Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
@joman @mdk @rstra @MC2035MC @meaganbaxter @kayos @13mo2 @skvanb @IG2 @MC2035MC
Thank you for flagging this and providing examples, please continue to flag the emails as spam so our filters can learn or email our spam team the headers at reportspam@shaw.ca. I will be engaging our email team to see if they have any open tickets on this issue or can make some adjustments.
Update Mar 4, 2021:
Our engineers have resolved this issue and our spam filters are working at 100%. Thank you for your patience.
-- Did Shaw stop filtering ? No. Some of my incoming E-ma...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
@joman -- Did Shaw stop filtering ?
No. Some of my incoming E-mail from McDonalds Canada and Petro-Points gets the "suspected spam" edit to the SUBJECT line.
> the same email is sent to 3 different email accounts at the same time
If the E-mail account of a friend of yours got compromised, the hacker could have "harvested" all the E-mail IDs from your friend's "contacts". Then, probably sometime later, the hacker would send their "spam" E-mail to 3 of those "harvested" IDs -- yours, and 2 others. Then, the hacker would take another 3 IDs, and send another "spam" E-mail to those next 3 victims.
Login to Shaw WebMail to enable/disable spam-filtering.
Yes!!! The junk mail filter has been letting a lot of spa...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
@joman Yes!!! The junk mail filter has been letting a lot of spam through to my inbox over the last couple of weeks. Good to know that I am not the only one.
It can be difficult to filter an E-mail message, based on...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
It can be difficult to filter an E-mail message, based on the wording in the E-mail.
Sample:
To: Recipients <direcciondedeportes@cerrolargo.gub.uy>
From: "Isabel Rosa " <direcciondedeportes@cerrolargo.gub.uy>
Date: Sun, 07 Feb 2021 13:00:30 -0800
Reply-To: charleswjacksonjunior12@gmail.com
Congratulations. $1, 000, 000 dollars was donated to you by Mr Charles W Jackson Jr, Kindly respond for more details to enable you to claim the 1,000,000.00 dollars that was donated to you Charles W Jackson Jr.
In this case:
- the E-mail really did originate from a (compromised?) E-mail ID of a government of Uruguay employee.
- the ID in the "Reply-To:" tag is distinctly different from the ID in the "From:" field.
- bad punctuation -- a "comma" instead of a "period" before "Kindly".
- bad grammar -- "you by Mr Charles" used once, and "you Charles" used once.
- no mention of "widow" of "African prince" with "millions" in a "suspense account".
- no mention of "please contact my solicitor".
- no reference to "shortened-URLs", e.g., http://bit.ly/spammers_tag_goes_here
So, it has some elements that are found in a "spam" E-mail, and it is missing some elements.
A friend has told me that their E-mail was "hacked", and I suspect that all their E-mail "contacts" were "harvested" by the spammers, including my E-mail ID. That made me a target for "spoofed" E-mail -- using a falsified "From:" line to reference my friend's ID, and the message was sent to my E-mail ID. The message was "I am travelling in Europe, and have lost my credit-card and passport. Send money, urgently".
Today has been really bad, almost like Shaw has turned of...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
@joman Today has been really bad, almost like Shaw has turned off the spam filter.
That’s what I suspect. Something has changed as it is a d...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
That’s what I suspect.
Something has changed as it is a day and night difference.
Yep, junk mail filter has been letting a lot of spam thro...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Yep, junk mail filter has been letting a lot of spam through lately. A lot more than before. Something has changed.
-- Something has changed. Spammers have their own work-...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
@kayos -- Something has changed.
Spammers have their own work-schedule, including "uptime" and "downtime". So, I think that it is possible that spammers are now "awake" (post-Xmas, post-SuperBowl-55, post-Xmas-on-the-beach in the southern hemisphere) and are generating more output.
Here's a screen-capture of messages received over the recent weekend:
Shaw's filters tagged 1 out of these messages -- a typical "advance-fee" fraudulent scheme.
Note the spurious "apostrophe" -- inserted to avoid matching "spammy" words.
Note that the spammer(s) did not include anything in the "body" of each message -- nothing for a spam-filter to pattern-match against. Their mistake!
Actually, my comment about an empty "body" of the spammer...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Actually, my comment about an empty "body" of the spammer's E-mail was not correct.
Instead, probably due to hand-crafting of the E-mail message, the markup for MIME-encoding is incorrect:
Content-Type: text/html;charset="utf-8"
Content-Transfer-Encoding: base64
X-CMAE-Envelope: MS4xfKygQDqDxzhgOI/ukUKpxb1m+UCfa9JuI33Ecierj6ZbB4sPvZ386s2wj633965CQSIimQubhllTUZDCFGmPgg48h/VyFPrw1LKGCrSza80i8EibbSSP
SpdX9stX58duh7QVu19S5J9Uc06FCkBiSkq6Wt2g7LdTlO3SKFtfE5zDEgRVgGIFrzNPHYS+sxJ2Ow==
PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7
Zm9udC1mYW1pbHk6QXJpYWwiPjxjZW50ZXI+77u/PGNlbnRlcj4NCg0KDQo8YSBocmVmPSJodHRw
czovL0NOTi1ORVdTLmItY2RuLm5ldC9DTk4tbmV3czEuaHRtbCI+PGltZyBzcmM9Imh0dHBzOi8v
Q05OLU5FV1MuYi1jZG4ubmV0L0QuT1oucG5nIj48L2E+DQo8L2NlbnRlcj4NCjxjZW50ZXI+DQo8
YSBocmVmPSJodHRwczovL0NOTi1ORVdTLmItY2RuLm5ldC9DTk4tbmV3czIuaHRtbCI+PGltZyBz
cmM9Imh0dHBzOi8vQ05OLU5FV1MuYi1jZG4ubmV0L291dC1ELk9aLnBuZyI+PC9hPg0KPC9jZW50
ZXI+DQoNCg==
Shaw WebMail does not decode that MIME-encoded text -- starting with "PGR" -- resulting in a "blank" appearance, when viewing the message.
By using: http://www.base64decode.net that block of text decodes to HTML that links to an image, and links to the spammer's web-page. Thus, the (decoded) "body" of the E-mail does not contain any words, e.g., "widow" & "prince" & "millions" & "African". So, the Shaw spam-filters have no possibility of detecting such "bad" words.
There seems to be only one spammer, or maybe, several users using the same technique: abusing Amazon's Elastic Cloud Service (ECS) to send their E-mail directly to Shaw's mail-server -- not sending their spam through the ECS' mail-server (where it possibly could be spam-filtered).
Doesn't matter, Shaw should be doing more to block Spam,...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
Doesn't matter, Shaw should be doing more to block Spam, It wasn't like this until a couple weeks ago and it wasn't like this before Christmas so your "schedule" idea is wrong.