An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#53005 - 11/30/19 09:52 AM how do I block this?
jchuzi Online


Registered: 08/04/09
Loc: New York State
My wife and I have been inundated with spam for the last few days (different spurious offers but always from the same source). Oddly, it started with both our email addresses; we rarely got spam before this. I suspect that our ISP has been hacked but I'll never know.

Our ISP (Spectrum, aka Time Warner) has an option in our webmail to block senders, but I don't know what to enter. It has to be an email address and I did enter the one in the Reply To field (see the default headers below). This has not been successful. What should I enter in our webmail preferences? Any other suggestions?

Reply-To: doxanam1@gtin.matarovilla.icu
Sender: ⁨marine-embassy-guard-association.promo4u.pro⁩
Content-Type: ⁨text/html⁩
X-Cmae-Envelope: ⁨MS4wfPux0ijNv8XlxypW1BFb5sIfOaroRK+6rU2FIH6MzrP0X2nDe4Kh1vYL3+Jy589cgsOJz5LJYhmBdUKOQ8W+gQVbLqKFCco/DXgEeQhfmDBIl/aBUZ32 d/x3COpWhJXe4OF82/ijgJDORc5UTQcoBKQIKM1Z4zshBA5Y+Ye9JZO0yAUmNuH9u3wasrF3aaOKb9wjIEJLR6Xq1Ww28Q0WoD5BIX4cUDb2DKCmqcD31rbP 2kwUaCDY6SzOIQ9YQVoct2yiEjulZZ9gpFZlcaWTNYIyukw0wyNmYcIF7I+23vg0v1LzEJD+qMr+OSROGUQndg==⁩
Received: ⁨from dnvrco-cmimta15 ([107.14.174.244]) by cdptpa-fep27.email.rr.com (InterMail vM.8.04.03.24 201-2389-100-172-20151028) with ESMTP id <20191130182805.SZPQ7378.cdptpa-fep27.email.rr.com@dnvrco-cmimta15> for <deleted by cyn>; Sat, 30 Nov 2019 18:28:05 +0000⁩
Received: ⁨from orkxsh.silverbackflow.com ([13.58.63.206]) by esmtp with ESMTP id b7SuiA5Ech1Afb7TQirCjH; Sat, 30 Nov 2019 18:28:05 +0000⁩
Received: ⁨from mta2.email.ulta.com () by esmtp with ESMTP id ya22gUsOIqaEdya23gRlsg; Sat, 30 Nov 2019 18:52:51 +0100⁩
Return-Path: ⁨<>⁩
Return-Path: ⁨<>⁩
Return-Path: ⁨<deleted by cyn>⁩
Return-Path: ⁨return@insidtimes.net⁩
Return-Path: ⁨<return@kalnearshow.club>⁩
⁨<20191130182805.SZPQ7378.cdptpa-fep27.email.rr.com@dnvrco-cmimta15>⁩


Edited by cyn (11/30/19 05:02 PM)
Edit Reason: Deleted two instances of jchuzi email address.
_________________________
Jon

OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#53006 - 11/30/19 09:57 AM Re: how do I block this? [Re: jchuzi]
artie505 Online


Registered: 08/04/09
Instead of going through your ISP, you can set up a rule in Mail.app to immediately delete mail if "From" contains "⁨marine-embassy-guard-association" or even a portion thereof.

Otherwise, I guess your ISP is looking for <marine-embassy-guard-association.promo4u.pro⁩>, which looks like the sender.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#53007 - 11/30/19 10:02 AM Re: how do I block this? [Re: artie505]
jchuzi Online


Registered: 08/04/09
Loc: New York State
My ISP requires a legitimate email such as spam@garbage.com. As an addendum, I just saw an email address (which I neglected to post) that comes from a specific company. I entered that with my webmail and we'll see what happens.
_________________________
Jon

OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#53008 - 11/30/19 10:10 AM Re: how do I block this? [Re: jchuzi]
artie505 Online


Registered: 08/04/09
Oops! It didn't register that it wasn't ⁨marine-embassy-guard-association.promo4u.pro⁩ @ something.

Hmmm... You're not alone: ⁨marine-embassy-guard-association.promo4u.pro⁩ at DuckDuckGo

The Mail rule may work; it's worth trying.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#53009 - 11/30/19 03:00 PM Re: how do I block this? [Re: artie505]
jchuzi Online


Registered: 08/04/09
Loc: New York State
Thanks, Artie. I used that marine-(etc.) name as a domain name, and the webmail site accepted it (it had rejected previous attempts that lacked @ something, but I hadn't tried this one). I set up a rule in Mail about this, so time will tell.

In the meantime, I took a look at some more info, but this time in Entourage. I have deleted my wife's email address. Maybe someone can interpret it:

Return-Path: <>
Received: from dnvrco-cmimta11 ([107.14.174.244])
by cdptpa-fep23.email.rr.com
(InterMail vM.8.04.03.24 201-2389-100-172-20151028) with ESMTP
id <20191130192143.QSPY7310.cdptpa-fep23.email.rr.com@dnvrco-cmimta11>
for <deleted by jchuzi>; Sat, 30 Nov 2019 19:21:43 +0000
Received: from jyimkurj.silverbackflow.com ([18.222.143.115])
by esmtp with ESMTP
id b8J2iyByCplz6b8JLiBjj4; Sat, 30 Nov 2019 19:21:43 +0000
Received: from mta2.email.ulta.com ()
by esmtp with ESMTP
id ya22gUsOIqaEdya23gRlsg; Sat, 30 Nov 2019 19:02:34 +0100
Reply-to: <doxanam1@gtin.matarovilla.icu>
Return-Path: <>
Return-Path: <deleted by jchuzi>
Return-Path: return@insidtimes.net
Return-Path: <return@kalnearshow.club>
Sender: marine-embassy-guard-association.promo4u.pro
Subject: =?UTF-8?B?SGF2ZSB5b3Ugb3IgYSBsb3ZlZCBvbmUgZGV2ZWxvcGVkIGNhbmNlciBhZnRlciB1c2luZyBSb3VuZHVwIHdlZWQga2lsbGVyID8/?=
To: deleted by cyn
Date: Mon, 21 Dec 2899 23:59:59 +0000 (EDT)
From: =?UTF-8?B?LSBBRyBBdHRvcm5leXM=?= <PEytBzf@zabiton.com>
Content-Type: text/html
X-CMAE-Envelope: MS4wfAbD02SfagEgVE4HlOVjT2LeyeSVvWq6QJc0gu/M2qcsi+qUefXGz8UyXkIjidpS91tUsY5lLc3wzaxo5nALkYCQUXjzJl9a7H4q1ArJD+66sIglEwjp
9+PWLOOOFIruoi0QJ2FRBrtb36rXH/VDKpRpnoihn6xx1E+P/UJuU8Qj
Message-Id: <20191130192143.QSPY7310.cdptpa-fep23.email.rr.com@dnvrco-cmimta11>


Edited by cyn (11/30/19 04:48 PM)
Edit Reason: Deleted the "To" address.
_________________________
Jon

OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#53010 - 11/30/19 03:40 PM Re: how do I block this? [Re: jchuzi]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: jchuzi
I set up a rule in Mail about this, so time will tell.

I've been using the Rule function in Apple Mail Preferences for years and have found that it works extremely well. I now have 15 rules, each containing 15 or 20 email addresses, and I get almost zero spam. I don't recall the last time I had to add an address to one of the Rules.


Edited by ryck (11/30/19 03:42 PM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS Mojave 10.14.6
Canon MX710 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 1TB LaCie USB-C
Carbon Copy Clone on 500GB OWC Mercury OTG Pro

Top
#53024 - 12/03/19 11:44 AM Re: how do I block this? [Re: ryck]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
does blocking anything from silverbackflow.com help ?
_________________________
I work for the Department of Redundancy Department

Top
#53025 - 12/03/19 12:09 PM Re: how do I block this? [Re: artie505]
jchuzi Online


Registered: 08/04/09
Loc: New York State
I used my ISP webmail to block ⁨marine-embassy-guard-association.promo4u.pro and haven't received any spam since. Fingers crossed...

My ISP recognized this as a domain name but how do I determine a domain name from the list of stuff that I posted earlier? And, BTW, what does domain name mean?


Edited by jchuzi (12/03/19 12:11 PM)
_________________________
Jon

OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#53028 - 12/04/19 10:04 AM Re: how do I block this? [Re: jchuzi]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: jchuzi
My ISP recognized this as a domain name but how do I determine a domain name from the list of stuff that I posted earlier? And, BTW, what does domain name mean?

For a compete explanation of a Domain Name see this Wikipedia article. Until recently it was fairly easy to identify a domain name by looking for the Generic Top Level Domains (.com, .net, .org, .edu, .info) and Country Code Top Level Domains (.us, .au, .de, .fi, .fr, .jp, .kr, etc. but recent changes in the rules have unleashed a plethora of Top Level Domain names which makes things much more difficult. The only thing I can suggest is looking for something that looks like a domain name or follows the @ symbol. The IP addresses in parenthesis are also a clue.

To fully understand this puzzle you also need to understand How To Read Email Headers. You might also try this email header analyzer which by-the-way flags silverbackflow.com as blacklisted so that should probably be the one you are attempting to eliminate.
_________________________
joemikeb • moderator

Top
#53029 - 12/04/19 10:10 AM Re: how do I block this? [Re: jchuzi]
artie505 Online


Registered: 08/04/09
I just jumped on the final "sender" as likely being the "from" in all of the spam, making a Mail.app rule easy to set up.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#53030 - 12/04/19 02:55 PM Re: how do I block this? [Re: artie505]
jchuzi Online


Registered: 08/04/09
Loc: New York State
Originally Posted By: artie505
I just jumped on the final "sender" as likely being the "from" in all of the spam, making a Mail.app rule easy to set up.
I received an unrelated spam email today and did just that. Setting up a rule to block it was really easy. In fact, after I clicked Apply Now, I got the satisfaction of seeing the offending message evaporate. cool
_________________________
Jon

OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top
#53031 - 12/04/19 03:02 PM Re: how do I block this? [Re: joemikeb]
jchuzi Online


Registered: 08/04/09
Loc: New York State
Thanks for those detailed articles, Joe. I'll have to spend some time digesting them.
_________________________
Jon

OS 10.14.6, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365

Top

Moderator:  alternaut, dianne, MacManiac