Page 1 of 1

Dealing with mutating legitimate spam

Posted: Fri Oct 18, 2019 12:09 pm
by laugher
This is a writeup of my experience with a particular type of spam that I currently have a problem dealing with. If you have anything useful to suggest, please do feel free to respond.

I've been training Mozilla Thunderbird to kill spam for awhile now. I have created a lot of filters and have been using their built-in junk email detector. It does a pretty good job but it wasn't perfect. It did not handle one type of spam.

I'm now back using MailWasher. I was a MailWasher user up to version 6 some time back but decided to come back to the MailWasher family because between my mail proxy service provider (which also filters junk) and my Thunderbird client, it was not able to handle this type of spam where the people behind them were obviously throwing money into it.

There are two types of this new breed of spam.

The first type is the advertisement of professional training courses/workshops/masterclasses and seems very legitimate. But my attempts to unsubscribe from their mailing list has been to a large extent, ignored. Thunderbird cannot handle this type of spam at all.
The second type is a little more malignant. It poses to be something in the subject line but you can tell a machine generated the email because it starts to talk gibberish and strays off to other topics. For example, it may say something like "A new disease that is life threatening" in the subject line and starts to talk about a disease in the body of the message. It then transforms into talk about holidays and far of destinations and then it transforms again, etc etc.

In both cases, these emails are sent with a day or a couple of days gap. i.e. Its never persistent spam so I only get them every couple of days or so. But they have one very annoying attribute which allows it to slip through my proxy service provider's spam filters while Thunderbird's junk filters simply cannot deal with "legitimate course/training/workshop emails". They keep changing their domain name suffix so I can't place them into blacklists or it will simply just grow out of control. One day, the originating email might be sent from training@hellhasnofury.com and the next the domain changes to info@beamazingatwhatyoudo.com. Each spam has a different domain name. Someone is paying in bulk for domain name registrations!

I've tried to look at the headers of the emails to determine where they are coming from. I also went to look up their service provider hosting those domains. Each time, I found a different data centre hosting service provider with a DNS hosting service that these spam emails would use. Sending them an email to their security/breach inbox either ends up falling on deaf ears or they aren't really interested in dealing with one small case and so my emails are ignored. The funny thing about the world of emails is that my email proxy service provider's MX server seems to think the originating server/client sending the email is legitimate and is authoritative to send emails from that domain each time. Like I said, money has been spent to ensure the spam gets sent.

This has been happening for about a year or so now so...

I am starting to train MailWasher now and hope with its spam detecting heuristics, it will eventually find these annoying spam and permanently deal with it before it gets to my inbox. Fingers crossed.

If you have been able to successfully deal with this type of spam, let me know what you did. I'd be keen to hear if MailWasher is also the golden bullet for you.