How to stop weird spam messages

hdhondt
hdhondt used Ask the Experts™
on
Lately I have been getting unusual spam, several times per week, and would like to know if there is any way of avoiding it.

The messages are always directly addressed to my own email address, they are always from a different sender, with different subject, different body text and a different link. I once tried clicking the link (on a public computer, not my own!) but the A/V prevented it, because it saw a threat.

While every message is different, they all have the same general format. I have attached two examples.
Example 1Example 2
Because every message is so different, I have not been able to filter them, neither on my ISP, nor in my email program (Operamail). I do not use any of the popular webmails like Gmail; instead my email is with TPG.com.au

Does anybody have any ideas that can filter this type of spam?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You might try https://SpamHero.com as a cheap + effective spam filtering service.

$60 USD/year.

Works extremely well.
AntzsInfrastructure Services

Commented:
Does your current email server hosting TPG.com.au have a Spam filtering in place?  If this is managed by the ISP, you may want to get to configure something on their end to block such spam emails.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Another alternative is to get a Mail.com account and pay the modest annual fee for forwarding. They have a top notch spam filter. I use mail.com myself.

Or get your mail host to implement and set up Spam Assassin. That works well also.
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

Principal Software Engineer
Commented:
These messages look like they should be easily filtered by Bayesian filtering.  CRM223, SpamAssassin or any of the other commercial spam filters should do the job.  (But if you're not hosting your own email server, this is a service that your ISP should be providing!)

If you're hosting your own MTA, odds are that when you examine the MTA log and look at the IP addresses most of this will be found to be not coming from where it purports to be sourced, but instead from server farms and less-reputable countries outside the US.  On linux, iptables can be used to lock out troublesome areas (Asia, Russia, Africa, South America) and the major spam-tolerant server farms such as godaddy and digitalocean hosting.
Olgierd UngehojerSenior Network Administrator

Commented:
Can you post one header of the message and source of the body ? Try to install ESET Smart Security on local machine and check how it would work  for you.
@Antzs yes, TPG have a spam filter, which is enabled. Apart from the built-in filters, I can specify addresses or domains (useless in this case) and I can specify filters using field values - again of no use for these emails.

However, you have prompted me to contact TPG and see if they can suggest something. I should have thought of that before, but I have done so now.

@Olgierd Here's a sample:

Return-path  <gmajnetm@n12.netmark.pl>
Received
from deliver ([unix socket]) by spool-host13.tpgi.com.au (Cyrus v2.4.13) with LMTPA; Tue, 14 Nov 2017 14:14:00 +1100
from n12.netmark.pl (n12.netmark.pl [188.40.131.151]) by mx2.tpgi.com.au (envelope-from gmajnetm@n12.netmark.pl) (8.14.3/8.14.3) with ESMTP id vAE3Dr5H015853 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <xxxxxxx@tpg.com.au>; Tue, 14 Nov 2017 14:13:58 +1100
from gmajnetm by n12.netmark.pl with local (Exim 4.87) (envelope-from <gmajnetm@n12.netmark.pl>) id 1eERfc-00010Y-1u for xxxxxxx@tpg.com.au; Tue, 14 Nov 2017 04:13:52 +0100

X-tpg-junk-checked  Yes
X-tpg-junk-status  score=4.2 tests=DCC_CHECK,HTML_MESSAGE,RCVD_IN_BRBL_LASTEXT,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,R_URI_1,SARE_ADLTSUB2
X-tpg-junk-level  ****
X-tpg-antivirus  Passed
X-tpg-dnsbl  Whitelisted
X-tpg-abuse  host=n12.netmark.pl; ip=188.40.131.151; date=Tue, 14 Nov 2017 14:13:58 +1100
To  xxxxxxxx@tpg.com.au
Subject  I have a tender lips and tight ass
X-php-script  ajantis.pl/ for 127.0.0.1
Date  Tue, 14 Nov 2017 04:13:52 +0100
From  "David H." <david.h@ajantis.pl>
Message-id  <17a0c77743289f5ac913c9c2a8ffc4fb@ajantis.pl>
X-mailer  PHPMailer 5.2.23 (https://github.com/PHPMailer/PHPMailer)
Mime-version  1.0
Content-type  multipart/alternative; boundary="b1_17a0c77743289f5ac913c9c2a8ffc4fb"
Content-transfer-encoding  8bit
X-antiabuse
This header was added to track abuse, please include it with any abuse report
Primary Hostname - n12.netmark.pl
Original Domain - tpg.com.au
Originator/Caller UID/GID - [520 516] / [47 12]
Sender Address Domain - n12.netmark.pl

X-get-message-sender-via  n12.netmark.pl: authenticated_id: gmajnetm/from_h
X-authenticated-sender  n12.netmark.pl: david.h@ajantis.pl
X-tpg-junk-result  determined as NOT junk email, not even with a high detection setting

Open in new window

Olgierd UngehojerSenior Network Administrator

Commented:
Your server marked message with X-tpg-junk-status  score=4.2 what is good. Try to contact with your email hosting provider to change levels of spam. I may servers I can do this per mail addresses and postamster may be able to do this also for you. You may have levels like up 5 points - no spam, from 5-10 soft spam ( message with subject changed) and above 10 pints  - spam message discard. If postmaster would change first level to 4 - no spam you would receive message marked as a spam in subject and you can easy created filter in outlook. you can implement some similar solution on local machine with some software but I would recommended ask server admin first.
I have contacted TPG and will post their response when I receive it.
Steve AlderEditor
Commented:
It is easy to filter out these messages if you use a spam filter. Especially if you dont want to change your email address and go with a provider that has better spam filtering (mail.com, gmail)

There are also some excellent cloud-based spam filters you can use that analyze the contents of emails (Bayesian analysis) and will block emails such as the ones you are getting. I recommend SpamTitan, although there are many options.
As there are not too many of these messages, I'm loath to start paying for a spam filter.

I have contacted my ISP and they are looking into it. However, there was a slight problem when I forwarded all headers and message of a couple of them: their spam filter bounced it back to me because of inappropriate language :-)

So I have resent it, with all offending words removed, and I'm waiting to hear back from them.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Ask them what they have in place. Do they have Spam Assassin?
I don't know which anti-spam utility TPG use. However, my query has now been elevated to the postmaster. One lives in hope.
Hopes dashed. TPG made some changes to my spam filter, which did not stop these messages, but stopped many legitimate emails. I have reversed all of them, and have not had any of the offending messages since. I suspect it's only a matter of time though until I'll get some more.

It does look as if I would have to spend money to get rid of them permanently, but as I've said before, that seems to be a waste of money. I do not get these messages that often, and they're only mildly offensive. If they come back, I'll just live with them.

I'll keep this open for another week or so.
This is weird. It's now been a week since the last spam message. As fas as I can tell, all spam filter settings are the same as before. Yet, no more messages have come through, nor are they in spam. I can only assume that whichever idiot sent them has decided its not worth the hassle as I'm not responding.

I have given points to the comments that are most likely to be the solution to my vanished problem.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial