Forum Discussion

drtynn's avatar
drtynn
Copper Contributor
Aug 09, 2023
Solved

How to block spam from uknown sender

Does anyone know how to block spam emails with a hidden sender? The text in the email is images, not text, so cannot set up a rule with text combinations. The sender of the e-mail is not listed. If I...
  • drtynn's avatar
    drtynn
    Sep 03, 2023
    After much trial and error I found a solution to the spam. TV 2 was hacked some years ago. You must make a rule: the message header contains "do not reply @ tv2 . no". Add action: Delete
HaroldSteptoe's avatar
HaroldSteptoe
Copper Contributor
Nov 02, 2023

drtynnThe person sending out this spam is mailto:email address removed for privacy reasons

 

To block people the way it was done by you or advised, isn't any good. You will end up will lots of rules to domains that will not exist after a few days, with enough spam reports.

 

Do not block DoNotReply or no-reply or noreply, bounce... because it's a waste of time. How many sites do you go on which emails you? Usually from a noreply type address. So, by doing what was suggested, may stop you getting receipts for online purchases, password resets etc.

 

Do not click on any unsubscribe links as 1) you are confirming your email address is active 2) the links will be the same for almost every link in the email. If you see a shortlink, paste it into an online short link expander, to get the real link, but again, don't visit it because it will be a phishing page or attempt to install malware. So, a Bit.ly link in the spam message will have many parameters, which will identify you so remove all the rubbish from the '#' and use that to expand the link: ex. https://bit.ly/3QX2oJc#/api/bla_bla_bla becomes https://bit.ly/3QX2oJc  (live link but reported for spam). You can go to Virus Total and paste that in the search bar, but you cannot send them via the Virus Total APIv3 because the virus software may block access to it.

Using the info below, you will help yourself and others receiving the same spam.

 

Report the spams to https://spamcop.net. Then report the URL's to https://virustotal.com

Next report the spam to the email address listed for spam https://search.arin.net/rdap/?query=MSFT&searchFilter=entity (as attachment).

Finally, as the IP and domain name to https://www.abuseipdb.com so they can help block it too.

Looking through your headers, you can see it has the mailto:abuse@netx.hosting address on https://ripe.net.

 

It seems this forum removes email addresses, so I used [@] and [.]

 

Regards,

 

Harold