Is anyone else getting multiple spam mail, probably 2 dozen today, from senders spoofing Shoppers Drug Mart, Walmart and Amazon? I have the the Shaw spam filters on, but they aren’t catching these emails. I go into webmail and mark them as spam, I hope that helps.
Solved! Go to Solution.
@cbmetzner @Oceansidegal @esham @BrutusB @dblinney @bkushner
We have another thread open regarding this issue. I'm currently engaged with our email team regarding this matter and will report updates on our main thread here.
Yep, both of my accounts are getting hit hard by it as well. I reported it and marked it all as spam so we will see if it helps. My Shaw email is one of the ones I DON'T give out because I don't want it to get inundated with Spam and it has been really clean up until the last 48 hours...
@rstra -- so far, I have received 14 of such messages, originating from several IP-addresses.
I sent a copy of one message, with full E-mail headers, to abuse@microsoft.com because the sending IP-address is allocated to Microsoft.
The repliy stated that the sending IP-address belongs to their Microsoft Azure cloud service, and they recommended that I send similar messages directly to: cert@microsoft.com
The hyperlink in the body of the E-mail points to a web-site that "redirects" to another web-site.
That second web-site (in Russia) redirects to the spammer's content.
Note that the body of the E-mail contains some invalid HTML markup, and that the spammer incorrectly spells "height" as "hight".
The text at the bottom of the body is in Swedish. It states that a person at the National Theater of Sweden is a well-known Shakespearean actor.
Uff da!
I'm on sasktel.net as I'm using Sasktel internet, yes last few days. I'm getting these emails as well. It really ticks me off that they trying to find a loophole. me too i marked them as spam and sent them to complaint.abuse@sasktel.net as well.
I have contacted:
Klaus Wolf IT-Service
Thomas Wolf
Eckherrstraße 10a
85737 Ismaning
Telefon : 08996208621
E-Mail : Info@twcmail.de
Website : http://twcmail.de
to inform them that a page on their web-site is being leveraged by the spammer(s).
If the web-page is removed, then clicking on the hyperlink in the spammer's message (a naïve thing to do!) will give an error-message.
Or, if the web-page is modified, a web-page stating "you should not have clicked on the spammer's hyperlink" could appear. Or, the page could redirect to: https://apwg.org -- the Anti-Phishing Working Group
Still getting them from CBD gummies, amazon, shoppers, keto and walmart. I set up filters to prevent those with ' and __ in the subject line as that's how they change it up to get in to your inbox. Why is this happening at an alarming rate - so many lately?
@Oceansidegal -- Why is this happening at an alarming rate - so many lately?
That is a question that you need to pose to the spammer(s), if you can locate them, and ask them why they came out of "hibernation". Their probable answer "we are being paid to spam you".
Deliberately, their unique IP-address never appears in the E-mail "headers". This makes it much more difficult to track them.
Much of the current "wave" of spam E-mail comes from servers operated by "AMAZON AWS" -- a pay-as-you-go service. Obviously, spammers do not care about Amazon's "Appropriate Usage Policy" within the contract that they signed, to "rent" services from Amazon.
The spammers are putting their images, and their web-pages, on other "legitimate" web-servers that are being exploited.
Most of the "spam" messages that I have recently received have: Reply-to: support@puredigitalprods.com
within the E-mail headers. I recommend that you add a spam-filter for this domain-name -- puredigitalprods.com
when present in the "headers" of the E-mail.
This domain-name was only recently registered:
Registrar WHOIS Server: whois.porkbun.com
Registrar URL: http://porkbun.com
Registrar: Porkbun LLC
Registrar Abuse Contact Email: abuse@porkbun.com
Registrar Abuse Contact Phone: 503-850-8351 [this area-code is in the area of Portland, Oregon]
Creation Date: 2020-12-04T00:44:27Z
Updated Date: 2020-12-04T00:44:27Z
Expiry Date: 2021-12-04T00:44:27Z
Note that this Registrar _only_ assisted in the registration of the domain-name. Probably, they are not "hosting" any services (such as web-site or mail-server) for the domain-name. In other words, this company also is a victim of the spammer(s).
So is that it?
I need to find out why spammers spam instead of shaw doing anything about it?
Surely an email provider can add those rules server side no?
ever since I got am email saying my email was locked by Canada revenue I have been getting spammed non stop. I believe they were hacked and this is the result. Shaw should be able to put much better filters on emails! How many CBD Gummies should i have to block before it stops
@esham -- So is that it? I need to find out why spammers spam instead of shaw doing anything about it?
Yes, "profit" is the motivation for the spammer(s).
> Surely an email provider can add those rules server side no?
Certainly, they could, but do you think that it would be too "harsh" for Shaw to tag any message that contains an apostrophe (') or an underscore (_) anywhere (SUBJECT and/or "body") ? Probably, too many "false positives" would be generated, and Shaw customers would complain. Note that some Shaw customers have set their preferences to "immediately delete those tagged messages". I hope that they don't complain to Shaw alleging "non-delivery" of messages from their colleagues.