My wife and I have been inundated with spam for the last few days (different spurious offers but always from the same source). Oddly, it started with both our email addresses; we rarely got spam before this. I suspect that our ISP has been hacked but I'll never know.

Our ISP (Spectrum, aka Time Warner) has an option in our webmail to block senders, but I don't know what to enter. It has to be an email address and I did enter the one in the Reply To field (see the default headers below). This has not been successful. What should I enter in our webmail preferences? Any other suggestions?

Reply-To: doxanam1@gtin.matarovilla.icu
Sender: ⁨marine-embassy-guard-association.promo4u.pro⁩
Content-Type: ⁨text/html⁩
X-Cmae-Envelope: ⁨MS4wfPux0ijNv8XlxypW1BFb5sIfOaroRK+6rU2FIH6MzrP0X2nDe4Kh1vYL3+Jy589cgsOJz5LJYhmBdUKOQ8W+gQVbLqKFCco/DXgEeQhfmDBIl/aBUZ32 d/x3COpWhJXe4OF82/ijgJDORc5UTQcoBKQIKM1Z4zshBA5Y+Ye9JZO0yAUmNuH9u3wasrF3aaOKb9wjIEJLR6Xq1Ww28Q0WoD5BIX4cUDb2DKCmqcD31rbP 2kwUaCDY6SzOIQ9YQVoct2yiEjulZZ9gpFZlcaWTNYIyukw0wyNmYcIF7I+23vg0v1LzEJD+qMr+OSROGUQndg==⁩
Received: ⁨from dnvrco-cmimta15 ([107.14.174.244]) by cdptpa-fep27.email.rr.com (InterMail vM.8.04.03.24 201-2389-100-172-20151028) with ESMTP id <20191130182805.SZPQ7378.cdptpa-fep27.email.rr.com@dnvrco-cmimta15> for <deleted by cyn>; Sat, 30 Nov 2019 18:28:05 +0000⁩
Received: ⁨from orkxsh.silverbackflow.com ([13.58.63.206]) by esmtp with ESMTP id b7SuiA5Ech1Afb7TQirCjH; Sat, 30 Nov 2019 18:28:05 +0000⁩
Received: ⁨from mta2.email.ulta.com () by esmtp with ESMTP id ya22gUsOIqaEdya23gRlsg; Sat, 30 Nov 2019 18:52:51 +0100⁩
Return-Path: ⁨<>⁩
Return-Path: ⁨<>⁩
Return-Path: ⁨<deleted by cyn>⁩
Return-Path: ⁨return@insidtimes.net⁩
Return-Path: ⁨<return@kalnearshow.club>⁩
⁨<20191130182805.SZPQ7378.cdptpa-fep27.email.rr.com@dnvrco-cmimta15>⁩

Instead of going through your ISP, you can set up a rule in Mail.app to immediately delete mail if "From" contains "⁨marine-embassy-guard-association" or even a portion thereof.

Otherwise, I guess your ISP is looking for <marine-embassy-guard-association.promo4u.pro⁩>, which looks like the sender.

My ISP requires a legitimate email such as spam@garbage.com. As an addendum, I just saw an email address (which I neglected to post) that comes from a specific company. I entered that with my webmail and we'll see what happens.

Oops! It didn't register that it wasn't ⁨marine-embassy-guard-association.promo4u.pro⁩ @ something.

Hmmm... You're not alone: ⁨marine-embassy-guard-association.promo4u.pro⁩ at DuckDuckGo

The Mail rule may work; it's worth trying.

Thanks, Artie. I used that marine-(etc.) name as a domain name, and the webmail site accepted it (it had rejected previous attempts that lacked @ something, but I hadn't tried this one). I set up a rule in Mail about this, so time will tell.

In the meantime, I took a look at some more info, but this time in Entourage. I have deleted my wife's email address. Maybe someone can interpret it:

Return-Path: <>
Received: from dnvrco-cmimta11 ([107.14.174.244])
by cdptpa-fep23.email.rr.com
(InterMail vM.8.04.03.24 201-2389-100-172-20151028) with ESMTP
id <20191130192143.QSPY7310.cdptpa-fep23.email.rr.com@dnvrco-cmimta11>
for <deleted by jchuzi>; Sat, 30 Nov 2019 19:21:43 +0000
Received: from jyimkurj.silverbackflow.com ([18.222.143.115])
by esmtp with ESMTP
id b8J2iyByCplz6b8JLiBjj4; Sat, 30 Nov 2019 19:21:43 +0000
Received: from mta2.email.ulta.com ()
by esmtp with ESMTP
id ya22gUsOIqaEdya23gRlsg; Sat, 30 Nov 2019 19:02:34 +0100
Reply-to: <doxanam1@gtin.matarovilla.icu>
Return-Path: <>
Return-Path: <deleted by jchuzi>
Return-Path: return@insidtimes.net
Return-Path: <return@kalnearshow.club>
Sender: marine-embassy-guard-association.promo4u.pro
Subject: =?UTF-8?B?SGF2ZSB5b3Ugb3IgYSBsb3ZlZCBvbmUgZGV2ZWxvcGVkIGNhbmNlciBhZnRlciB1c2luZyBSb3VuZHVwIHdlZWQga2lsbGVyID8/?=
To: deleted by cyn
Date: Mon, 21 Dec 2899 23:59:59 +0000 (EDT)
From: =?UTF-8?B?LSBBRyBBdHRvcm5leXM=?= <PEytBzf@zabiton.com>
Content-Type: text/html
X-CMAE-Envelope: MS4wfAbD02SfagEgVE4HlOVjT2LeyeSVvWq6QJc0gu/M2qcsi+qUefXGz8UyXkIjidpS91tUsY5lLc3wzaxo5nALkYCQUXjzJl9a7H4q1ArJD+66sIglEwjp
9+PWLOOOFIruoi0QJ2FRBrtb36rXH/VDKpRpnoihn6xx1E+P/UJuU8Qj
Message-Id: <20191130192143.QSPY7310.cdptpa-fep23.email.rr.com@dnvrco-cmimta11>

I've been using the Rule function in Apple Mail Preferences for years and have found that it works extremely well. I now have 15 rules, each containing 15 or 20 email addresses, and I get almost zero spam. I don't recall the last time I had to add an address to one of the Rules.

does blocking anything from silverbackflow.com help ?

I used my ISP webmail to block ⁨marine-embassy-guard-association.promo4u.pro and haven't received any spam since. Fingers crossed...

My ISP recognized this as a domain name but how do I determine a domain name from the list of stuff that I posted earlier? And, BTW, what does domain name mean?

For a compete explanation of a Domain Name see this Wikipedia article. Until recently it was fairly easy to identify a domain name by looking for the Generic Top Level Domains (.com, .net, .org, .edu, .info) and Country Code Top Level Domains (.us, .au, .de, .fi, .fr, .jp, .kr, etc. but recent changes in the rules have unleashed a plethora of Top Level Domain names which makes things much more difficult. The only thing I can suggest is looking for something that looks like a domain name or follows the @ symbol. The IP addresses in parenthesis are also a clue.

To fully understand this puzzle you also need to understand How To Read Email Headers. You might also try this email header analyzer which by-the-way flags silverbackflow.com as blacklisted so that should probably be the one you are attempting to eliminate.

I just jumped on the final "sender" as likely being the "from" in all of the spam, making a Mail.app rule easy to set up.

I received an unrelated spam email today and did just that. Setting up a rule to block it was really easy. In fact, after I clicked Apply Now, I got the satisfaction of seeing the offending message evaporate.

Thanks for those detailed articles, Joe. I'll have to spend some time digesting them.

Since you are Catalina, there may be an even easier way. While looking for something else related to Apple Mail, I ran across this.

Thanks for that link. Actually, I had discovered that method by accident. The only downside, for me, is that there is no option to delete the offending email immediately. That option is reserved for Rules.

It's for the morbidly curious.

I've been utilizing the Rule work in Apple Mail Preferences for quite a long time and have discovered that it works amazingly well. I presently have 15 standards, each containing 10 email locations, and I get just about zero spam. I don't review the last time I needed to add a location to one of the Rules.

A BIG WELCOME to FTM! I have been using Rules as well and so far get zero spam. I had considered getting Spam Sieve but now I don't feel that I need it.