New Spam getting through my Spark xtra account

Forums › Spark New Zealand (including Skinny and BigPipe) › New Spam getting through my Spark xtra account

1 | ... | 10 | 11 | 12 | 13 | 14 | 15

cheshirecat

50 posts

Geek

#2718577 5-Jun-2021 12:04

eracode:

Anyone else noticed that the volume of spam seems to have tapered off a little in recent days?

I know that there were some improvements made to the system this week, so it's good to get some positive feedback even if it is only anecdotal evidence

AliExpress

Shop now on AliExpress (affiliate link).

FineWine

2971 posts

Uber Geek

Trusted

Nurse (R)

Lifetime subscriber

#2718669 5-Jun-2021 13:55

WT* is going on here

Just received this in my desktop mail. I have ****** out my address. The subject is "Subject: I'd love to feel your lips all over my skin right now. j5582"

Believe you me I have not sent this message.

NOT happy Jane 🤯

Mail Delivery System <mailer-daemon@kundenserver.de>
Mail delivery failed: returning message to sender
To: ********@xtra.co.nz

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error.

The following address failed:

********@xtra.co.nz:
SMTP error from remote server for GREETING command, host: mx.xtra.co.nz (210.55.143.33) reason: 554 5.7.1 Connection from 82.165.159.9 rejected due to an RBL match

--- The header of the original message is following. ---

Received: from localhost ([82.165.85.157]) by mrelayeu.kundenserver.de
(mreue010 [213.165.67.97]) with ESMTPSA (Nemesis) id 1M3lsh-1lp3WP38fD-000tSq
for <*********@xtra.co.nz>; Sat, 05 Jun 2021 02:41:02 +0200
To: *********@xtra.co.nz
Subject: I'd love to feel your lips all over my skin right now. j5582
Date: Sat, 5 Jun 2021 02:41:02 +0200
From: Sarinae9247 <**********@xtra.co.nz>
Message-ID: <582edf5fe9cd61c269e75a32e66518ba@hib-ev.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Provags-ID: V03:K1:uwpMt2ORz5IBn93p9e3f4pGETnTL39HKlbN21Uaiv8V0prCaUxQ
j3ieTkHmEXX4PRFWMrbk1XL+c7MAqAEoVrxw5Mipu/jXpEJXj/Gtuz53tGxHZVuZsA/2fJT
vanibkb1BM732PcGdVAPacyskrpHq394qfwfI/s16HdMAIgNPQBb8y7qGqMyA5cRyWkK5yA
sdRxkbhl820bmwpp7UGYg==
X-Spam-Flag: YES
X-UI-Out-Filterresults: junk:10;V03:K0:kn7bKWNizOQ=:GPSuP5mE4o7aeuKUo0wG5A15
T0FTknLGO5uu57TesL5oLOWfZkFG57Tp8URzbigH/FdEDaW3fbKYLI11gvTX72bga8UrfF5im
SohzbDkzpadBGJDuUlnrH0BXmQkst8yNIsGXOZVCeDbquzp8gf7JKiA9LOJycX4RPwd72UZT+
uJIGMOh+G2Nb2mdyQep6/aiKhCJR+WFykibp6pijKJDAMFveBpZLGcRj5F605OHgKfU0XuFRk
REr3uliVM3Pqqw4o55iYcFkO3SPVDnwIAYMZO2FRucR6uSHP8XHVpP9nS9r7/GCDGV2hy1/Bx
qZkcbuHFB8W28sahY3Z0sBeBBOkkMjHcVAzGBtJZ5yq0p0a5a9brLXePilPibELfD93ImiEXW
UMemAkvvttlytrYXq0b5mAY9Lb4qy4pvtM5/aqL8MDL17gp7p5AdcTYFQpXuCEFWjvatl+g/M
iX9VC2k5ee/JDttSXwd2zRsCJ4f4RwKviQAclCH8CUy10GDs3U71Uiu3xwZYhZ+oYYluagvvX
/M69ollO8g1QznXobOXTv9XUFJ0YLB6uXoFSHme9EzIYXAyZDt6dcbWR7oFhBESOAjOe/qDoj
Fi74sfvzimmF5VMCaOg6puYQJG9xuZ2a

Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

cheshirecat

50 posts

Geek

#2718696 5-Jun-2021 15:26

FineWine:

Just received this in my desktop mail. I have ****** out my address. The subject is "Subject: I'd love to feel your lips all over my skin right now. j5582"

Believe you me I have not sent this message.

This is what is called "Spam Blowback" and is the result of two things -

Someone forging your email address as the "Envelope Sender" on an email, and
A poorly configured mail server elsewhere on the internet

The original email was faked as being from you to you, and injected at this German mail server (which might be incorrectly accepting 3rd-party relay messages). This tried to deliver to Xtra, which correctly rejected it as being spam (on a blacklist). However, the third party then generated an NDR (non-delivery receipt) notification containing the entire message and sent it to the purported sender (I.E., you, since they forged your email address as the Envelope sender). This resulted in you receiving the spam headers as it was then from the mail server.

Filtering NDRs is difficult because it's programmatically hard to tell a spam-blowback one from a real one. Best practice is for the mail server to not send them out if a message look spammy, but many mail servers don't do this.

TLDR is that of course you didn't send it; some spammer is forging your email address and this is a remote mailserver being tricked into sending you a nondelivery message.

FineWine

2971 posts

Uber Geek

Trusted

Nurse (R)

Lifetime subscriber

#2718703 5-Jun-2021 16:27

@cheshirecat

Thank you for your comprehensive reply - all good information. Just prior to your post I received a reply from Spark.

Thank you bringing this issue to our attention.

Observing the issue that's happening, this looks like a case of Spoofing or someone has been 'spoofing' your email address. This means someone has forged an email to make it appear to have come from you, to hide its true origin. Spoofing is used by virus authors and senders of spam. If anything, spoofing is more of a nuisance to you than a danger.

If the message contained an infected attachment (such as .zip file) from a known email virus or worm, Spark's anti-virus filter would have removed any infection before it arrived in your mailbox. If you receive any more of these messages, please ignore and delete them.

While spoofing an email address does not require access to an account, for your account's security, it's best to update your password. You can do that by following the instructions here: http://www.spark.co.nz/help/get-more/xtra/reset-xtra-password/

Please accept our apology for this difficulty.

Thanks

Antonio Jr
Online Faults

Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

FineWine

2971 posts

Uber Geek

Trusted

Nurse (R)

Lifetime subscriber

#2902409 14-Apr-2022 15:12

It is that time again where reoccurring SAME spam is getting through to my home computer even though I regularly go into the Spark xtra mail server and 'Blacklist' and 'Spam'.

These reoccurring SAME spam are all concerning "Mcλfεε Antivirus Protection subscription" at least once a day and sometimes twice.

It seems the Spark xtra mail server algorithms are slacking off on the job again.

--------------------------------------

On an opposite similar note.

The Spark xtra mail server is being OVER zealous and spamming email it should not. I believe this may have something to do with large mail lists. These emails come from a legitimate sender: Steve from Flicks <team@flicks.co.nz.>

I have created a filter rule and have entered this address into my server side email address book and filtering facility. But to no avail.

How does one "UNspam" (white list) an email address server side ??

Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

PolicyGuy

1708 posts

Uber Geek

ID Verified

Lifetime subscriber

#2902423 14-Apr-2022 15:36

Yes, two or three messages a day from "Support <various email addresses>" about renewing my McAfee anti-virus (which I don't have) on my Xtra email address. Not on any of my other email addresses.

Sigh

lisati

63 posts

Master Geek

#2902426 14-Apr-2022 15:42

What I was told by Spark a couple of years ago was that adding an email address as a contact via webmail would help avoid spaminatint emails to/from that address.

As for the annoying McAfee emails, Spamcop has picked ovh.net as the people to hassle for the emails I've submitted.

cheshirecat

50 posts

Geek

#2902447 14-Apr-2022 16:28

Adding an email address to your contact list/address book in the Xtramail web interface will implicitly whitelist it for spam, so it should never be mis-classified after that.

Although some spam is unfortunately getting through, in the gap between spamming starting and the pattern recognition triggering, you should see how much is blocked...

1 | ... | 10 | 11 | 12 | 13 | 14 | 15