There is no way to delete blocked senders en masse.

Replying to myself here.

There must be a way to add/remove mass blocked emails as the hacker "avanad" added the 1000 blocked emails. I doubt it was done manually.

Just completing the story - "avanad" had been added as an account manager in MyBT.

When I tried to remove "avanad" the system simply failed.

If I added an account manager myself I could remove them using the remove option.

I think the question I should have asked is.

Does anyone use alternative email clients that can access BT email AND allow editing of blocked senders (ideally with multiple selection options?

None of the email clients that I know of are able access the blocked senders list.

You could try calling BT 0330.1234.150 and ask for the email team. They might be able to help.

Just so that you are aware, blocked senders also appear to  be added by the BT spam systems.

I have numerous blocked senders, all of them spam but none of them added by me. 

They are all email addresses and none are just domains and none such as gmail etc.

Thanks for this.

I've spent days on this now talking online to BT and in phone calls.

BT insist they cannot access personal emails.

However eventually I did speak to someone at support who found a way to delete the "avanab" manager. The person could do nothing about the blocked senders though. The suggestion was to create a new BTID, same email address and hopefully no emails would be lost but the blocked senders list would be empty.

I'm loath to do this as the account holder is quite elderly and uses the email (IMAP connection) as an archive. I would hate to be the one to lose this for her.

Moving on. I did unearth a threatening email suggesting the account had been hacked. The date of this email ties in with time from which all the blocked senders appeared i.e. no more emails from paypal and the like after that date.

The user may have clicked on a link in the email. I looked at the real internet headers of the email and found it came from Duxharmobles.accesscam.org. A quick search on WHOIS revealed a bit more information that it hosted by dyno.com. Doesn't help a lot and very difficult to prove anything.

I'm really looking to undo the damage. A simple addition to webmail or the apps allowing selection and mass deletion is all it would take. BT should be encouraged to do this themselves.

I did track the network traffic to see how adding and deleting blockers was done and can see that it might be possible to inject multiple packets to add the offending list of blocked emails. Probably possible to do and certainly more effort than the 10 hours of manually clicking on each one. You could even decompile the Android app, modify it and reinstall it with the new feature.

Perhaps the approach should be "I can no longer use Paypal, Facebook, other big names as BT email blocks any correspondence they try to send me".

I'm rabbiting on now.

I don't think you can blame BT for this.  You are still able to unblock them, all be it not en masse. You could even argue that not being able to do it en masse prevents any hackers from doing it should they want to.

I am surprised that the BT email team were unable to to do it for you assuming it was the BT email team you were speaking to and not just a customer Service rep.

If the account was hacked I usually recommend that the hacked account be closed down because invariably the contacts list has been harvested by the hacker and the list can not be "un stolen" . It usually won't be long until the contacts start getting scam emails from the "spoofed" email address purporting to be from the owner of the hacked account.

By inserting all the blocked domains, the scammer has prevented the hacked account's owner from being alerted that the account was hacked.

If the hacked account is closed down the list of contacts should be made aware of that and that any future emails purporting to be from that account should be treated as spam and deleted without opening them.

I assume you will have had the hacked accounts owner contact her bank and any other web site that she uses her email account on made aware of the hack.

See link for further info.

https://www.bt.com/help/email/email-security/how-can-i-tell-if-my-email-account-is-no-longer-secure

As regards an new BTID. Unless you are linking to a new BT Broadband account to it it will not change anything regarding the email accounts attached to her present broadband account.

In any event you would not be able to set up a "new" email address using the same email address. All you would find is a warning that you can not set up the email account because that email address is already in use.

I would suggest that you do not do that because all your going to do is complicate her account access for her.

Pretty good advice.

There are parts of it that I don't wholly agree with. But as a general guideline its not bad.

I hope this chain might help others.

All are webmail related.

I did find a way to mass unblock senders though not for the faint-hearted. 

I still have some issues with adding an account manager. 

Previous issue was spammer added as Manager. Could not be deleted and caused the webmail site to fall over. 

Fix was a conversation with BT Tech who could delete the spammer.

Still an issue with adding someone as a manager. Gave up waiting after 7 days. Tried again and notification that it is pending has still not appeared 1 day later.