Jump to solution

Did Shaw stop filtering the shaw.ca emails for junkmail?

joman
Grasshopper

Not sure if others have noticed, but in the last weeks all of my Shaw email addresses are getting hit with daily Spam/Junkmail. These emails are also suspect as the same email is sent to 3 different email accounts at the same time, so it's not from me registering at a site where email is required.

I have been a Shaw email user for decades and I rarely receive junkmail messages, but now they are non-stop to all of my accounts.

I logged into Shaw Customer Care and I no longer see any junkmail settings or filters, so was wondering if maybe Shaw discontinued this service.

Thanks!

Labels (1)
1 Solution

Accepted Solutions
Jump to solution

Thank you for flagging this and providing examples, pleas...

shaw-tony
Moderator
Moderator

@joman @mdk @rstra @MC2035MC @meaganbaxter @kayos @13mo2 @skvanb @IG2 @MC2035MC 

Thank you for flagging this and providing examples, please continue to flag the emails as spam so our filters can learn or email our spam team the headers at reportspam@shaw.ca. I will be engaging our email team to see if they have any open tickets on this issue or can make some adjustments.

Update Mar 4, 2021:

Our engineers have resolved this issue and our spam filters are working at 100%. Thank you for your patience.

View solution in original post

Reply
Loading...
116 Replies
Jump to solution

-- Did Shaw stop filtering ? No. Some of my incoming E-ma...

mdk
Legendary Grand Master

@joman -- Did Shaw stop filtering ?

No. Some of my incoming E-mail from McDonalds Canada and Petro-Points gets the "suspected spam" edit to the SUBJECT line.

> the same email is sent to 3 different email accounts at the same time

If the E-mail account of a friend of yours got compromised, the hacker could have "harvested" all the E-mail IDs from your friend's "contacts". Then, probably sometime later, the hacker would send their "spam" E-mail to 3 of those "harvested" IDs -- yours, and 2 others. Then, the hacker would take another 3 IDs, and send another "spam" E-mail to those next 3 victims.

Login to Shaw WebMail to enable/disable spam-filtering.

 

 

 

Reply
Loading...
Jump to solution

Yes!!! The junk mail filter has been letting a lot of spa...

rstra
Grand Master

@joman Yes!!! The junk mail filter has been letting a lot of spam through to my inbox over the last couple of weeks. Good to know that I am not the only one. 

Reply
Loading...
Jump to solution

It can be difficult to filter an E-mail message, based on...

mdk
Legendary Grand Master

It can be difficult to filter an E-mail message, based on the wording in the E-mail.

Sample:

To: Recipients <direcciondedeportes@cerrolargo.gub.uy>
From: "Isabel Rosa " <direcciondedeportes@cerrolargo.gub.uy>
Date: Sun, 07 Feb 2021 13:00:30 -0800
Reply-To: charleswjacksonjunior12@gmail.com

Congratulations. $1, 000, 000 dollars was donated to you by Mr Charles W Jackson Jr, Kindly respond for more details to enable you to claim the 1,000,000.00 dollars that was donated to you Charles W Jackson Jr.

In this case:

  1. the E-mail really did originate from a (compromised?) E-mail ID of a government of Uruguay employee.
  2. the ID in the "Reply-To:" tag is distinctly different from the ID in the "From:" field.
  3. bad punctuation -- a "comma" instead of a "period" before "Kindly".
  4. bad grammar -- "you by Mr Charles" used once, and "you Charles" used once.
  5. no mention of "widow" of "African prince" with "millions" in a "suspense account".
  6. no mention of "please contact my solicitor".
  7. no reference to "shortened-URLs", e.g., http://bit.ly/spammers_tag_goes_here

So, it has some elements that are found in a "spam" E-mail, and it is missing some elements.

A friend has told me that their E-mail was "hacked", and I suspect that all their E-mail "contacts" were "harvested" by the spammers, including my E-mail ID. That made me a target for "spoofed" E-mail -- using a falsified "From:" line to reference my friend's ID, and the message was sent to my E-mail ID. The message was "I am travelling in Europe, and have lost my credit-card and passport. Send money, urgently".

 

 

 

 

0 Kudos
Reply
Loading...
Jump to solution

Today has been really bad, almost like Shaw has turned of...

rstra
Grand Master

@joman Today has been really bad, almost like Shaw has turned off the spam filter.

Reply
Loading...
Jump to solution

That’s what I suspect. Something has changed as it is a d...

joman
Grasshopper

That’s what I suspect.
Something has changed as it is a day and night difference.

Reply
Loading...
Jump to solution

Yep, junk mail filter has been letting a lot of spam thro...

kayos
Grasshopper

Yep, junk mail filter has been letting a lot of spam through lately.   A lot more than before.  Something has changed.  

Reply
Loading...
Jump to solution

-- Something has changed. Spammers have their own work-...

mdk
Legendary Grand Master

@kayos -- Something has changed.  

Spammers have their own work-schedule, including "uptime" and "downtime".  So, I think that it is possible that spammers are now "awake" (post-Xmas, post-SuperBowl-55, post-Xmas-on-the-beach in the southern hemisphere) and are generating more output.

Here's a screen-capture of messages received over the recent weekend:

Capture.JPG

Shaw's filters tagged 1 out of these messages -- a typical "advance-fee" fraudulent scheme.

Note the spurious "apostrophe" -- inserted to avoid matching "spammy" words.

Note that the spammer(s) did not include anything in the "body" of each message -- nothing for a spam-filter to pattern-match against. Their mistake!

 

 

Reply
Loading...
Jump to solution

Actually, my comment about an empty "body" of the spammer...

mdk
Legendary Grand Master

Actually, my comment about an empty "body" of the spammer's E-mail was not correct.

Instead, probably due to hand-crafting of the E-mail message, the markup for MIME-encoding is incorrect:

Content-Type: text/html;charset="utf-8"
Content-Transfer-Encoding: base64
X-CMAE-Envelope: MS4xfKygQDqDxzhgOI/ukUKpxb1m+UCfa9JuI33Ecierj6ZbB4sPvZ386s2wj633965CQSIimQubhllTUZDCFGmPgg48h/VyFPrw1LKGCrSza80i8EibbSSP
SpdX9stX58duh7QVu19S5J9Uc06FCkBiSkq6Wt2g7LdTlO3SKFtfE5zDEgRVgGIFrzNPHYS+sxJ2Ow==

PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7
Zm9udC1mYW1pbHk6QXJpYWwiPjxjZW50ZXI+77u/PGNlbnRlcj4NCg0KDQo8YSBocmVmPSJodHRw
czovL0NOTi1ORVdTLmItY2RuLm5ldC9DTk4tbmV3czEuaHRtbCI+PGltZyBzcmM9Imh0dHBzOi8v
Q05OLU5FV1MuYi1jZG4ubmV0L0QuT1oucG5nIj48L2E+DQo8L2NlbnRlcj4NCjxjZW50ZXI+DQo8
YSBocmVmPSJodHRwczovL0NOTi1ORVdTLmItY2RuLm5ldC9DTk4tbmV3czIuaHRtbCI+PGltZyBz
cmM9Imh0dHBzOi8vQ05OLU5FV1MuYi1jZG4ubmV0L291dC1ELk9aLnBuZyI+PC9hPg0KPC9jZW50
ZXI+DQoNCg==

Shaw WebMail does not decode that MIME-encoded text -- starting with "PGR" -- resulting in a "blank" appearance, when viewing the message.

By using: http://www.base64decode.net that block of text decodes to HTML that links to an image, and links to the spammer's web-page.  Thus, the (decoded) "body" of the E-mail does not contain any words, e.g., "widow" & "prince" & "millions" & "African".  So, the Shaw spam-filters have no possibility of detecting such "bad" words.

 

There seems to be only one spammer, or maybe, several users using the same technique: abusing Amazon's Elastic Cloud Service (ECS) to send their E-mail directly to Shaw's mail-server -- not sending their spam through the ECS' mail-server (where it possibly could be spam-filtered).

 

 

0 Kudos
Reply
Loading...
Jump to solution

Doesn't matter, Shaw should be doing more to block Spam,...

kayos
Grasshopper

Doesn't matter, Shaw should be doing more to block Spam,  It wasn't like this until a couple weeks ago and it wasn't like this before Christmas so your "schedule" idea is wrong.

Reply
Loading...