 'harmful'.
You could create a message filter along the lines of:
- Getting New Mail and 'Filter after Junk classification'
- 'Match ANY of the following'
- 'Subject' 'contains' and type: harmful
- click on the small + sign to enter another line
- 'Subject' 'contains' and type: suspected
If you get more emails you can add more of those 'Subject' lines entering those more unusual words you are less likely to get in a normal email.