Introspection of Header to block SPAM
I didn't see anything in TB's filtering/SPAM controls that would handle the following problem.
I recently started receiving a lot of spam, from different emails and/or domains. I've started digging into them and notice a common element in their source. They all show as coming from 'vpsnode12.webstudio.com' even thought the domain email and related IP address are different in each case
Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT)
So my question is, how can I create the eqivalent of a filter to make everything from 'vpsnode12.webstudio26.com' as SPAM since this is not exposed on the visibile message header or body.
Below is most of the whole source.
Thanks
From - Tue Sep 3 18:13:01 2019 X-Account-Key: account4 X-UIDL: UID139368-1101345959 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <pet.alliance-xxx=yyy.zzz@toi-imc.com> X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on db4.ehosting.ca X-Spam-Level: **** X-Spam-Status: No, score=4.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HTML_MESSAGE,MIME_QP_LONG_LINE,PYZOR_CHECK,RDNS_DYNAMIC, SPF_HELO_NONE,T_REMOTE_IMAGE,URIBL_ABUSE_SURBL,URIBL_BLOCKED shortcircuit=no autolearn=disabled version=3.4.1 X-Original-To: xxx@yyy.zzz Delivered-To: xxxyyy@ns4.i-mecca.net X-MES: 1.0 Received: from mail.toi-imc.com (vpsnode12.webstudio26.com [185.169.183.129]) by ns4.i-mecca.net (Postfix) with ESMTP id CE4144007A for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:09:01 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim; d=toi-imc.com;
h=Date:From:To:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; i=pet.alliance@toi-imc.com; bh=g+E7wJcuMdHPV4mu5TXqlFMyaRA=; b=CjOyDq2pUTx7RyxUFm8ffKzwMk4bhqMam42mlmtU3HHsPT9qsip2yZDAEd3nS+7Go1cIR+7MbCZz xqpohPduRvQu5rAm4s3WBHEymDacRZtMvU2biKXL99SkyUj70jtxgDRrazFwTDUs4aIQ5aY/lG8y RmfYgF4pcWzVFVrIvqA=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim; d=toi-imc.com;
b=TF0ZTMfGk5UOSvLuxjKXlYjYIwzioDE8zPhK1ibIGtrpIvY+PyMaCkUkG7QnmgOcFEY/WTfkut9e uL05V8oJo5X+Uewo0a2eIJZxpgSPeumbmWGfkXR7gKMGcYnHPkpUipJZsma3XNuQBSh2KkZtjFDJ V13dKvjKlybX9giRgDY=;
Received: by mail.toi-imc.com id hdri7s0001gv for <xxx@yyy.zzz>; Tue, 3 Sep 2019 18:05:46 -0400 (envelope-from <pet.alliance-xxx=yyy.zzz@toi-imc.com>) Date: Tue, 3 Sep 2019 18:05:46 -0400 From: "Pet Alliance" <pet.alliance@toi-imc.com> To: <xxx@yyy.zzz> Subject: Don't Look At Me That Way MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_334_1677202028.1567548326144" List-Unsubscribe: <http://www.toi-imc.com/8456d23g9B5WM89Q12vwJP11u48a0r21YtD4hfrDbwaYDibh8ErIx8dR0nKeQS6rG1J0V6d0JiJh/lodger-deplores> Message-ID: <0.0.0.3A.1D562A3BC9A6EBC.AF92C@mail.toi-imc.com>
=_Part_334_1677202028.1567548326144
Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit
Don't Look At Me That Way
Update Preferences- http://www.toi-imc.com/Falstaff-exhaustive/24c6K239Vk5N8L6A13o2205n9o48a0w21ftD4hfrDbwaYDibh8ErIx8fR0nKeQS6L1uoS05BWiBh
=_Part_334_1677202028.1567548326144
Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable
=20 <meta charset='3D"UTF-8"'>=20 <meta content='3D"width=3Ddevice-width,' initial-scale="3D1.0," minimum-scale="=3D1.0," maximum-scale='3D1.0"' name='3D"viewport"'>=20 <title>Email</title>=20 <style type='3D"text/css"'>html { width:100%; height: auto; } body { background-color:#f8f8f8; -webkit-text-size-adjust:none; -ms-text-size-adjust:none; margin:0; padding:0; font-family: helvetica, sans-serif; font-size: 16px; line-height: 24px; color: #333333; } .ReadMsgBody { width:100%; background-color:#ffffff; } .ExternalClass { width:100%; background-color:#ffffff; } a { color:#308ed5; font-weight:400; } p { =20 } a:hover { color:#818181; font-weight:400; } table { border-collapse:collapse; table-layout:fixed; margin:0 auto; } html,body,table,td,a,span,div { -webkit-text-size-adjust:none; } a.appleFooter { =09 =09text-decoration: none; =20 } @media screen and (max-width: 525px) { body { width:auto !important; } =20 .title { font-size: 28px !important; } .padLR { padding-left: 20px !important; padding-right: 20px !important; } } =09</style>=20 =20 =20 <center>=20
Don't Look At Me That Way<= /strong>
=20 ...Semua Balasan (5)
Is this email continuing in the next 24 hours?
Hi Matt. Not sure what you mean by "continuing in the next 24 hours". I receive a lot of different SPAM emails but they keep changing the email address and/or domain name it's coming from.
My research has led me to believe that 'vpsnode12.webstudio26.com' is a known email relay for such nefarious acts. See https://sdf.org/?spammers.
So, to refine my query, if I am correct, how to flag a message as SPAM coming through a specific email relay.
DS256 said
So, to refine my query, if I am correct, how to flag a message as SPAM coming through a specific email relay.
In short you can not. However I just wondered what unsubscribing your email address from the mailing list would do.
Matt, I don't think I'd trust and 'unsubscribe' link from a SPAM email.
Update - I asked my domain/email provided ehosting.ca if they could don anything and they 'tweaked' there email server to block emails relayed through vpsnode12.webstudio26.com. Much reduced email now.