Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

spam blocking

  • 9 replies
  • 0 have this problem
  • 32 views
  • Last reply by Toad-Hall

more options

I am being plagued by a spammer who spoofs the domain from which the mail shows to be sent. This spammer uses a very long (perhaps 64 characters) series of random letters for the domain, and every message has a different domain thus it's impossible to block the spam by blocking the sender because there are billions of permutations. I get 15 or 20 of these crap messages every day. They come approximately every hour. I have many, many hundreds of blocked addresses in my filter, but it's useless. They just keep coming.

I realize that I may lose a few valid messages, but I want to block any message where the sending domain is more than 50 characters. Is that possible? If not, is there an alternative solution?

 Thanks,
 John
I am being plagued by a spammer who spoofs the domain from which the mail shows to be sent. This spammer uses a very long (perhaps 64 characters) series of random letters for the domain, and every message has a different domain thus it's impossible to block the spam by blocking the sender because there are billions of permutations. I get 15 or 20 of these crap messages every day. They come approximately every hour. I have many, many hundreds of blocked addresses in my filter, but it's useless. They just keep coming. I realize that I may lose a few valid messages, but I want to block any message where the sending domain is more than 50 characters. Is that possible? If not, is there an alternative solution? Thanks, John

All Replies (9)

more options

I suggest a third-party product to keep the mail completely out of Thunderbird. There are many such products; I use Mailwasher and it's free for one account.

Helpful?

more options

Thanks, I do appreciate the suggestion, but that's not really what I'm looking for. Mailwasher wants me to look at the mail and mark the spam messages (confirm that the messages mailwasher has marked are spam are indeed spam).

To me, marking messages as spam in Mailwasher is not really any better than marking them as spam in Tbird.

There are effectively an infinite number of domain name permutations, so there's no way to use the name of the domain as a spam  identification methodology.

Again, I fully understand that I may loose some valid messages, but I want the ability to have *any* mail messages with domain names longer than a specified length limit to be discarded without my intervention.

Helpful?

more options

I'm not sure how my response got mangled, but I was saying that there are billions of domain name permutations, so identifying spam by looking at the domain name is ineffective.

Mailwasher would have to realize that two messages with completely different usernames and domain names that it has never seen before are both spam.

Helpful?

more options

fair enough. I find the opposite, that Mailwasher routinely marks suspicious mail as spam. However, Thunderbird does not do what you want, so I do encourage some experimentation with spam blockers. I do agree it is a messy problem.

Helpful?

more options

Thanks, David. I appreciate your response. This spammer is a really nasty one. He sends enormous volume with very difficult to block methods.

 I won't be driven off of my address by this jerk, but he's making it really difficult. 
 I'll follow your advice and keep looking.   I also asked the Mailwasher folks to contact me for further consultation.  Thanks for the lead!!!

Helpful?

more options

It would be helpful if you could post an image showing the following:

Select email then 'View' > 'Message Source'

It opens in a new window.

Edit anything that mentions your email address with a load of X's Then make window wide/big enough to display as much as possible. Create a screenshot and save it as a jpeg image. You may need to create more than one image. Upload the image to this forum question.

There may be other headers that can be used.

There s always the option of using 'From' and 'isn't in my address book', but it would mean you need to check the 'Junk' folder as good mail may get put into it. OR just make sure your address book is up to date. Also make sure the 'Account Settings' > 'Junk Settings' for account has all address books whitelisted.

Has any server spam filter eg: SpamAssassin set anything in the headers for those emails? If yes, then the 'Junk Settings' can be set to tell Thunderbird to trust those mail headers and to put those emails into Junk. OR those headers maybe something you use in the Message Filter.

Helpful?

more options

Up to now, I've mostly tried to rely on Tbird's adaptive mail filtering but it hasn't been effective. I've not tried Spam Assassin (will save the rationale for now, but I suspect it will be similar to Mailwasher)

I'm attaching a jpg of typical message header copied from a "view message source"

Helpful?

more options

I notice the 'Reply-to' is @byersstreet .com (I've just edited this by adding a space before the .com otherwise it looks like a link in the forum which is not desirable)

  • Message Filter called 'Kill Spam'
  • Select 'Manually Run'
  • Select Getting New Mail'
  • Select 'Filter after Junk Classification'

You could set up a Message Filter which does the following:

  • Select 'Match any of the following' - this allows you to add to this filter when you find new ones and so if email contains ANY of the conditions then dump in junk.
  • 'Reply-to' 'contains' type: byersstreet .com
  • 'Set Junk Status to' 'Junk'
  • 'Move to' > 'Junk on account name'
  • click on 'OK'

Note: Filters work in the order listed, so you may want it near the top, so no other filter can accidentally filter that email before this Kill Spam filter gets to work.

Make sure the filter is enabled.

You could select the filter and perform a 'Run Now' on your Inbox to see if it moves those emails to Junk. Then if you more of similar type but another 'Reply-to' domain then you can use this Message Filter . Simply Edit the Filter. Add a new 'Reply-to' line which 'contains' and type the domain - just the bit after the @ sign.

Modified by Toad-Hall

Helpful?

more options

I also notice source mentions this as well. - Received from countertop .com (byersstreet .com [80.97.42.221])

That IP address does belong to byersstreet .com located on Romania Someone owns that domain, but there's no info - no website etc - not surprised.

So they might try to use a 'Reply-to' which 'contains' countertop .com So you could add a second condition in that same 'Kill Spam' Message Filter. click on the small + sign to add another line 'Reply-to' 'contains' countertop .com

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.