An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
how do I block this?
#53005 11/30/19 05:52 PM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
My wife and I have been inundated with spam for the last few days (different spurious offers but always from the same source). Oddly, it started with both our email addresses; we rarely got spam before this. I suspect that our ISP has been hacked but I'll never know.

Our ISP (Spectrum, aka Time Warner) has an option in our webmail to block senders, but I don't know what to enter. It has to be an email address and I did enter the one in the Reply To field (see the default headers below). This has not been successful. What should I enter in our webmail preferences? Any other suggestions?

Reply-To: doxanam1@gtin.matarovilla.icu
Sender: ⁨marine-embassy-guard-association.promo4u.pro⁩
Content-Type: ⁨text/html⁩
X-Cmae-Envelope: ⁨MS4wfPux0ijNv8XlxypW1BFb5sIfOaroRK+6rU2FIH6MzrP0X2nDe4Kh1vYL3+Jy589cgsOJz5LJYhmBdUKOQ8W+gQVbLqKFCco/DXgEeQhfmDBIl/aBUZ32 d/x3COpWhJXe4OF82/ijgJDORc5UTQcoBKQIKM1Z4zshBA5Y+Ye9JZO0yAUmNuH9u3wasrF3aaOKb9wjIEJLR6Xq1Ww28Q0WoD5BIX4cUDb2DKCmqcD31rbP 2kwUaCDY6SzOIQ9YQVoct2yiEjulZZ9gpFZlcaWTNYIyukw0wyNmYcIF7I+23vg0v1LzEJD+qMr+OSROGUQndg==⁩
Received: ⁨from dnvrco-cmimta15 ([107.14.174.244]) by cdptpa-fep27.email.rr.com (InterMail vM.8.04.03.24 201-2389-100-172-20151028) with ESMTP id <20191130182805.SZPQ7378.cdptpa-fep27.email.rr.com@dnvrco-cmimta15> for <deleted by cyn>; Sat, 30 Nov 2019 18:28:05 +0000⁩
Received: ⁨from orkxsh.silverbackflow.com ([13.58.63.206]) by esmtp with ESMTP id b7SuiA5Ech1Afb7TQirCjH; Sat, 30 Nov 2019 18:28:05 +0000⁩
Received: ⁨from mta2.email.ulta.com () by esmtp with ESMTP id ya22gUsOIqaEdya23gRlsg; Sat, 30 Nov 2019 18:52:51 +0100⁩
Return-Path: ⁨<>⁩
Return-Path: ⁨<>⁩
Return-Path: ⁨<deleted by cyn>⁩
Return-Path: ⁨return@insidtimes.net⁩
Return-Path: ⁨<return@kalnearshow.club>⁩
⁨<20191130182805.SZPQ7378.cdptpa-fep27.email.rr.com@dnvrco-cmimta15>⁩

Last edited by cyn; 12/01/19 01:02 AM. Reason: Deleted two instances of jchuzi email address.

Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: how do I block this?
jchuzi #53006 11/30/19 05:57 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Instead of going through your ISP, you can set up a rule in Mail.app to immediately delete mail if "From" contains "⁨marine-embassy-guard-association" or even a portion thereof.

Otherwise, I guess your ISP is looking for <marine-embassy-guard-association.promo4u.pro⁩>, which looks like the sender.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: how do I block this?
artie505 #53007 11/30/19 06:02 PM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
My ISP requires a legitimate email such as spam@garbage.com. As an addendum, I just saw an email address (which I neglected to post) that comes from a specific company. I entered that with my webmail and we'll see what happens.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: how do I block this?
jchuzi #53008 11/30/19 06:10 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Oops! It didn't register that it wasn't ⁨marine-embassy-guard-association.promo4u.pro⁩ @ something.

Hmmm... You're not alone: ⁨marine-embassy-guard-association.promo4u.pro⁩ at DuckDuckGo

The Mail rule may work; it's worth trying.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: how do I block this?
artie505 #53009 11/30/19 11:00 PM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
Thanks, Artie. I used that marine-(etc.) name as a domain name, and the webmail site accepted it (it had rejected previous attempts that lacked @ something, but I hadn't tried this one). I set up a rule in Mail about this, so time will tell.

In the meantime, I took a look at some more info, but this time in Entourage. I have deleted my wife's email address. Maybe someone can interpret it:

Return-Path: <>
Received: from dnvrco-cmimta11 ([107.14.174.244])
by cdptpa-fep23.email.rr.com
(InterMail vM.8.04.03.24 201-2389-100-172-20151028) with ESMTP
id <20191130192143.QSPY7310.cdptpa-fep23.email.rr.com@dnvrco-cmimta11>
for <deleted by jchuzi>; Sat, 30 Nov 2019 19:21:43 +0000
Received: from jyimkurj.silverbackflow.com ([18.222.143.115])
by esmtp with ESMTP
id b8J2iyByCplz6b8JLiBjj4; Sat, 30 Nov 2019 19:21:43 +0000
Received: from mta2.email.ulta.com ()
by esmtp with ESMTP
id ya22gUsOIqaEdya23gRlsg; Sat, 30 Nov 2019 19:02:34 +0100
Reply-to: <doxanam1@gtin.matarovilla.icu>
Return-Path: <>
Return-Path: <deleted by jchuzi>
Return-Path: return@insidtimes.net
Return-Path: <return@kalnearshow.club>
Sender: marine-embassy-guard-association.promo4u.pro
Subject: =?UTF-8?B?SGF2ZSB5b3Ugb3IgYSBsb3ZlZCBvbmUgZGV2ZWxvcGVkIGNhbmNlciBhZnRlciB1c2luZyBSb3VuZHVwIHdlZWQga2lsbGVyID8/?=
To: deleted by cyn
Date: Mon, 21 Dec 2899 23:59:59 +0000 (EDT)
From: =?UTF-8?B?LSBBRyBBdHRvcm5leXM=?= <PEytBzf@zabiton.com>
Content-Type: text/html
X-CMAE-Envelope: MS4wfAbD02SfagEgVE4HlOVjT2LeyeSVvWq6QJc0gu/M2qcsi+qUefXGz8UyXkIjidpS91tUsY5lLc3wzaxo5nALkYCQUXjzJl9a7H4q1ArJD+66sIglEwjp
9+PWLOOOFIruoi0QJ2FRBrtb36rXH/VDKpRpnoihn6xx1E+P/UJuU8Qj
Message-Id: <20191130192143.QSPY7310.cdptpa-fep23.email.rr.com@dnvrco-cmimta11>

Last edited by cyn; 12/01/19 12:48 AM. Reason: Deleted the "To" address.

Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: how do I block this?
jchuzi #53010 11/30/19 11:40 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: jchuzi
I set up a rule in Mail about this, so time will tell.

I've been using the Rule function in Apple Mail Preferences for years and have found that it works extremely well. I now have 15 rules, each containing 15 or 20 email addresses, and I get almost zero spam. I don't recall the last time I had to add an address to one of the Rules.

Last edited by ryck; 11/30/19 11:42 PM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: how do I block this?
ryck #53024 12/03/19 07:44 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
does blocking anything from silverbackflow.com help ?


I work for the Department of Redundancy Department
Re: how do I block this?
artie505 #53025 12/03/19 08:09 PM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
I used my ISP webmail to block ⁨marine-embassy-guard-association.promo4u.pro and haven't received any spam since. Fingers crossed...

My ISP recognized this as a domain name but how do I determine a domain name from the list of stuff that I posted earlier? And, BTW, what does domain name mean?

Last edited by jchuzi; 12/03/19 08:11 PM.

Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: how do I block this?
jchuzi #53028 12/04/19 06:04 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: jchuzi
My ISP recognized this as a domain name but how do I determine a domain name from the list of stuff that I posted earlier? And, BTW, what does domain name mean?

For a compete explanation of a Domain Name see this Wikipedia article. Until recently it was fairly easy to identify a domain name by looking for the Generic Top Level Domains (.com, .net, .org, .edu, .info) and Country Code Top Level Domains (.us, .au, .de, .fi, .fr, .jp, .kr, etc. but recent changes in the rules have unleashed a plethora of Top Level Domain names which makes things much more difficult. The only thing I can suggest is looking for something that looks like a domain name or follows the @ symbol. The IP addresses in parenthesis are also a clue.

To fully understand this puzzle you also need to understand How To Read Email Headers. You might also try this email header analyzer which by-the-way flags silverbackflow.com as blacklisted so that should probably be the one you are attempting to eliminate.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: how do I block this?
jchuzi #53029 12/04/19 06:10 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I just jumped on the final "sender" as likely being the "from" in all of the spam, making a Mail.app rule easy to set up.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: how do I block this?
artie505 #53030 12/04/19 10:55 PM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
Originally Posted By: artie505
I just jumped on the final "sender" as likely being the "from" in all of the spam, making a Mail.app rule easy to set up.
I received an unrelated spam email today and did just that. Setting up a rule to block it was really easy. In fact, after I clicked Apply Now, I got the satisfaction of seeing the offending message evaporate. cool


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: how do I block this?
joemikeb #53031 12/04/19 11:02 PM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
Thanks for those detailed articles, Joe. I'll have to spend some time digesting them.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: how do I block this?
jchuzi #53229 12/29/19 08:25 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: jchuzi
Setting up a rule to block it was really easy. In fact, after I clicked Apply Now, I got the satisfaction of seeing the offending message evaporate. cool

Since you are Catalina, there may be an even easier way. While looking for something else related to Apple Mail, I ran across this.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: how do I block this?
ryck #53230 12/29/19 10:35 PM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
Thanks for that link. Actually, I had discovered that method by accident. The only downside, for me, is that there is no option to delete the offending email immediately. That option is reserved for Rules.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: how do I block this?
jchuzi #53232 12/29/19 11:10 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
It's for the morbidly curious.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: how do I block this?
jchuzi #53290 01/13/20 07:15 AM
Joined: Jan 2020
Banned
Offline
Banned

Joined: Jan 2020
I've been utilizing the Rule work in Apple Mail Preferences for quite a long time and have discovered that it works amazingly well. I presently have 15 standards, each containing 10 email locations, and I get just about zero spam. I don't review the last time I needed to add a location to one of the Rules.

Re: how do I block this?
Ashley #53293 01/13/20 09:55 AM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
A BIG WELCOME to FTM! I have been using Rules as well and so far get zero spam. I had considered getting Spam Sieve but now I don't feel that I need it.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.030s Queries: 48 (0.023s) Memory: 0.6611 MB (Peak: 0.7829 MB) Data Comp: Zlib Server Time: 2024-03-29 14:52:40 UTC
Valid HTML 5 and Valid CSS