Learn to build secure applications from the mindset of the hacker and avoid being exploited.
How to stop weird spam messages
Lately I have been getting unusual spam, several times per week, and would like to know if there is any way of avoiding it.
The messages are always directly addressed to my own email address, they are always from a different sender, with different subject, different body text and a different link. I once tried clicking the link (on a public computer, not my own!) but the A/V prevented it, because it saw a threat.
While every message is different, they all have the same general format. I have attached two examples.
Because every message is so different, I have not been able to filter them, neither on my ISP, nor in my email program (Operamail). I do not use any of the popular webmails like Gmail; instead my email is with TPG.com.au
Does anybody have any ideas that can filter this type of spam?
The messages are always directly addressed to my own email address, they are always from a different sender, with different subject, different body text and a different link. I once tried clicking the link (on a public computer, not my own!) but the A/V prevented it, because it saw a threat.
While every message is different, they all have the same general format. I have attached two examples.
Because every message is so different, I have not been able to filter them, neither on my ISP, nor in my email program (Operamail). I do not use any of the popular webmails like Gmail; instead my email is with TPG.com.au
Does anybody have any ideas that can filter this type of spam?
Asked:
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Does your current email server hosting TPG.com.au have a Spam filtering in place? If this is managed by the ISP, you may want to get to configure something on their end to block such spam emails.
Another alternative is to get a Mail.com account and pay the modest annual fee for forwarding. They have a top notch spam filter. I use mail.com myself.
Or get your mail host to implement and set up Spam Assassin. That works well also.
Or get your mail host to implement and set up Spam Assassin. That works well also.
These messages look like they should be easily filtered by Bayesian filtering. CRM223, SpamAssassin or any of the other commercial spam filters should do the job. (But if you're not hosting your own email server, this is a service that your ISP should be providing!)
If you're hosting your own MTA, odds are that when you examine the MTA log and look at the IP addresses most of this will be found to be not coming from where it purports to be sourced, but instead from server farms and less-reputable countries outside the US. On linux, iptables can be used to lock out troublesome areas (Asia, Russia, Africa, South America) and the major spam-tolerant server farms such as godaddy and digitalocean hosting.
If you're hosting your own MTA, odds are that when you examine the MTA log and look at the IP addresses most of this will be found to be not coming from where it purports to be sourced, but instead from server farms and less-reputable countries outside the US. On linux, iptables can be used to lock out troublesome areas (Asia, Russia, Africa, South America) and the major spam-tolerant server farms such as godaddy and digitalocean hosting.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Can you post one header of the message and source of the body ? Try to install ESET Smart Security on local machine and check how it would work for you.
@Antzs yes, TPG have a spam filter, which is enabled. Apart from the built-in filters, I can specify addresses or domains (useless in this case) and I can specify filters using field values - again of no use for these emails.
However, you have prompted me to contact TPG and see if they can suggest something. I should have thought of that before, but I have done so now.
@Olgierd Here's a sample:
However, you have prompted me to contact TPG and see if they can suggest something. I should have thought of that before, but I have done so now.
@Olgierd Here's a sample:
Return-path <gmajnetm@n12.netmark.pl>
Received
from deliver ([unix socket]) by spool-host13.tpgi.com.au (Cyrus v2.4.13) with LMTPA; Tue, 14 Nov 2017 14:14:00 +1100
from n12.netmark.pl (n12.netmark.pl [188.40.131.151]) by mx2.tpgi.com.au (envelope-from gmajnetm@n12.netmark.pl) (8.14.3/8.14.3) with ESMTP id vAE3Dr5H015853 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <xxxxxxx@tpg.com.au>; Tue, 14 Nov 2017 14:13:58 +1100
from gmajnetm by n12.netmark.pl with local (Exim 4.87) (envelope-from <gmajnetm@n12.netmark.pl>) id 1eERfc-00010Y-1u for xxxxxxx@tpg.com.au; Tue, 14 Nov 2017 04:13:52 +0100
X-tpg-junk-checked Yes
X-tpg-junk-status score=4.2 tests=DCC_CHECK,HTML_MESSAGE,RCVD_IN_BRBL_LASTEXT,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,R_URI_1,SARE_ADLTSUB2
X-tpg-junk-level ****
X-tpg-antivirus Passed
X-tpg-dnsbl Whitelisted
X-tpg-abuse host=n12.netmark.pl; ip=188.40.131.151; date=Tue, 14 Nov 2017 14:13:58 +1100
To xxxxxxxx@tpg.com.au
Subject I have a tender lips and tight ass
X-php-script ajantis.pl/ for 127.0.0.1
Date Tue, 14 Nov 2017 04:13:52 +0100
From "David H." <david.h@ajantis.pl>
Message-id <17a0c77743289f5ac913c9c2a8ffc4fb@ajantis.pl>
X-mailer PHPMailer 5.2.23 (https://github.com/PHPMailer/PHPMailer)
Mime-version 1.0
Content-type multipart/alternative; boundary="b1_17a0c77743289f5ac913c9c2a8ffc4fb"
Content-transfer-encoding 8bit
X-antiabuse
This header was added to track abuse, please include it with any abuse report
Primary Hostname - n12.netmark.pl
Original Domain - tpg.com.au
Originator/Caller UID/GID - [520 516] / [47 12]
Sender Address Domain - n12.netmark.pl
X-get-message-sender-via n12.netmark.pl: authenticated_id: gmajnetm/from_h
X-authenticated-sender n12.netmark.pl: david.h@ajantis.pl
X-tpg-junk-result determined as NOT junk email, not even with a high detection setting
Your server marked message with X-tpg-junk-status score=4.2 what is good. Try to contact with your email hosting provider to change levels of spam. I may servers I can do this per mail addresses and postamster may be able to do this also for you. You may have levels like up 5 points - no spam, from 5-10 soft spam ( message with subject changed) and above 10 pints - spam message discard. If postmaster would change first level to 4 - no spam you would receive message marked as a spam in subject and you can easy created filter in outlook. you can implement some similar solution on local machine with some software but I would recommended ask server admin first.
It is easy to filter out these messages if you use a spam filter. Especially if you dont want to change your email address and go with a provider that has better spam filtering (mail.com, gmail)
There are also some excellent cloud-based spam filters you can use that analyze the contents of emails (Bayesian analysis) and will block emails such as the ones you are getting. I recommend SpamTitan, although there are many options.
There are also some excellent cloud-based spam filters you can use that analyze the contents of emails (Bayesian analysis) and will block emails such as the ones you are getting. I recommend SpamTitan, although there are many options.
As there are not too many of these messages, I'm loath to start paying for a spam filter.
I have contacted my ISP and they are looking into it. However, there was a slight problem when I forwarded all headers and message of a couple of them: their spam filter bounced it back to me because of inappropriate language :-)
So I have resent it, with all offending words removed, and I'm waiting to hear back from them.
I have contacted my ISP and they are looking into it. However, there was a slight problem when I forwarded all headers and message of a couple of them: their spam filter bounced it back to me because of inappropriate language :-)
So I have resent it, with all offending words removed, and I'm waiting to hear back from them.
I don't know which anti-spam utility TPG use. However, my query has now been elevated to the postmaster. One lives in hope.
Hopes dashed. TPG made some changes to my spam filter, which did not stop these messages, but stopped many legitimate emails. I have reversed all of them, and have not had any of the offending messages since. I suspect it's only a matter of time though until I'll get some more.
It does look as if I would have to spend money to get rid of them permanently, but as I've said before, that seems to be a waste of money. I do not get these messages that often, and they're only mildly offensive. If they come back, I'll just live with them.
I'll keep this open for another week or so.
It does look as if I would have to spend money to get rid of them permanently, but as I've said before, that seems to be a waste of money. I do not get these messages that often, and they're only mildly offensive. If they come back, I'll just live with them.
I'll keep this open for another week or so.
This is weird. It's now been a week since the last spam message. As fas as I can tell, all spam filter settings are the same as before. Yet, no more messages have come through, nor are they in spam. I can only assume that whichever idiot sent them has decided its not worth the hassle as I'm not responding.
I have given points to the comments that are most likely to be the solution to my vanished problem.
I have given points to the comments that are most likely to be the solution to my vanished problem.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Clients
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Word 2007 Inter… 197 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
$60 USD/year.
Works extremely well.