How to stop weird spam messages

Lately I have been getting unusual spam, several times per week, and would like to know if there is any way of avoiding it.

The messages are always directly addressed to my own email address, they are always from a different sender, with different subject, different body text and a different link. I once tried clicking the link (on a public computer, not my own!) but the A/V prevented it, because it saw a threat.

While every message is different, they all have the same general format. I have attached two examples.
Example 1Example 2
Because every message is so different, I have not been able to filter them, neither on my ISP, nor in my email program (Operamail). I do not use any of the popular webmails like Gmail; instead my email is with TPG.com.au

Does anybody have any ideas that can filter this type of spam?
LVL 40
hdhondtAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
You might try https://SpamHero.com as a cheap + effective spam filtering service.

$60 USD/year.

Works extremely well.
0
AntzsInfrastructure ServicesCommented:
Does your current email server hosting TPG.com.au have a Spam filtering in place?  If this is managed by the ISP, you may want to get to configure something on their end to block such spam emails.
0
JohnBusiness Consultant (Owner)Commented:
Another alternative is to get a Mail.com account and pay the modest annual fee for forwarding. They have a top notch spam filter. I use mail.com myself.

Or get your mail host to implement and set up Spam Assassin. That works well also.
0
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Dr. KlahnPrincipal Software EngineerCommented:
These messages look like they should be easily filtered by Bayesian filtering.  CRM223, SpamAssassin or any of the other commercial spam filters should do the job.  (But if you're not hosting your own email server, this is a service that your ISP should be providing!)

If you're hosting your own MTA, odds are that when you examine the MTA log and look at the IP addresses most of this will be found to be not coming from where it purports to be sourced, but instead from server farms and less-reputable countries outside the US.  On linux, iptables can be used to lock out troublesome areas (Asia, Russia, Africa, South America) and the major spam-tolerant server farms such as godaddy and digitalocean hosting.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Olgierd UngehojerSenior Network AdministratorCommented:
Can you post one header of the message and source of the body ? Try to install ESET Smart Security on local machine and check how it would work  for you.
0
hdhondtAuthor Commented:
@Antzs yes, TPG have a spam filter, which is enabled. Apart from the built-in filters, I can specify addresses or domains (useless in this case) and I can specify filters using field values - again of no use for these emails.

However, you have prompted me to contact TPG and see if they can suggest something. I should have thought of that before, but I have done so now.

@Olgierd Here's a sample:

Return-path  <gmajnetm@n12.netmark.pl>
Received
from deliver ([unix socket]) by spool-host13.tpgi.com.au (Cyrus v2.4.13) with LMTPA; Tue, 14 Nov 2017 14:14:00 +1100
from n12.netmark.pl (n12.netmark.pl [188.40.131.151]) by mx2.tpgi.com.au (envelope-from gmajnetm@n12.netmark.pl) (8.14.3/8.14.3) with ESMTP id vAE3Dr5H015853 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <xxxxxxx@tpg.com.au>; Tue, 14 Nov 2017 14:13:58 +1100
from gmajnetm by n12.netmark.pl with local (Exim 4.87) (envelope-from <gmajnetm@n12.netmark.pl>) id 1eERfc-00010Y-1u for xxxxxxx@tpg.com.au; Tue, 14 Nov 2017 04:13:52 +0100

X-tpg-junk-checked  Yes
X-tpg-junk-status  score=4.2 tests=DCC_CHECK,HTML_MESSAGE,RCVD_IN_BRBL_LASTEXT,RCVD_IN_DNSWL_NONE,RP_MATCHES_RCVD,R_URI_1,SARE_ADLTSUB2
X-tpg-junk-level  ****
X-tpg-antivirus  Passed
X-tpg-dnsbl  Whitelisted
X-tpg-abuse  host=n12.netmark.pl; ip=188.40.131.151; date=Tue, 14 Nov 2017 14:13:58 +1100
To  xxxxxxxx@tpg.com.au
Subject  I have a tender lips and tight ass
X-php-script  ajantis.pl/ for 127.0.0.1
Date  Tue, 14 Nov 2017 04:13:52 +0100
From  "David H." <david.h@ajantis.pl>
Message-id  <17a0c77743289f5ac913c9c2a8ffc4fb@ajantis.pl>
X-mailer  PHPMailer 5.2.23 (https://github.com/PHPMailer/PHPMailer)
Mime-version  1.0
Content-type  multipart/alternative; boundary="b1_17a0c77743289f5ac913c9c2a8ffc4fb"
Content-transfer-encoding  8bit
X-antiabuse
This header was added to track abuse, please include it with any abuse report
Primary Hostname - n12.netmark.pl
Original Domain - tpg.com.au
Originator/Caller UID/GID - [520 516] / [47 12]
Sender Address Domain - n12.netmark.pl

X-get-message-sender-via  n12.netmark.pl: authenticated_id: gmajnetm/from_h
X-authenticated-sender  n12.netmark.pl: david.h@ajantis.pl
X-tpg-junk-result  determined as NOT junk email, not even with a high detection setting

Open in new window

0
Olgierd UngehojerSenior Network AdministratorCommented:
Your server marked message with X-tpg-junk-status  score=4.2 what is good. Try to contact with your email hosting provider to change levels of spam. I may servers I can do this per mail addresses and postamster may be able to do this also for you. You may have levels like up 5 points - no spam, from 5-10 soft spam ( message with subject changed) and above 10 pints  - spam message discard. If postmaster would change first level to 4 - no spam you would receive message marked as a spam in subject and you can easy created filter in outlook. you can implement some similar solution on local machine with some software but I would recommended ask server admin first.
0
hdhondtAuthor Commented:
I have contacted TPG and will post their response when I receive it.
0
Steve AlderEditorCommented:
It is easy to filter out these messages if you use a spam filter. Especially if you dont want to change your email address and go with a provider that has better spam filtering (mail.com, gmail)

There are also some excellent cloud-based spam filters you can use that analyze the contents of emails (Bayesian analysis) and will block emails such as the ones you are getting. I recommend SpamTitan, although there are many options.
0
hdhondtAuthor Commented:
As there are not too many of these messages, I'm loath to start paying for a spam filter.

I have contacted my ISP and they are looking into it. However, there was a slight problem when I forwarded all headers and message of a couple of them: their spam filter bounced it back to me because of inappropriate language :-)

So I have resent it, with all offending words removed, and I'm waiting to hear back from them.
0
JohnBusiness Consultant (Owner)Commented:
Ask them what they have in place. Do they have Spam Assassin?
0
hdhondtAuthor Commented:
I don't know which anti-spam utility TPG use. However, my query has now been elevated to the postmaster. One lives in hope.
0
hdhondtAuthor Commented:
Hopes dashed. TPG made some changes to my spam filter, which did not stop these messages, but stopped many legitimate emails. I have reversed all of them, and have not had any of the offending messages since. I suspect it's only a matter of time though until I'll get some more.

It does look as if I would have to spend money to get rid of them permanently, but as I've said before, that seems to be a waste of money. I do not get these messages that often, and they're only mildly offensive. If they come back, I'll just live with them.

I'll keep this open for another week or so.
0
hdhondtAuthor Commented:
This is weird. It's now been a week since the last spam message. As fas as I can tell, all spam filter settings are the same as before. Yet, no more messages have come through, nor are they in spam. I can only assume that whichever idiot sent them has decided its not worth the hassle as I'm not responding.

I have given points to the comments that are most likely to be the solution to my vanished problem.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Clients

From novice to tech pro — start learning today.