Not sure if others have noticed, but in the last weeks all of my Shaw email addresses are getting hit with daily Spam/Junkmail. These emails are also suspect as the same email is sent to 3 different email accounts at the same time, so it's not from me registering at a site where email is required.
I have been a Shaw email user for decades and I rarely receive junkmail messages, but now they are non-stop to all of my accounts.
I logged into Shaw Customer Care and I no longer see any junkmail settings or filters, so was wondering if maybe Shaw discontinued this service.
Thanks!
Solved! Go to Solution.
@joman @mdk @rstra @MC2035MC @meaganbaxter @kayos @13mo2 @skvanb @IG2 @MC2035MC
Thank you for flagging this and providing examples, please continue to flag the emails as spam so our filters can learn or email our spam team the headers at reportspam@shaw.ca. I will be engaging our email team to see if they have any open tickets on this issue or can make some adjustments.
Update Mar 4, 2021:
Our engineers have resolved this issue and our spam filters are working at 100%. Thank you for your patience.
@joman -- Did Shaw stop filtering ?
No. Some of my incoming E-mail from McDonalds Canada and Petro-Points gets the "suspected spam" edit to the SUBJECT line.
> the same email is sent to 3 different email accounts at the same time
If the E-mail account of a friend of yours got compromised, the hacker could have "harvested" all the E-mail IDs from your friend's "contacts". Then, probably sometime later, the hacker would send their "spam" E-mail to 3 of those "harvested" IDs -- yours, and 2 others. Then, the hacker would take another 3 IDs, and send another "spam" E-mail to those next 3 victims.
Login to Shaw WebMail to enable/disable spam-filtering.
@joman Yes!!! The junk mail filter has been letting a lot of spam through to my inbox over the last couple of weeks. Good to know that I am not the only one.
It can be difficult to filter an E-mail message, based on the wording in the E-mail.
Sample:
To: Recipients <direcciondedeportes@cerrolargo.gub.uy>
From: "Isabel Rosa " <direcciondedeportes@cerrolargo.gub.uy>
Date: Sun, 07 Feb 2021 13:00:30 -0800
Reply-To: charleswjacksonjunior12@gmail.com
Congratulations. $1, 000, 000 dollars was donated to you by Mr Charles W Jackson Jr, Kindly respond for more details to enable you to claim the 1,000,000.00 dollars that was donated to you Charles W Jackson Jr.
In this case:
So, it has some elements that are found in a "spam" E-mail, and it is missing some elements.
A friend has told me that their E-mail was "hacked", and I suspect that all their E-mail "contacts" were "harvested" by the spammers, including my E-mail ID. That made me a target for "spoofed" E-mail -- using a falsified "From:" line to reference my friend's ID, and the message was sent to my E-mail ID. The message was "I am travelling in Europe, and have lost my credit-card and passport. Send money, urgently".
@joman Today has been really bad, almost like Shaw has turned off the spam filter.
That’s what I suspect.
Something has changed as it is a day and night difference.
Yep, junk mail filter has been letting a lot of spam through lately. A lot more than before. Something has changed.
@kayos -- Something has changed.
Spammers have their own work-schedule, including "uptime" and "downtime". So, I think that it is possible that spammers are now "awake" (post-Xmas, post-SuperBowl-55, post-Xmas-on-the-beach in the southern hemisphere) and are generating more output.
Here's a screen-capture of messages received over the recent weekend:
Shaw's filters tagged 1 out of these messages -- a typical "advance-fee" fraudulent scheme.
Note the spurious "apostrophe" -- inserted to avoid matching "spammy" words.
Note that the spammer(s) did not include anything in the "body" of each message -- nothing for a spam-filter to pattern-match against. Their mistake!
Actually, my comment about an empty "body" of the spammer's E-mail was not correct.
Instead, probably due to hand-crafting of the E-mail message, the markup for MIME-encoding is incorrect:
Content-Type: text/html;charset="utf-8"
Content-Transfer-Encoding: base64
X-CMAE-Envelope: MS4xfKygQDqDxzhgOI/ukUKpxb1m+UCfa9JuI33Ecierj6ZbB4sPvZ386s2wj633965CQSIimQubhllTUZDCFGmPgg48h/VyFPrw1LKGCrSza80i8EibbSSP
SpdX9stX58duh7QVu19S5J9Uc06FCkBiSkq6Wt2g7LdTlO3SKFtfE5zDEgRVgGIFrzNPHYS+sxJ2Ow==
PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7
Zm9udC1mYW1pbHk6QXJpYWwiPjxjZW50ZXI+77u/PGNlbnRlcj4NCg0KDQo8YSBocmVmPSJodHRw
czovL0NOTi1ORVdTLmItY2RuLm5ldC9DTk4tbmV3czEuaHRtbCI+PGltZyBzcmM9Imh0dHBzOi8v
Q05OLU5FV1MuYi1jZG4ubmV0L0QuT1oucG5nIj48L2E+DQo8L2NlbnRlcj4NCjxjZW50ZXI+DQo8
YSBocmVmPSJodHRwczovL0NOTi1ORVdTLmItY2RuLm5ldC9DTk4tbmV3czIuaHRtbCI+PGltZyBz
cmM9Imh0dHBzOi8vQ05OLU5FV1MuYi1jZG4ubmV0L291dC1ELk9aLnBuZyI+PC9hPg0KPC9jZW50
ZXI+DQoNCg==
Shaw WebMail does not decode that MIME-encoded text -- starting with "PGR" -- resulting in a "blank" appearance, when viewing the message.
By using: http://www.base64decode.net that block of text decodes to HTML that links to an image, and links to the spammer's web-page. Thus, the (decoded) "body" of the E-mail does not contain any words, e.g., "widow" & "prince" & "millions" & "African". So, the Shaw spam-filters have no possibility of detecting such "bad" words.
There seems to be only one spammer, or maybe, several users using the same technique: abusing Amazon's Elastic Cloud Service (ECS) to send their E-mail directly to Shaw's mail-server -- not sending their spam through the ECS' mail-server (where it possibly could be spam-filtered).
Doesn't matter, Shaw should be doing more to block Spam, It wasn't like this until a couple weeks ago and it wasn't like this before Christmas so your "schedule" idea is wrong.