Showing results for 
Show  only  | Search instead for 
Did you mean: 
Message 61 of 101

Re: Blocking Spam domains not working

Yep, mine started with the 'Costumer Service' ones as well. I haven't noticed anything regarding a Microsoft email, but I send them to junk without opening them.

0 Ratings
Message 62 of 101

Re: Blocking Spam domains not working

@bloop Yes that's another "costumer service".

Had a quick look re your question. I see on 15th I had an email headed McAfeAnti-Virus - Your subscription may have ended, then images. At the very bottom in small text is this:

We recently received a request to recover your Microsoft account me***** Unfortunately, our automated system has determined that the information you provided was not sufficient for us to validate your account ownership.  Microsoft takes the security and privacy of our customers very seriously, and our commitment to protecting your personal information requires that we take the utmost care in ensuring that you are the account owner.  Please submit a new account verification form - a link - etc etc - it goes on.

I also see that some spam have the Data Protection notice saying I am getting this email because my email address "is registered in the database yoursavingsfiesta" etc etc Owner of brands Coupon&Go and Oferting. I am reluctant to press any unsubscribe button though.  I don't go onto these voucher sites so will not have put my email address into any.  

0 Ratings
Message 63 of 101

Re: Blocking Spam domains not working

I had exactly the same one on the 15th.

There are 2 different spam sources going on here.  The ones that talk about Data Protection are from Spain:

EMAILING NETWORK EUROPE, SL (hereinafter EMAILING), NIF B-64649957, registered in the Commercial Registry of Barcelona, Volume 39881, Folio 0104, General Section, Entry 1. We are located in Carrer Pujades, 112, 08005 Barcelona (Spain), phone 0034 934 673 626.

EMALING NETWORK SARL is a subsidiary of EMAILING NETWORK EUROPE, SL., domiciled at 8 Rue Barthélémy Danjou, 92100 Boulogne-Billancourt (France). SIREN Number: 494084395 - NIC: 00016, owner of CLICPLAN, OFERTING and COUPONANDGO brands.

EMALING is an affiliate company of Reworld Media, 8 Rue Barthélémy Danjou, 92100 Boulogne-Billancourt (France)

Terribly Tempting is owned by The Value Factory : Carrer de Pallars, 166 1ª Planta, 08005, Barcelona 

All sent via Sparkpost.

They are still processing personal data unlawfully as I have never granted them permission to send me marketing email, and for it to be legal, they must have obtained my informed consent.  They certainly have not! 

The Martin Lewis and Bitcoin ones are evil as they are concealing the genuine sender, spoofing other identities are suspected of distributing links containing malware, exploiting Microsoft IP addresses and faking a significant part of the email headers etc.  I have also been forwarding them as attachments to    If you try to simply forward them BT identifies them as phishing, so I don't understand why they can't filter them to at least my spam folder in the first place!


0 Ratings
Message 64 of 101

Re: Blocking Spam domains not working

There is also something else I think is fishy.  I posted a while back that emails were not getting through to me.  It turned out that that was in my blocked sender list.  Well for me to block that domain once was surprising, but to do it twice is fishy!  I only know this as I am secretary of a club and expect replies to the mailshots.  So many this month did not reply.  A friend of two said they responded today so I asked them to send to my work address and indeed it was true.  Then I looked at all the people who supposedly had not replied and they were all gmail.  I looked in my blocked sender list and lo and behold is blocked.  There is no way I would have blocked that domain.  Can the spammers do this - so I block what I think is their domain but it is actually

0 Ratings
Message 65 of 101

Re: Blocking Spam domains not working

Hi jn_girl

This happened to me, too!
I am 100% certain that I would not have blocked, but when I checked my blocked senders list, there it was

0 Ratings
Message 66 of 101

Re: Blocking Spam domains not working

@grahamm1 wrote:

Hi jn_girl

This happened to me, too!
I am 100% certain that I would not have blocked, but when I checked my blocked senders list, there it was


Did you read message 15.

0 Ratings
Message 67 of 101

Re: Blocking Spam domains not working

After I block an address or domain, I always go in to the list of blocked senders to see if it has added the address or domain I was expecting to be blocked (I have found that newly added addresses/domains appear at the bottom of the list initially).
0 Ratings
Message 68 of 101

Re: Blocking Spam domains not working

Actually, that's not entirely true.   If the full header is a "bad header" (a broken but deliverable header), BT seems to be evaulating the "spoofed from" as the "actual from" to block more mail comming in.

Lets go back to one refered to that we recieved (I can say that as it wasn't just me) on the 15 January pretending to be a renewal for Mcaffee Anti-Virus.  Since I don't have/have never had that, it was obvioulsy fake.

The spoofed "from" on the email is: McAfeAnti-Virus <>   That is what the BT filters are responding to by way of blocking the sender.  I have verified that by adding it to blocked senders in settings/mail/blocked senders, and then removing and getting more spam from a spoofed .  I can't identify the real sender other than it came through a Microsoft relay.  It is blocked along with others and I'm back to 1 or 2 a week.

Back to the point - in the header, which has all sorts of **bleep** injected to deceive is the following:

Received: from ( [])
by with ESMTPS id a10si19458664iln.121.2019.
for <>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Thu, 28 Nov 2019 07:01:41 -0800 (PST)           <--Note the spoofed date!

This is injected code and not part of the real header at all.

"If" the BT email system is not evaluating the headers properly, and users are using BT's "block sender" within the email viewer, it is quite likely that the wrong sender is being blocked.   In this case it coud be

What I would suggest is that you look at the "from"  and block that in settings/mail/blocked senders manually and review what you have got set as blocked in case there are others inadvertantly there, until BT get this sorted.

Is ther a mod or BT employee I could work with on this?

I'll share the full header in my following post so you can see what a mess it it.

0 Ratings
Message 69 of 101

Re: Blocking Spam domains not working

I can follow most of ths but there's a bit where I get lost.  It really does seem t come from Microsoft - maybe some  hacked Microsoft tenants or a Microsoft security exploit?  Note the injected bits with the duff dates.  I apologise, its not a tech forum, but this spam is causing too many problems and needs fixing.

Full Header edited for privacy:

Return-Path: <>
Received: from ([])
by with ESMTP
id <>
for <>;
Sat, 15 Jan 2022 16:01:54 +0000
Received-SPF: pass ( domain designates as
permitted sender) identity=helo;;
Received-SPF: pass ( domain designates as permitted sender)
X-Originating-IP: []
X-OWM-Source-IP: (DE)
X-SNCR-Rigid: 61B423C50CC0ABB1
X-OWM-DMARC: spf 7 dkim 7
X-RazorGate-Spam: true
X-RazorGate-Suspect: true
X-VadeSecure-score: verdict=spam score=300/331, class=spam
X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedvvddrtdejgdekgecutefuodetggdotefrodftvfcurfhrohhfihhlvgemuceutffkvffkuffjvffgnffgvefqofenuceurghilhhouhhtmecufedtudenucfuphgrmhffohhmrghinhgprhhtucdlfedttddmnecujfgurhephfffuffkvfggtgfgsehhqhertddttdejnecuhfhrohhmpefotgetfhgvtehnthhiqdggihhruhhsuceouhhnmhhonhhithhorhgvugesmhhitghrohhsohhfthdrtghomheqnecuggftrfgrthhtvghrnhepledukedujeejveegkeekkeeugffgudekudelvdeiteejffeutdehuedvteehudehnecuffhomhgrihhnpegslhhoghhsphhothdrsghonhgupdhlihhvvgdrtghomhdpmhhitghrohhsohhfthdrtghomhenucfkphephedvrddutddtrdefrddvtdegpdeihedrheehrdehvddrvdefvdenucevlhhushhtvghrufhiiigvpedvieegnecurfgrrhgrmhephhgvlhhopeffgfgftdduqdeugfdtqdhosggvrdhouhhtsghouhhnugdrphhrohhtvggtthhiohhnrdhouhhtlhhoohhkrdgtohhmpdhinhgvthephedvrddutddtrdefrddvtdegpdhmrghilhhfrhhomhepsggrughrohhmnhhovhgsvhhrshgrrgeijhifuheifehrugejughmtgiikhgvshgtseevrghrlhhoshhhrhgvnhdrohhnmhhitghrohhsohhfthdrtghomhdpnhgspghrtghpthhtohepuddprhgtphhtthhopehgihhllhdruggrvhhishhonhessghtihhnthgvrhhnvght
X-RazorGate-Vade-Verdict: spam 300
X-RazorGate-Vade-Classification: spam
Received: from ( by (5.8.716.03)
id 61B423C50CC0ABB1 for; Sat, 15 Jan 2022 16:01:54 +0000
Received: from FR0P281CA0079.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1e::19)
by FR0P281MB0834.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:52::14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.2; Sat, 15 Jan
2022 16:01:53 +0000
Received: from
(2603:10a6:d10:1e:cafe::db) by
(2603:10a6:d10:1e::19) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.5 via Frontend
Transport; Sat, 15 Jan 2022 16:01:53 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is; dkim=fail (signature did not
verify);dmarc=fail action=oreject;
Received-SPF: Fail ( domain of does not designate as permitted
sender); client-ip=;;
Received: from ( by ( with Microsoft SMTP
Server id 15.20.4909.2 via Frontend Transport; Sat, 15 Jan 2022 16:01:52
Received: by 2002:a25:ae1f:0:0:0:0:0 with SMTP id a31csp7044864ybj;
Thu, 28 Nov 2019 07:01:41 -0800 (PST)
X-Google-Smtp-Source: APXvYqyrq+LfRbr6Ut7oQiK6qVTfUlLq7TZvFm7YX3UJwseu/6kMF3WTNxgJVzCg5K0wVNYogp9w
X-Received: by 2002:a92:4b07:: with SMTP id m7mr50119995ilg.271.1574953301015;
Thu, 28 Nov 2019 07:01:41 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1574953301; cv=none;; s=arc-20160816;
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arc-20160816;
ARC-Authentication-Results: i=1;;
dkim=pass header.s=s1024 header.b=pDEO1j8L;
spf=pass ( domain of designates as permitted sender);
dmarc=pass (p=REJECT sp=REJECT dis=NONE)
Received: from ( [])
by with ESMTPS id a10si19458664iln.121.2019.
for <>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Thu, 28 Nov 2019 07:01:41 -0800 (PST)
Received-SPF: pass ( domain of designates as permitted sender) client-ip=;
Authentication-Results-Original:; dkim=pass header.s=s1024 header.b=pDEO1j8L; spf=pass
( domain of designates as
permitted sender); dmarc=pass
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=s1024; t=1574953294; h=From:Subject:Date:Message-ID:To:MIME-Version :Content-Type:Content-Transfer-Encoding; bh=whL+Bbwy59ZWOnMnh+b2PYhKLMSFR IIp3ml0a5Lz0mE=; b=pDEO1j8Lim2Ln0F//7dB4lofUoeP5IlDa16PHY/0Hl+GNNprz2DLKv n1xXNnXF4s0mIMtTAO4UaQqU2AsSX5BEg2djuUJznPrxwJgar1CWZdhKTzOIBHXWIlnuq9ykD Um3RJccIqtzjUGg5P8m9tFDAhT83gR+w7+J6QEnWimFw=;
From: McAfeAnti-Virus <>
Date: Thu, 28 Nov 2019 15:00:58 +0000
Subject: Your Subscription may have ended?! Renew Now!
Message-ID: <BY0TXFU179U4.H0JKFUFQUCSL@localhost.localdomain>
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-DKIM-Signer: DkimX (v1.11.111)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 6d89ad39-e8a5-49b2-ecb9-08d9d8405904
X-MS-TrafficTypeDiagnostic: FR0P281MB0834:EE_
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Jan 2022 16:01:52.7169
X-MS-Exchange-CrossTenant-Network-Message-Id: 6d89ad39-e8a5-49b2-ecb9-08d9d8405904
X-MS-Exchange-CrossTenant-Id: e0654e9c-b01d-4683-abc6-a8acb9d2408b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=e0654e9c-b01d-4683-abc6-a8acb9d2408b;Ip=[];Helo=[]
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR0P281MB0834

0 Ratings
Message 70 of 101

Re: Blocking Spam domains not working

@gg30340  Thanks GG, no I hadn't seen your previous message 15 which explains how got into the blocked sender list.  

0 Ratings