Spam Report 1: A journey into the dark web!

Image by Gacem Tachfin - The Noun Project

Image by Gacem Tachfin - The Noun Project

They have finally have gotten to me, after years of being a prolific emailer and trying to circumnavigate the daily spammers, I have decided to take action. You could call it ‘war on spammers’ or ‘counterspammerism’, I’m going after them in a small way but even in a few short weeks I have been able to grow my knowledge about the ways that I can start making some impact.

This is the first of what will be several reports on my progress in an effort to share some insights, which others may wish to investigate themselves.

Just to set the scene. My computer is an Apple Mac, but because it’s 8 years old I’m on Catalina. I use Apple Mail on my Mac and my iOS devices, but the bulk of the heavy lifting of course will have to be done on the Mac as on iOS as far as I can see you can’t even interrogate the email header. Seeing as the email header is where the majority of the research takes place then all the work will have to be done on the Mac.

A few things to be aware of in this journey:

  1. Never click on any shared links inside the spam emails

  2. Never download any attachments either, as they likely will contain malware to attack your computer

  3. The name and email of the sender that is shown is often not the actual sender

  4. A lot of spam does actually come from well known mail servers making it quite easy to report

  5. Spam via Google’s servers is much harder to do anything about, but it does allow for IP or domain reporting to be done in some cases

  6. Bouncing emails via an Apple script, blocking their emails with actions inside your Apple mail is also a good strategy

  7. Some spammers somehow are able to create a carbon copy of legitimate mail servers, making it look like it’s come from an authorised mail server

  8. So called legitimate companies engage in prolific spamming, regardless of GDPR rules in the U.K., which still exist here despite us leaving the EU.

  9. Calling people out, by tagging them, on Social Media will hurt companies and is a possible strategy too, I have used it in the past and I will be doing it again.

  10. Replying to emails, which may be suggested by mail server companies when you report is definitely not recommended.

  11. When reporting abuse or spam ask for your email to be globally blocked on their servers, some of them will do this. I’m not interested in newsletter emails, so am very happy to be removed from everywhere.

  12. Internet companies who ask you to complete forms to report spam or abuse are guaranteed never to get back in touch with you, making it quite depressing, but don’t give up the one or two companies who do take action will make it all worth it.

  13. Keeping a record on a Google Sheet or Excel sheet is definitely worth doing, it will give you a sense of achievement if nothing else, it also allows you to spot repeating offenders.

  14. Adding a rule or flag and saving your spam emails to a special folder is also worth it. I know it’s not great holding on to these spams but it may be worth it. My folder is called ‘Spam Report’.

Basically there are two type of spam mails, the foreign ones, usually Africa where they are claiming a huge payment in return for your private information. The mail server spam filters are quite good these days and they will inevitably go into junk anyway. Unless you check your junk folder daily, as I do, you may miss them. Sometimes it is useful to interrogate the email header to check the IP address. Most of the time the IP address is one of Google’s mail servers and therefore pointless and impossible right now to do anything about. Let’s work through an example of that type below.

Example of generic spam email phishing for your personal data

Example of generic spam email phishing for your personal data

This email allegedly has been sent by Sun Trust Bank of course there are many clues that this is spam mail. Just in case you don't know, which is hard to believe these days but the mail is not addresses to be, there is a promise of lots of money and a request for all your personal data. OH I wonder why they would need this, ah yes of course, they want to send me lots of money, these very kind people.

Apart from knowing from the content that this is spam, the fact that it's likely ended up in your junk, you could interrogate the header as well. In Apple mail (computer not iOS), select the email and from the top menu go to>view>message>all headers to expand the email header above the email content, like the image below.

Email header showing alias email as well as sender email addresses, also the IP address of the mail server

Email header showing alias email as well as sender email addresses, also the IP address of the mail server

  1. You will notice there are two gmail addresses listed, I suspect one is an alias, i.e. the sintrustbannk, haha the fact they called it 'sintrust' is of course also a big clue! The other one mrmark..., is of course the proper Google account one, as it has the smtp.mail identifier by it.

  2. The IP address of the mail server is shown as 209.85.208.43 and that is confirmed as a Google mail server. I look up IP address on https://www.abuseipdb.com, where you can report abuse, however you won't be able to report unless you create an account on there. But you will see from the screenshot below when I checked on that IP, that many people report it. Basically it's pointless because so many people in the world actually use that mail server anyway, but of course people do report it.

IP search on abuseipdb.com - basically confirmation that it has been sent via Google’s server

IP search on abuseipdb.com - basically confirmation that it has been sent via Google’s server

Basically what I do with these emails, is make sure I add the email address to my blocked list, which is easy to do inside Mac Mail, see image below.

Apple Mac Mail - Select email dropdown and click ‘block contact’

Apple Mac Mail - Select email dropdown and click ‘block contact’

I also have a rule that says when email from a blocked address arrives move it to the Bin, see image below. You can see that mrmark... is listed there. You can only add blocked addresses either from your contacts, when you click the plus sign or from within an email when you select the email address. There is a more detailed way to do this via Junk Mail Behaviours, but I will share those features in a future report.

Apple Mac Mail - Junk mail rule for blocked contacts

Apple Mac Mail - Junk mail rule for blocked contacts

Right I think that's all for now in this report. Pretty basic I know but I want to record the different aspects of dealing with spam mail in separate reports. Any questions, feel free to comment below and happy to provide guidance.

Happy unspamming!


If you’ve enjoyed this post and would like to support my writing feel free to buy me a coffee. 👇