Anyone else having issues with spam showing up in the Xtra Webmail inbox?

Forums › Spark New Zealand (including Skinny and BigPipe) › Anyone else having issues with spam showing up in the Xtra Webmail inbox?

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 20

63 posts

Master Geek
+1 received by user: 5

#1965440 28-Feb-2018 00:01

Oblivian:

Dare I say it. ~7 days without some

SPF checks enabled finally? :)

It has been quiet here too, but I have still seen the occasional ~~whinge~~ report on FB over the last week or so.

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#1966600 1-Mar-2018 16:32

Jinxed.

From same german mailer service as earlier example however.

Return-Path: <secure@newnotice.com>
Received: from 10.23.40.104 ([10.23.30.4])
by 10.23.40.246 with LMTP id YJkhHHdnl1qzdgAAOkX3FQ
; Thu, 01 Mar 2018 02:37:43 +0000
Received: from 10.23.30.45 ([10.23.30.4])
by 10.23.40.104 with LMTP id CLLFG3dnl1pyXQAAhZ2uYw
; Thu, 01 Mar 2018 02:37:43 +0000
Received: from xtra.co.nz ([10.23.30.4])
by 10.23.30.45 with LMTP id 4CvHE3dnl1phWQAAhKltoQ
; Thu, 01 Mar 2018 02:37:43 +0000
Received: from kmailer.gwdg.de ([134.76.11.26]) by mx.xtra.co.nz with ESMTP
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384
(256/256 bits)) id 5A976775-F3F10FC4@mta2305;
Thu, 01 Mar 2018 02:37:43 +0000
Received: from excmbx-24.um.gwdg.de ([134.76.9.234] helo=email.gwdg.de)
by mailer.gwdg.de with esmtp (Exim 4.80)
(envelope-from <secure@newnotice.com>)
id 1erE6D-0005dU-EH; Thu, 01 Mar 2018 03:37:37 +0100
Received: from 71-213-123-213.mnfd.qwest.net (71.213.123.213) by
EXCMBX-24.um.gwdg.de (134.76.9.234) with Microsoft SMTP Server
(version=TLS1_1, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id
15.1.1415.2; Thu, 1 Mar 2018 03:37:12 +0100
Message-ID: <1B1EA8FBF024089B47420BB377EA2A22@newnotice.com>
From: "Kiwibank <security@kiwibank.co.nz>" <secure@newnotice.com>
Subject: Account Locked
Date: Thu, 1 Mar 2018 15:37:08 +1300
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="6babce40c3dd36741e538a3ce65e"
To: Undisclosed recipients:;
X-Virus-Scanned: (clean) by clamav

--6babce40c3dd36741e538a3ce65e
Content-Type: text/plain; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

Account access=A0blocked due to a security violation.

Click Here To Restore Your Access

=A9 2018 - Kiwibank Security Notice

--6babce40c3dd36741e538a3ce65e
Content-Type: text/html; charset="windows-1251"
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD>
<META http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows=
-1251">
</HEAD>
<BODY><IMG title=3D"Kiwibank Secure Message" alt=3D"Kiwibank Secure Messa=
ge"=20
src=3D"https://www.ib.kiwibank.co.nz/mobile/images/logo-kiwibank.png">=20
<P></P>
<DIV>Account access blocked due to a security violation.</A></DIV>
<P></P>
<DIV class=3D"right buttonStyleRed"><A=20
title=3D"View messages from us or send a message to us"=20
href=3D"http://priyankasodhi.com/slideshow/error/hnop/firstpage.html">
<H4><STRONG>Click Here To Restore Your Access</STRONG></H4></A>=A9 2018 -=
Kiwibank=20
Security Notice</DIV></BODY></HTML>

--6babce40c3dd36741e538a3ce65e--

1101

3141 posts

Uber Geek
+1 received by user: 1143

#1967042 2-Mar-2018 13:47

I would presume spark are paying the minimum possible for this FREE email service

So, you get what you pay for.
Add to that, after all the yahoo(yahoo/extra) hacks, most xtra email's WILL be on spammers email lists
The hackers even got webmail contacts lists , with many more vaild email adresses for them to spam.
They got my email address from someone elses webmail contact list

So either live with crappy spam filtering , or move to another email service with better spam filters
No matter how much we complain, the issue will never go away.

Vodafone just gave up trying to filter spam , deciding it was easier & cheaper top close the FREE email a/c's than pay
for working spam filtering services :-)

lisati

63 posts

Master Geek
+1 received by user: 5

#1967143 2-Mar-2018 16:28

I sometimes wonder what's being blocked that those who have xtra email accounts aren't aware of. I noticed a post on Facebook the other day by someone who runs a mailing list - I gathe that pretty much all of the mail sent to xtra email addresses was "rejected" as spam.

I've also got my own domain, which is hosted with Spark Business Mail, on a similar platform to that used for xtra, but with access to a control panel that lets you see what's been coming and going. Not long after the move to SMX, I started noticing all sorts of stuff getting spaminated, including mail from various mailings lists I'd signed up for, and, believe it or not, non-deliverability reports. Thankfully there's a marginally more flexible range of whitelist and blacklist options. Must be time for me to scrounge together the $$$ to get a computer to use as email server and ditch the hosted service.

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#1967594 3-Mar-2018 17:49

1101:

I would presume spark are paying the minimum possible for this FREE email service

So, you get what you pay for.
Add to that, after all the yahoo(yahoo/extra) hacks, most xtra email's WILL be on spammers email lists
The hackers even got webmail contacts lists , with many more vaild email adresses for them to spam.
They got my email address from someone elses webmail contact list

So either live with crappy spam filtering , or move to another email service with better spam filters
No matter how much we complain, the issue will never go away.

Vodafone just gave up trying to filter spam , deciding it was easier & cheaper top close the FREE email a/c's than pay
for working spam filtering services :-)

If you mean me, Do you forget We've already repeatedly been over this on page 3 of this very thread and you were later surprised how the simplest back checks were apparently not even implemented?

I know its free. I don't use it for anything other than trapment, cryptic password wasn't leaked and not listed on any amipwned. It just a reallly old address with real names used so easy to name dictionary. Nor worried that it's getting spammed.

It's my honey pot to add technical data to reinforce the massive flaw in their service provider guaranteeing 99% spam protection on what is self proclaimed as the largest ISP in NZ. Where most of their complaints are on social media from those who aren't smart enough to a) hit report spam b) diagnose the most simplest flaws in the protection service

As per earlier request for some header information requested.

lisati

63 posts

Master Geek
+1 received by user: 5

#1967663 3-Mar-2018 21:57

I'm not convinced of the usefulness of the "mark as spam" option that I've seen - it requires you to actually open the email, and is a pain if there are multiple unwanted emails to report.

I find it much easier and much more useful to use the Habul plugin on Thunderbird to forward emails marked as junk to multiple reporting agencies such as Spamcop and the DIA. The downside is that Spark's outgoing spam filter often objects on the basis of spammy content, which is odd, since the incoming spam filter let it through in the first place.....An easy work around is to send the reports form another email account.

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#1997223 16-Apr-2018 18:26

And after a period, it seems gift cards are the flavour of the month. To some dodgy URL

telmadrobado sytes<dot>net

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#2016958 16-May-2018 15:40

Is anyone else seeing high levels of health benefit junk all of a sudden or am I just super unlucky.

Switched from vouchers with Dyndns links to heaps of .cf, .tk and .ga hosted health tips and magical remedy domains

The simple home remedy he's created has already helped 24,000 men and women to transform their cardiovascular health and make themselves practically
'immune' to hypertension in as
little as 17 days.

At first glance, you would think this was just a simple village of farmers and workers: Nothing special at all to see.

Well, you'd be wrong.
This village holds a secret far more shocking and incredible than scientists had ever dreamed of.
The secret to a life, 100% free from Alzheimer's and dementia.
In fact, for centuries this village has NEVER had a case of Alzheimer's or dementia, and scientists have just now realized why.

And no, my address isn't reported as pwned (yay cryptic non dictionary PWs) but the address "To" sure has been. Reported by a few people on forums around the traps about receiving heaps with the name attached.

Beginning to think reporting as spam function they added to the web interface is a placebo pill.

tdgeek

30048 posts

Uber Geek
+1 received by user: 9455

Trusted

Lifetime subscriber

#2016967 16-May-2018 15:47

Oblivian:

Is anyone else seeing high levels of health benefit junk all of a sudden or am I just super unlucky.

Switched from vouchers with Dyndns links to heaps of .cf, .tk and .ga hosted health tips and magical remedy domains

The simple home remedy he's created has already helped 24,000 men and women to transform their cardiovascular health and make themselves practically
'immune' to hypertension in as
little as 17 days.

At first glance, you would think this was just a simple village of farmers and workers: Nothing special at all to see.

Well, you'd be wrong.
This village holds a secret far more shocking and incredible than scientists had ever dreamed of.
The secret to a life, 100% free from Alzheimer's and dementia.
In fact, for centuries this village has NEVER had a case of Alzheimer's or dementia, and scientists have just now realized why.

And no, my address isn't reported as pwned (yay cryptic non dictionary PWs) but the address "To" sure has been. Reported by a few people on forums around the traps about receiving heaps with the name attached.

Beginning to think reporting as spam function they added to the web interface is a placebo pill.

I have just started getting spam all of a sudden so Im blacklisting them. The couple I checked were genuine Chinese shopping websites. Just now I got a blood pressure email referring to Alabama. Its a .tk. Most of the other spams were www.naver.com

I guess all I can do is blacklist them. I had some that all came from the same domain but different senders so blacklisting them is a pain, but they seem to have stopped

Edit, my todays health spam was the same as yours upon checking

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#2017337 17-May-2018 09:04

The number being reported you would hope Tokelau (nz registrar .tk) and Middle africa .cf should be easy to target :D

FineWine

3111 posts

Uber Geek
+1 received by user: 2440

Trusted

Nurse (R)

Lifetime subscriber

#2017489 17-May-2018 11:04

These just over the last 2 days.

amazon.surprise.tk

promo@amazon-surprise.ga

www.ibb.bnk.asbnz.store/asb1771/asb/

netteller27@asb.nz (info@redcaliente.com)

services@kmart.ml (trademe-nz.cf)

contact@pressure-remedy.tk

Been averaging 2-3 per day since 27 April

Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

Dyson

Shop now for Dyson appliances (affiliate link).

FineWine

3111 posts

Uber Geek
+1 received by user: 2440

Trusted

Nurse (R)

Lifetime subscriber

#2017625 17-May-2018 13:17

Since the 27 April with 3 today.

.gq = Equatorial Guinea

.ga = Gabon

.ml = Mali

.tk = Tokelau

.me = Montenegro

.cf = Central African Republic

.bid = ????

.edu.in = India

.io = British Indian Ocean Territory

Stuff.co.nz article from January 2018, Customers 'pummelled' with spam, Spark says surge to blame

so seems that we are having another surge this month.

Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

Oblivian

7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

#2017631 17-May-2018 13:30

I was going to link that and ask if it was the same. But it's not cell phone data cap level like that was

tdgeek

30048 posts

Uber Geek
+1 received by user: 9455

Trusted

Lifetime subscriber

#2017634 17-May-2018 13:36

I just got a New World survey and I almost would have taken it. I shop there, and globally no one will have heard f it, but then I thought I'll check this. a .cf

FineWine

3111 posts

Uber Geek
+1 received by user: 2440

Trusted

Nurse (R)

Lifetime subscriber

#2017712 17-May-2018 15:20

tdgeek:

I just got a New World survey and I almost would have taken it. I shop there, and globally no one will have heard f it, but then I thought I'll check this. a .cf

Forwarded mine to NewWorld as they have a page dedicated to Spam: Scam alert - keep safe online Their last entry is 18 April so this will be new to them. But place the email in a zip file first otherwise xtra.co.nz will not except it as their servers are now picking it up as spam. (spam training does work)

Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 20