Recently I have been receiving spam on Yahoo which appears to be addressed to a different recipient. It arrives in my Yahoo e-mail because my e-mail address is placed under an "X-Apparently-To:". As a result, MW doesn't pick this up.
Here is a partial raw e-mail format: (I removed my e-mail address from the "X-Apparently-To:" line)
Received: from 10.197.39.76
by atlas318.free.mail.bf1.yahoo.com pod-id NONE with HTTPS; Fri, 17 Mar 2023 15:22:54 +0000
Return-Path: <jdfVtHVMFGYbHBkSzpaE@kindercampus.mail.onmicrosoft.com>
X-Originating-Ip: [52.100.18.212]
Received-SPF: pass (domain of kindercampus.mail.onmicrosoft.com designates 52.100.18.212 as permitted sender)
Authentication-Results: atlas318.free.mail.bf1.yahoo.com;
dkim=pass header.i=@kindercampus.onmicrosoft.com header.s=selector1-kindercampus-onmicrosoft-com;
dkim=perm_fail header.i=@e.mychoice.com header.s=10dkim1;
spf=pass smtp.mailfrom=kindercampus.mail.onmicrosoft.com;
dmarc=unknown header.from=DPCxzbvFGghGycHAZTNKVe.mychoice.com;
X-Apparently-To: xxxxxx@yahoo.ca; Fri, 17 Mar 2023 15:22:54 +0000
X-YMailAVSC: pIvqZS83bBt.21stdGN2oqo4_YVhBqo7NoArrXPwhlw1Ec_
rkSOEFsxYApDuT_FLOOvF520mME_2_6rwBzlBx1G7v_FAngU3pds2tCxhIS7
yA.ujVTp1Yy1RDpzWbfw3tOKC0s9GIfeO1rAPa9HLc8pJuhlH6tVkkUKjA5U
Gxthu3RwuVU7wVZ89bHBjKs9OZ1hg4ElGlJJgCSOm08fC2pcjMIRmWrPDMnT
YMU7qRdHVCfIlbr6fUNIJsGhJvYEbyBKPO99rMJnxiU6vA3Fez4kFLJ_h.3h
cBTmFi8KvRa1k2TPsyAh0z4cf.HtueinN_GDDrCrDkg_lFieYvv3Y4dL7cZr
_hx.A8prJIx8Rvz2Fw2D7jaG_SCaYfT_XkCRwVZzs1tW_YOpd5lROWQkVz0d
NZxuK2yh12lFcp1VFf8M_o0bYxs2PB5lm3F3S0ShYe.soVU8aqsnQnM0lY1I
.jS7.nHCerms_vDhbxv8GRxnwwo629EcGqehJpeLEQ77fFiCrQC6ofwte6hN
tTRsKl8zoyPLqrE8X_UK5U.W9wnk2GjMi70sA7K8WRohq.ntU9z.QWx5bKxF
TgVTfZRfvNqTj_zoC9f3G3OmBZSYVPAdXWgVvdnSROhFi8Okd7d2SFl.WK6O
nfEUe0th9fLEz1BNyhTMLBggWytXOE7L_p_vn9aK1xHOaU2AS6t_9_PqJND8
OyixAYLMxV_NZuQD7XeMe9QE7v9f.NwxYGIEtjwxgMWEiDbMNtT8LClrDHZW
yA4RUPno2YcnvG2IgEFrvVT4ZL6JdGGs3q6oXj_D4Z3YD_4A7Wpv1RYQrFPr
wbVV2ozj8qYBfihga6DtyJ_Ajyb.KbFMJUVeaaUYRSQcRR2D66Ec7i1qembg
R7AXXfZ5GiuwpCiDJqJUyPUGqQrTiZtPES1p52qRYgTfeemsoaHCZIL9v231
QXljuE.I4Kp2u.w_cd.oVIgb7t817qjoNdgiJCp3zuOfJGpWAyROKu_rKQBQ
qoGRc4WcF955eY9HhIQFCvkK5w_TRoh8oWYIJIKsbFs.jB3VMlwDMCaH_V1Q
LX113AScvgm6vBK7PSZ1U8U9Po6gqFpHcxW9y4shJNSOSP4q88Fb5KZD5_6k
wWD096A7vPdmlGbpcO4bVrLzKzvaksaIrG0NCHNeJPL8WbzrzdvvgQy45wY4
87dcUizRaaoOS9Q4XPDy8xdhviofro.iFoCqyME395JYE4APCf1CCH2EhGUh
QlWVELpEcnny4x._XDAwukT3Xog6oNw300gnN7km6X5DrJXdEorqWznoZCWp
pgcvhLc.PzG1QQbZp41liXaT9DgilnCaFmCc8NJVT7VIqcLZVnXLv55QwqES
N486tGzj.SsEIcuka8smDBYDmGa1eiXUxRv8vVQkyMtr9pfHgLDahujvU9Mt
n.LXuYs3YB.3hDx8jcLp.1sprsMD4BIcF2C3rYPwjiyjJVoQ2q0PULLYAmQT
VmBzYCzsjnw--
fetching mail, recipient hidden
- gingbat
- Least Evil Firetrust Employee
Post
Re: fetching mail, recipient hidden
Yes, just enable the default filter "Not to me" to catch any email not sent TO your address....
Click Settings>>Spam Tools>>Filters, click the "Not to Me" filter, and change the email addresses in the actual filter to your own ones, below is what this filter looks like before editing it.....
Click Settings>>Spam Tools>>Filters, click the "Not to Me" filter, and change the email addresses in the actual filter to your own ones, below is what this filter looks like before editing it.....
- stevefisher9999
- It begins with a single step
Post
Re: fetching mail, recipient hidden
I have a similar DMARC itype issue, where the incoming email includes a link in the body that shows my email address, but the underlying url link is a "mailto:" to a different person. This i would think is a pretty common type of spam attack.....anyone know of a way to filter emails like this, where links display one thing, but point to a different email address?