Past two weeks I’ve been receiving several email, clearly phishing attempts, without a valid return address. Mail marks these as (No Sender). They all have different subject lines. I viewed them as raw messages for a couple of them and they all appear to come from different sources and seem to have passed several Microsoft anti-spam filters. I’m not sure where they’re coming from. I tried to create a rule in Mail but there’s not enough consistent information (sender, subject) to route them to the Junk folder, so I’ve been doing it manually or simply deleting them without opening them. They also don’t show up on Spectrum’s Webmail interface. Any idea how to block them?
I’ve been seeing the exact same phenomenon, and specifically only in my Spectrum mailboxes. I’ve been wondering why Mail’s junk filters haven’t been catching them.
The headers that Mail shows aren’t particularly useful in this case, but if you look at the raw source, there’s several headers that don’t show when just viewing headers. In particular, they all have a Return-Path: header, which is essentially another copy of the From: header that’s missing. I’ve examined several of them, and every single one has a Return-Path: from a .space domain (different domains for each one, but all in .space). I did a search, and I have zero other emails in my Inbox or in any of my storage boxes that came from a .space domain, so that seems to be a good criterion to use to filter these.
I just created a new Rule that checks for a Return-Path: header (in Mail, you have to manually add it to the list of headers available to filter on) and if it ends with “.space”, it moves the message to Junk. I’ll report back on whether that helps.
2 Likes
How do you find the raw message nowadays? I used to be able to find them but not any more. Very handy to check on a mail without opening it.
This will view a selected message:
In Mail.app on the Mac: View > Message
… however, first selecting a message automatically opens it.
Thats the point, I do not want to open it in case the sender is monitoring the actual opening of the mail.
However, inspired by bob32’s hint about View > Message, I fooled around a bit and found that by pressing Alt and dragging an unopened mail from the Mail.app window to the TextEdit.app revealed the raw message text without opening the mail. Exactly what I wanted to check suspicious looking mails before reading them.
2 Likes
Good idea but they don’t all come from a .space domain. One or more of the messages I received also come from a .tech domain. For example:
Return-Path: olconcierge81@onforever.tech
Return-Path: yochecks58@yoagent.space
Hiding the Preview pane will prevent the message from opening upon selection. If you then manually mark it as Junk before opening it, Mail will block all external connections requested by the message source when you open it, preventing it from notifying the sender of having been opened.
But, honestly, I don’t think that advice even makes much difference anymore. Once an email address starts getting spam, it’s going to continue to be circulated on spam lists, whether you open the messages or not. The marginal cost of keeping useless email addresses on a spam list is very low, consisting mainly of dealing with bounces from invalid or nonexistent addresses. An effective spam filter is magnitudes better at reducing the junk in your inbox than avoiding opening junk messages.
1 Like
There isn’t some magical way for a sender to know you’ve opened mail. All such tracking takes one of two forms:
- An embedded HTML object (typically an image) with a remote reference. When you view the mail, it downloads the object, which is logged by the remote server.
- Use of a “Message Disposition Notification” (MDN) header in the mail message. When you receive and/or read the mail, a notification is sent back to the sender.
The easiest way to deal with embedded HTML objects is to configure your mail app (desktop, mobile or web) to not automatically show images or download attachments. Nearly all mail clients should let you configure this.
If you receive mail with an MDN header, most reasonable mail clients will either ignore it, or will ask you if you want to send back the response. You can usually configure a default (to send or no-send) and maybe even configure this on a per-sender basis (via your contacts list).
If there is an MDN header requesting that the server send notification that the message was delivered (whether or not you read it), then you can’t do anything about that. Maybe your service provider will let you configure it. I would like to think that most servers these days ignore these headers, since it seems to me like a vector for DoS attacks, but I could be wrong about that.
In short, you should be able to configure your mail client such that a sender won’t know that you’ve read the mail, but you might need to poke around a bunch of app preferences.
4 Likes
Quantumpanda and shamino, thank you both for your tips and information, most of which I didn’t know.
I made a rule in Mac Mail like this:
If “From” does not contain @
Move message to Trash
Microsoft should have similar capabilities.
1 Like
I’ll give it a try, thanks.
Well, that didn’t work. Back to manual action.
Sorry it wasn’t a success. It works for me on Mac Ventura Mail.
I just had my first that wasn’t from a .space domain. It was from a .de domain, which being a major country code isn’t reasonable to block outright. It’s only been one so far though, and no false positives, so I’ll stick with my current filter for now.
Using Catalina.