Re: Reporting phishing causes more spam - is BT We...

N1ckRH3 · ‎21-10-2025

I generally use IOS Mail apps to manage my email accounts, but lately I've been getting a lot of spam via my main BT email account. Most goes to SPAM folder, but I regularly get a few into my inbox. So I tried logging in to my BT webmail account to report these and try to block them at source. I've noticed however that if I go to my Inbox, use the "More" tab, select "report phishing" option the message goes to my Spam folder as promised...but 10 seconds later, theres a fresh spam message in my Inbox.

The new messages are always from a gmail account (so I can't block the domain), it's always different to teh one I've just reported, and it's always within 30 seconds of this action. This doesn't happen with reporting as spam, only when reported as phishing.

I've tested this many times. It doesn't happen when I refresh or log out then back again, only when I report as phishing. It then happens EVERY time, not just occasionally.. Surely there must be a security glitch in the BT Webmail system - I just can't see how else this could happen..

Has anyone else noticed this?

gg30340 · ‎21-10-2025

Spammers generally "spoof" the email addresses and domains in an attempt to beat the spam filters.

Is the email domain that you see in the address bar or have you checked the headers of the emails to see what the name of the actual domain is that is sending the emails?

If you check the headers there is a good chance that it is not being sent from the gmail domain and if that is the case you can then block the domain that is actually sending the spam.

If you have not checked the headers to find the true domain you need to log onto your email account using a web browser and then tick the box to the left of the spam email and then click on "More" in the menu bar then "View Source".

This will show you the full details of the emails journey to your Inbox. This will show you the email address and the domain that actually sent the email.

It is that domain that you need to block however you will most likely find that a waste of time because the spammers constantly change their domains and email addresses.

You may find that setting up a "Rule" to discard the spam with something relevant to the spam that you are receiving will work.

As regards reporting them as phishing, are you opening the emails at any stage because if you are the spammer will most likely have set a pixel in an image in the email to report back that the email has been opened. This lets them know that the email account they sent the email to is a live email account and may well trigger further spam.

To prevent this from happening either do not open any emails that you suspect as spam or go into your email accounts setting by logging onto your email account using a web browser then click on your username at the top right hand side and select "settings" then go to "Mail" in the left hand column then "Block Images" and select the one that you feel is best for your use then click "Save".

N1ckRH3 · ‎21-10-2025

Thanks for the info in your detailed reply - the header advice is noted - but they are all showing as gmail (and this seems to be confirmed by gmail being included in the blocked domains if I do select "block domain" for the offending spam.

I'm always careful to avoid opening, or even touching (finger or cursor), spam messages - and on my mail app I can always delete en block.... If you take a look at BT Webmail though, you will note that you have to use the curser to select messages before making a selection from the "more" tab. I accept that in doing so, its possible to pass over a pixel somehow - BUT - the phenomenon never occurs when I select any other option from the "More" tab, only when I select "report phishing".

It is therefore the selection of the "report phishing" option itself that triggers a new spam message. The method of selecting the message is identical when reporting as spam (there are three subsequent possibilities here - none triggering a new spam message).

Nothing happens either when selcting from the "Block Sender" or "Block Domain" tabs either; it is only when reporting as "phishing" - when the selection (using the cursor)v of any given spam message in the inbox is identical - hence my belief that there has been a compromise in the BT system involving the Phishing reporting system

gg30340 · ‎21-10-2025

@N1ckRH3 wrote:

... If you take a look at BT Webmail though, you will note that you have to use the curser to select messages before making a selection from the "more" tab. I accept that in doing so, its possible to pass over a pixel somehow

Just so that you are aware, you do not need to pass over a pixel. It is triggered if you open an email that contains a picture.

See link

Spy pixel - Wikipedia

As regards your suspicions about the reporting of phishing emails being compromised, you would need to report your concerns to the BT Email Team 0330.1234.150 to see what they say regarding that.

Kimberlin · ‎22-10-2025

@N1ckRH3 Just so you are aware, there are alternative email providers that automatically block spy pixels and provide other methods to actively prevent spam/spyware from ever reaching your email inbox in the first place.

gg30340 · ‎22-10-2025

@Kimberlin

BT also block spy pixels by blocking images.

It was active by default with the user able to select not to have it active but due to complaints it is now up to the user to activate blocking images as I outlined above.

Reporting phishing causes more spam - is BT Webmail system compromised?

Re: Reporting phishing causes more spam - is BT Webmail system compromised?

Re: Reporting phishing causes more spam - is BT Webmail system compromised?

Re: Reporting phishing causes more spam - is BT Webmail system compromised?

Re: Reporting phishing causes more spam - is BT Webmail system compromised?

Re: Reporting phishing causes more spam - is BT Webmail system compromised?