Help me filter these emails!

I have a robust email filtering system setup across my email accounts. As a result, I seldom have any spam in my inbox. However, there is one spammer alluding my best attempts. I don’t have the technical expertise to figure how this is being done or how to stop it.

This spammer sends me emails:

  1. From a different sender email each time. Here is the latest:
  2. Because the spam is from a different email address each time, I can’t filter them.
  3. He or she also sends an email ostensibly to my old Yahoo account that I haven’t used for years (it was inactive, I reactivated and changed the password today and I’ll delete the account as soon as I have this resolved)
  4. Though the email is addressed to my old Yahoo account, the emails are showing up in Apple Mail through one of my Gmail accounts. I’ve never had Yahoo emails going to Apple Mail nor to my Gmail accounts. The exception is that I have this Gmail account as my Yahoo account/password recovery email. Moreover, I don’t have, and never have had, Yahoo email setup in Apple Mail. Somehow, the spammer is sending spam to an old Yahoo email address (or spoofing it) that ends up in my Gmail account which in turn shows up in Apple mail.
  5. The email body is in the form of an image so that I can’t select words like “you’ve won” to create a filter in Gmail and Apple Mail to block emails that have “you’ve won” in the body of the email.

How can I stop this nonsense? Any help will be DEEPLY appreciated!

1 Like

Do you notice a pattern in the subject that you can use for filtering?

1 Like

This is a bit of a “blow up the bridge” response, but if you don’t use the Yahoo address and intend to delete the account, never received email from that address to Apple Mail anyway, why not block any email that uses or contains the Yahoo address?

For a more nuanced “take out the sniper not the whole bridge” response, I’m surprised that Google’s own spam filters aren’t picking up what is quite clearly spam. I assume you’ve tried marking a couple of the emails as junk and it’s not made any difference?


If not, look at the raw message. (View/Message/Raw Source) Perhaps there will be something in the headers, etc. that you can use.


No, it changes with every email.

Yes, multiple times. :slightly_smiling_face: I’m going to add a filter in Gmail to delete any emails with that domain (I’ve already deleted my Yahoo account). But, these rascals (I’m being VERY polite!) spoof the to email address and domain. Consequently, spam emails like these still show up in my inbox, but often with indecipherable domains. This is the only type of spam messaging that I’ve not been able to resolve.

Thank you. I’ve never tried that before. I’m afraid this is way above my tech pay grade. This link is to Dropbox with the text from the message header per your instructions. There is too much text to post here–I got an error about reaching the maximum number of characters. This is gibberish to me, but if you can find something I can put into a filter that will block emails from a common source, I’d be in your debt!

NOTE: This is the first time I’ve created a Dropbox document for this purpose so I hope it works!

Dropbox Link

Are all the spam email domains of the form *amadeus dot com?

Let’s try this to start:

If you have more than one spam message check the Raw Source on another email and search for

If it appears in another message try a rule with Message content contains

I don’t use Apple mail so I don’t know if its rules will search the entire message. If this doesn’t work I’m thinking our next step will be to try using a Gmail rule.

No, the domains keep changing, which is one reason why it is difficult to filter these out based on the domain.

Thanks for the help. :+1:t2: I checked several similar emails; that domain only shows up in one of them. Whoever this is is “good.”

I would start marking these as spam in your gmail account.

I’ve been getting a variety of spam messages (maybe 20 to 80/week) in my old gmail account for the past few years and all appear to be coming from the same source. In the beginning gmail’s spam filter would stop most of them but a handful would occasionally get through.

I started marking each message as Spam and within a few weeks Gmail started blocking all of them. I can’t remember the last time one landed in my Inbox.

I will, but the truth is, I’m been marking them as spam for a few months. The problem is, that when the email and the domain constantly change, and the embedded image cannot be read by the filter, they tend to get through. :confused:

Thanks for taking the time to help; I deeply appreciate it!

1 Like

Several of my email addresses are out on the open internet (if you publish a website, you have to provide an “imprint” with a visible email address over here). I am used to being exposed to spam for quite some time now. Several years ago, I quit dealing with spam on my own. I was sick and tired of it. It is an ongoing cat and mouse game. A good and professional spammer will get through eventually - and filtering with keywords won’t help with those guys. For several reasons. Long story. My domain name provider is working with a cloud solution from I pay a yearly fee (24 Euro) for each of my domains to protect me from spam. It works flawlessly. Does it mean that I absolutely will not receive any spam mail? No. But it comes down to maybe one or two mails per week - with several thousands being blocked per week. There are other offerings out there. The principle always is the same with solutions like that: they subscribe to a lot of blacklists, they analyze sending servers, they analyze the mails, they monitor their traffic and they will take input from customers providing them with spam mails. A spammer will send lots of spam mails at once and this will get the attention of services like that. This is being monitored by software that will “learn” and optimize their filters and mechanisms. Unfortunately this is nothing “free services” like Yahoo or even paid ones like iCloud do offer as far as I am aware. I may be wrong.

With regards to the mail you have posted (you may want to remove your mail addresses from that file): the spammer does a good job following web standards, it is being delivered with a DKIM signature using a professional marketing solution by Amadeus/Hubspot to Yahoo probably will not block mails like that. You could try to file an abuse complain using the mentioned abuse option: Trust & Safety Policies. But this does not necessarily mean that it will help and if so: it only will help for this particular account on this service - if at all.

Something else: You have chosen to automatically forward your incoming Yahoo mails to your iCloud account. Apple notices that the sender (your Yahoo address) is not permitted to send mails originating from (SPF fail, DKIM invalid in that part of the process). What does that mean? If you forward mail automatically you make it harder for server-built-in mechanisms to help with fighting spam. It is complicated and not much you can do about that (you cannot change the way how Yahoo or Apple handles your email).

Long story short: you are using Yahoo and iCloud. You are being targeted by a spammer that does quite a good job. I do not think that you will be able to really get rid of this particular spammer just with a simple filter. You could try using a solution like SpamSieve. I have no experience with SpamSieve, though.

EDITED: I have deleted parts of this post. Those headers look very weird (received by the first instance on Tuesday, the 29th of August - and then being processed further on Saturday, September 2nd). I am out and not sure what is going on here… :wink: END OF EDIT

One last thing: Be careful with building filters that refer to the body of the email. Try to only build filters referring to the headers if possible.

Thank you! I forgot about that email address being in the Raw Message files. I’ve removed the emails. :slightly_smiling_face:

You have chosen to automatically forward your incoming Yahoo mails to your iCloud account.

My old Yahoo account was deactivated years ago. I have no idea how I was being sent emails using that email address. That deactivated Yahoo account only had my backup Gmail email address registered for recovering my PW. The Gmail account has not been hacked and two days ago I was able to reactive the Yahoo account, change the password, and then deactivate it again. And, when I temporarily reactivated the Yahoo account, there were no messages in the inbox or junk folder. In other words, it does not appear that the account has been directly used by the spammer, notwithstanding the fact that the messages arriving in my inbox are addressed to that Yahoo account.

The spam “appears” to come from Yahoo —> Gmail —> to Apple Mail. I have three accounts in Apple Mail (iCloud, and two Gmail accounts, one of which is the one connected with the deactivated Yahoo account. Yahoo has never been in my Apple Mail app.

One last thing: Be careful with building filters that refer to the body of the email. Try to only build filters referring to the headers if possible.

Good advice!

Thanks for the thorough and thoughtful reply, much appreciated!

A possible (but not very likely) explanation for receiving the email at your Gmail account: the spammer put your Yahoo email address in the To: field and your Gmail address in the Bcc: field.

But, the Yahoo account was inactive for several years. I don’t see how that is possible. When I went to check it a couple of days ago, it has been deactivated. I had to reactivate to change the password. :man_shrugging:

Gmails’s spam filter will work on more that though. Content, certain words, relays, behaviours, patterns, so please keep marking them as spam.

1 Like

I have, I am, and I will! :slightly_smiling_face:

1 Like