So, being peeved by the repeated spamming of a specific sender that always includes :
<no-reply@deltrino.duckdns.org >
I have put that in the blocked sender function, yet they keep pouring in. What am I doing wrong? I am getting the exact same amount of their crapmail coming in daily … sigh
Well, there are several addresses that can be considered the address an email message is from.
In the SMTP conversation between servers, the sending server will issue a “MAIL FROM: < soandso@somewhere.domain >”
In the headers of the email there are several headers that describe the sender. The one you see in your mail client is the “From:” header.
For various reasons involving the SMTP protocol, none of these addresses need to match.
So, in regard to your current problem, the question is which of these is Earthlink using when they apply your blocklist. The easiest one to use is the envelope sender. That’s because it’s sent at the beginning of the SMTP conversation, and if you can block then, you can save your mail server’s resources. Aside from that, it’s possible to structure the “From:” header so that it’s really difficult to parse.
So, my guess is that either Earthlink is trying to apply your block at the envelope-sender point in the conversation rather than when performing anti-spam scanning on the message later, or the From header is constructed in a weird way that’s preventing a match when they do their scanning. If you know how to view the headers in their webmail client (usually a link saying something like “view raw message” or “view message source”), you may be able to figure it out. The “From:” header will be in there, you might be able to figure out how to match the sender. It’s also possible to log the envelope-sender in one of the headers (the email product I support allows you to do it), so that might be in there, too.
Ah, definitely above my paygrade … I do have a buddy who is way better at computer-fu than I, so it looks like I will have to invite him over for a training and dinner session so I will know how to do it in the future. Looks like once I learn how to do it, I can ‘train’ my webmail to sort things a bit better =)
Yeah, you have to look at the whole header.
Note that a dyn dns address like duckdns.org is just another alias for the actual machine. Which might be known as denver123somemorejunk.comcast.net (or some such) in a sort of “official” sense. So Earthlink might think the email is actually from no-reply@ denver123somemorejunk.comcast.net.
Furthermore, since they are likely using bots the next email you get from them might actually be sent by reno911otherjunk.att.com.
Look for other options than just “From:” in the blocking filters.
duckdns.org is one of the blocked domains on MY earthlink acct and my spam filter works fine.
Do the entire domain not the specified email address.
I did the entire domain and it didn’t work so I tried the specific return to address and that is pretty much the extent of my computer-fu sigh and my spam report is still full of duckdns.org.