This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What SMG rule would you use to block this type of spam

here is it:

Return-path: <directorpayment02@gmail.com>
Received: from mail-oo1-f46.google.com (me [IP])
by me with ESMTP; Tue, 23 Aug 2022 08:44:56 -0400
Received: FROM mail-oo1-f46.google.com (209.85.161.46) BY me WITH ESMTP
FOR [ me ];
Tue, 23 Aug 2022 08:44:56 -0400
Received: by mail-oo1-f46.google.com with SMTP id u5-20020a4a5705000000b0044b34c2c89cso379783ooa.9
for [ me ]; Tue, 23 Aug 2022 05:44:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc;
bh=0riDJu16N9ueGTlU7ZS+Yp8bkKO9Ax6TBaQudfP948s=;
b=ELq7dh4VuV4adhWFReC/RW3v/Vko5cMVMqOfPFO73RoF3D+nObs7AvsyyPkuAVNClt
jWjcOSWNf1+4403nFsRkKT12jfh5p64tPPuDub5jaT+s3uafeb0ZIY0bS+uyAXg8dnZy
vEOC1ISNzfO+nNg/uieKVyB/iLYezOyQkae4Kdy85izqRKyL1Jvkl6+CbATuzEQZRfdb
HZxRE+TCpmpGb32IousVRUTyARkXM46ERLiz+Ws57487F0ciUqKUg6Ry23JcpwiSVUVN
xEBhdW6z+thx/szkpSgHdCxpN8Q4C63BYGNJMrx4Z4p2eQI0j6aX3v4Osy3tOpAS3tj7
v6MQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc;
bh=0riDJu16N9ueGTlU7ZS+Yp8bkKO9Ax6TBaQudfP948s=;
b=c12udirefhCbKOCv5zMju2/sJdueoVXMy+zCrBBuyK4D1vLnEJM0KUzwUJfMkT8Ra1
H40zOWzHFrlOtW+gUNqxceZ+aHd69pSX3NKcoWW9pr4gkfqhGIR70V/+y+gCMrwVnDi9
JiqjiwQza1y0nivUs4apyoBNlEjxXtIY1A5D92ygYbMPskVc4qoqbNEThQYvnDTpHHBQ
SNAtYSPKpWoEPhHO89c7pO/jN4/BrYELq+mf8c0zw39aKQvsAAoptT5pwwv9cpWgaeQl
PqigP6gwhjzJ8cUARkD4lp716p/EuFc/en0eNk6t96gODagGFWrv2TnUIfneJygxLpwA
B1GA==
X-Gm-Message-State: ACgBeo0/4YK/GD7Ydv4Jb/G9UHwzpdLPyqf+9CbVE9g/Mjq4LZrn9TSs
PR6J/3QznyFVTiFQ9lgMUZOZwTLdV/onUn0+CJI=
X-Google-Smtp-Source: AA6agR5PAiaoyUoHiHzwA79d/lknte2Rv3zgyNTWktNDWvg9xHy5gcDNuOzPiH22IsjxBSXkiOU9B5wYNCp4oxbz92E=
X-Received: by 2002:a4a:d657:0:b0:448:95ee:e0b4 with SMTP id
y23-20020a4ad657000000b0044895eee0b4mr7877439oos.59.1661258694548; Tue, 23
Aug 2022 05:44:54 -0700 (PDT)
MIME-Version: 1.0
From: "Mrs. Sarah Hendrick" <directorpayment02@gmail.com>
Date: Tue, 23 Aug 2022 13:44:24 -0700
Message-ID: <CAKWOfmUZr0OY9e_tDR5O29Zzan8qd+5R7gqHzWozYGHfYY6qmg@mail.gmail.com>
Subject: [EXTERNAL] Reply ASAP
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="0000000000005e61ce05e6e7eea0"
Bcc: [ me ]


--0000000000005e61ce05e6e7eea0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base6

Tags:

Parents
  • 0  

    Do you use Black List or SURBL filters?

    If the owner of the sending domain has not setup DMARK/DKIM/SPF there is not much you can do about that.

    If you have a good firewall you could use geolocation components to block IP addresses from specific parts of the world.

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

  • 0   in reply to   

    Maybe I am wrong. But as far as I can see, Kevin, this mail is using Google mail's environment. So some DKIM protection by gmail ...


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   
    Email content... Clearly unsolicited / SPAM. No links:



    Hello Sir/Madam,

    I am Sarah Hendrick, an Investment financing Adviser/Broker working for top investment financing companies in the gulf region. I help clients and individuals and organisations seeking investment funding for their viable investments or projects anywhere in the world.

    We are currently interested in funding viable businesses, investments or projects in the following areas of interest, after a successful one-on-one investment presentation with the investors team of fund managers and lawyer:

    * Starting up a Franchise
    * Business Acquisition & Expansion
    * Medical / Healthcare procurement & Supplies
    * Capital / Infrastructural Project
    * Oil, Gas & Renewable Energy
    * Commercial Real Estate Purchase & Development
    * Hospitality & Leisure
    * Government / NGO Contract Execution
    * International Trade Financing

    Get in touch if you have a viable project that requires funding.

    Regards,
    Sarah.
  • 0   in reply to 

    You can't prevent all spam.

    If you filter out all malware, spam links, backlisted IP addresses, DMARK/DKIM/SPF violations, etc., that will get rid if a lot. The anti spam filter should get rid of most known spam but there will always be new ones that BitDefender does not yet know about.

    You could quarantine email containing specific keywords if certain types if spam are bothersome.

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

Reply
  • 0   in reply to 

    You can't prevent all spam.

    If you filter out all malware, spam links, backlisted IP addresses, DMARK/DKIM/SPF violations, etc., that will get rid if a lot. The anti spam filter should get rid of most known spam but there will always be new ones that BitDefender does not yet know about.

    You could quarantine email containing specific keywords if certain types if spam are bothersome.

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

Children
No Data