Junk Email

Don’t know if this is an appropriate forum to ask this but I’ve run out of other resources so giving it a shot here. I’m probably not as techy as most TidBits users so could use some insight.
I use Apple mail & have an iCloud email account; have done that for at least the last 10 - 15 yrs. Amount of spam has increased to a ridiculous level, have already gone thru & read TidBits postings from earlier this year & didn’t see this addressed.
I cleaned out my email late last night & by early this morning had more than 150 new junk emails; most are correctly routed to the Junk folder but then I need to delete them. I keep setting up new Rules in Mail, mostly based on the Sender so that once I highlight the messages & choose Apply Rules, they’re all deleted w/o going to Trash.
What I don’t understand is how messages that aren’t addressed to my email address still come thru to me at all. Some are addressed to gibberish email addresses, some are addressed to my regular email address but instead of being @icloud.com, have the 1st part of my email address but then are @yahoo.com or @gmail.com or @ aol.com. So instead of, for example, myname@icloud.com, the emails are addressed to myname@yahoo.com.
How is that possible? How are emails that aren’t addressed to my email address coming thru? I’ve already asked Apple about it & haven’t received any useful response. I doubt there is a fix for this but would at least like to understand how/why this happens.
I’m very careful about where I go on the web, don’t click on unknown links, don’t log in to sites unless I need to, never log into any Google sites, etc. so I don’t think any of this is due to anything I’ve done.
Thanks for any insights.

Just to answer this point:
This is a common trick by spammers to make it LOOK authentic. If you were to look at the email header (don’t publish yours here in this open forum) you’d see that your myname@icloud.com was used to send the spam to your account.

How do they know your address?
Look here: https://haveibeenpwned.com

I’m sure others will add further aspects…

1 Like

Just out of curiosity: why do you need to delete them?

I believe iCloud defaults to removing messages from the junk folder after 30 days, or if you have a Mac and use mail, you can set it to a shorter duration as well.

I leave spam/junk in their folders and let the mail servers remove them over time.

1 Like

So it sounds like part of what you’re looking for is a quicker way to delete messages that are in the Junk folder. The quickest way I can think of to do it manually (which you may already be doing) is right click on the “All Junk” folder and select “Erase Junk Mail…”. Hit Tab and then Return when the confirmation dialog appears, and you’re done.

An even faster method is to do it automatically. You should only do this if you feel Mail will never flag a message as “Junk” that you would have rescued from the Junk folder had you seen it there. To do this, go to Mail > Settings… > Junk Mail > “Perform custom actions…” > Advanced… , and then under “Perform the following actions:”, either change the destination to Trash instead of Junk (for a slow death, depending on your Trash auto-delete setting), or change the first drop-down to “Delete Message” for instant elimination.


Thank you. That’s why I used the example of myname@icloud.com, knew not to use my real email address, myname is not the same as my real name. I’d been trying to look at the entire email header, guess I haven’t figured out how to see the entire header.
Apparently it’s impossible to keep up w/the spammers, let alone stay one step ahead of them. Such a bloody waste of time. Can’t imagine how much spam people who aren’t as careful as I am must receive.:woman_shrugging:t3:


I don’t need to delete them but I hate having anything unwanted sitting in my email account. Also, I feel more secure getting them out of my account as quickly as possible, don’t know if there’s any rationale to my thinking.
I’ve looked at the Mail settings on my Mac & haven’t found a way to change the time until the Junk is deleted. Don’t even see where it’s set for 30 days.

Think my process is already getting rid of them as quickly as I can, it’s similar to your suggestion. Mostly I just didn’t understand how all those @gmail or @yahoo or @aol emails were getting thru to my icloud.com email address.

What your e-mail client reports as the source (From:) and destiantion (To: or Cc:) of an e-mail message has nothing to do with how the message is delivered. All of the header lines you typically see in an e-mail message are actually part of the message’s content, and have nothing to do with how the e-mail servers actually deliver the message to you.

The e-mail protocol (RFC 788 and its many successor standards) works along these lines (some steps omitted or may be different from what modern mail clients do, in order to make the basic concepts clearer):

  • The sender’s computer connects to an e-mail server. Typically, this will be the sender’s ISP’s mail server, but it could be any e-mail server on the Internet that is configured to accept the connection.

    In the past, most e-mail servers would accept connections from anyone, but today, most servers are configured to only accept connections from trusted servers, so you typically have to send via the server(s) provided by your e-mail service provider. But there are some servers on the Internet that have weak or no security, and they are often used by scammers to try and hide where they are really sending from.

  • The sender sends a HELO command to the server, identifying the sender’s computer. The ID could be anything, but a modern server will attempt to verify the ID and will log any discrepancies by adding new header lines to the mail message (see below).

  • The sender sends a MAIL FROM: command, identifying the sender’s e-mail address. If this isn’t provided, most mail servers will attempt to guess it by reading header lines in the mail message’s content. This address is often referred to as the “envelope sender”, because it’s not part of the message, but is part of the protocol that wraps around the message (it’s “envelope”)

  • The sender sends a RCPT TO: command, identifying the recipient of the mail message. This address is often referred to the “envelope recipient”. If the mail is supposed to be sent to multiple recipients, the sender will include a RCPT TO: command for every recipient.

  • The sender sends a DATA command, followed by the entire content of the message. (Followed by a “.” on a line by itself, indicating the end of the data). This includes all of the message’s headers, its body and attachments (which are actually part of the message body).

    After this command completes successfully, the server begins the process of trying to deliver the message to its recipient.

  • The sender sends a QUIT command, which tells the server that the session is done. It will disconnect the client.

Now that you’ve got that information, here’s the critical bit that you may not have known:

The sender and recipient specified in the MAIL FROM: and RCPT TO: commands do not have to match the To: and From: headers in the message’s content.

The message will be delivered to the address(es) specified in the RCPT TO: command, without regard to the content of the message headers.

This is not a bad thing. This is how your mail client’s Bcc feature works (where you specify a recipient who doesn’t appear in the header). It’s also how mailing lists work - the message header says it was sent to the list, but it gets delivered to the list’s subscribers (who are all named in the RCPT TO: commands when the message is sent).

What’s happening is that the sender has specified your address in the message’s RCPT TO: command, and that’s how the message is delivered to you. But your e-mail client is showing the contents of the To: header in the message’s content, which doesn’t have to match it.

You can actually see evidence of this.

If you view the full set of message headers for the e-mail (the mechanism will depend on what e-mail client you’re using), you will see a lot of e-mail headers. The most interesting ones here are the ones called Received:.

Every e-mail server prepends a Received: header to every message it receives. At minimum, this will identify the mail server and have a timestamp. So by looking at all of the Received: headers, you can see every server the message passes through (the most recent ones at the top of the message).

Many servers will put additional information in the Received: header, containing data from the message’s envelope, including, possibly, the content of the MAIL FROM: and RCPT TO: commands, if they differ from the corresponding headers in the mail message, and maybe also the SSH/TLS parameters used to establish the connection between servers.

Servers may also prepend additional header lines containing other information (e.g. the results of whatever spam filtering software they’re running). If they do, the Received: header is always the last one prepended, so you know that all header lines between two Received: headers were inserted by the server that inserted the first of them.

The last Received: header in the message was added by the first server to receive the message. Some number of header lines below that were probably inserted by that server, with all the header lines below that coming from the actual sender - any and all of which may be completely bogus.

I wrote a long message here in January where I decode and explain the headers of an e-mail message I received. I recommend you look it over, since it will help you understand the headers in the mail you receive:


Way above my pay grade but much appreciated. Don’t understand everything you’ve said but it definitely gets me to where I have a general understanding as to what’s happening. I will definitely look at your January message as well.
I always use bcc when I’m sending a message to a group, so I understand a bit of what you’re saying. Drives me crazy when others don’t use bcc; too many people hit Reply All.

1 Like

And that’s also how the spammers do it. When you Bcc a message, the recipients on the Bcc line do not appear in your outgoing mail’s headers, but they are sent over the SMTP protocol (via a RCPT TO: command for each recipient).

Spammers sometimes craft messages to make it seem like you somehow intercepted someone else’s mail by accident. But that’s not actually possible. If you received it, it was sent to you, even if the message headers show someone else’s address.


There are many good things in the replies to the original posting, and I will describe my daily procedure that avoids going through any deep analysis. I have two email addresses that I check daily in relation to Apple Mail Junk detection. One is set up as a destination for comments on my website, and the other is my personal iCloud email address. So here is the procedure:

  1. I check the Inbox for the website reply address and direct any spam (usually the whole mailbox) to the Junk mailbox for that address.

  2. I scan the index for the Junk Mailbox associated with my iCloud address and look at any possible false positives. The index may have from 20 to 100 messages in it. I can usually complete the scan in well under a minute if there are no suspected false positives. If there is a message that probably shouldn’t be there, I redirect it to my Inbox. For example, this morning, the Junk mailbox showed a Patreon message from a person who typically sends an email with a video clip near the beginning of the month. I pulled it out of the Junk mailbox. There are usually no false positives, but I see several weekly.

  3. After completing steps 1) and 2), I usually return to my combined Inbox and then hit option-command-j, the keyboard equivalent for ‘Mailboxes>Erase Junk Mail,’ which clears all my junk mailboxes.

  4. Repeat the following morning

So, this short procedure keeps spam from accumulating while ensuring I don’t miss non-spam emails.

By the way, the automatic erasure of a Junk Mailbox is under the Mailbox Behavior tab after you select a mail account from Mail>Settings>Account.


Thank you. I had looked in Mail>Settings for the auto erase for Junk Mail but had looked in Junk Mail & Rules tabs; didn’t think to look in the Account tab. Have updated it to erase more quickly but will likely continue clearing it out manually. The increase in spam/junk mail just in the last couple months is ridiculous!

MHm, thanks for the link to pawned. I am on 6 sites, dating back to 2013. Should I worry about the older site?

What are the steps to take to get my email address off those sites?

Do I just delete the App?


I sense a bit of confusion here. You say you are on six sites, but it isn’t clear whether those are sites that you provided your email address to or sites where your email address has been posted for sale. Both types can be found on HaveIBeenPwned.

If it’s a site where you have previously provided your address, it’s too late now as that address (and perhaps other information) has already been compromised, so you either live with it (as I have done) or stop using that address altogether. You could have the site close your account, but it’s really too late for that, damage done. Throwing the app away accomplishes nothing.

If it’s a site where your address (and possibly other information) has been posted on the dark web for sale, there is nothing you can do to have it removed. Chances are the dark web site and those that run it are in a foreign country out of reach from law enforcement. So again, all you can do is change the information that has been compromised. That might be your password or email address, but also can be something you cannot easily change such as your address, phone number, drivers license or passport number, or even social security number.

1 Like

Al, they are sites that I had signed on to—Like Wattpad, DropBox, Adobe and a couple I don’t recognize. I still have the same email address and other info. So I guess I won’t worry about it since I can’t “close the barn door after the fact”!

The only thing I can change is my password. Fortunately, I never include my SS number nor driver’s license unless it is a government or health website. Thanks for answering!

1 Like

Think of it like a paper letter. Your email client is hiding the address on the envelope and showing you the greeting on the letter inside. By convention the two should be roughly equivalent, but they are not required to be, either by email or the paper postal system.


My problem with junk mail and iCloud is that I could not STOP Apple from being overly aggressive in marking perfectly valid things as junk. That’s why I’ve deprecated my iCloud account and use Google infrastructure nowadays.

I rely on SpamSieve; seems to do ok.

That has pretty much stopped for me now, after maybe six weeks of being a daily problem. I do have a gmail account for backup, but minimize it’s use as I would rather not participate in their tracking abuses.

@janesprando The sites mentioned on https://haveibeenpwned.com refer to previous data breaches. It’s almost rare that a given email address was not in at least one of these data breaches. It does document nicely that none of us is “safe”.

The https://haveibeenpwned.com site shows you WHERE your email address was compromised. As an example, if you find that you were affected in the breach of Microsoft, it might be good idea to change your password for Microsoft’s services. In this example, don’t forget what belongs to Microsoft: OneDrive, Outlook, Bing, Skype and a few more.

1 Like

I hate to be “that guy”, but even so, a small corrective to an otherwise splendid post …

In fact, the QUIT only ever ends an SMTP session (connection); it can be issued at any time except during the DATA phase. The end of a transaction (i.e. the delivery of a single message) is actually signalled by the end-of-data indicator (the full stop on a line by itself) and is confirmed by the client receiving the positive acknowledgement (code 250) from the server. This misapprehension is quite common though, and I know of at least one implementation of a server that did this, so perhaps it’s worth bearing in mind. See RFC 5321 for all the gory details (work on the next one is in progress, though very slow going, in ietf-smtp, and is essentially a clarifying revision).

Ditto, except gradually moving back to a self-hosted server. I still find iCloud’s filtering to be far, far, far too aggressive, dropping email even from well-known mailing list hubs at groups.io and Debian, as well as from the Tidbits Discourse here. It’s really out of order for anything but light personal mail, and to be sure, that is clearly what it’s aimed at. There’s always Fastmail, if you want good email service you’re happy paying for that’s competently hosted by people who know what they’re doing, but I found their plan prices too much, at the time. And I want to have by email back in my house, anyway. Now’s as good a time as any.