Block mail sender using my address
How do I block spam/phishing email from a sender using my email address?
iMac 24″, macOS 13.3
How do I block spam/phishing email from a sender using my email address?
iMac 24″, macOS 13.3
deepend wrote:
How do I block spam/phishing email from a sender using my email address?
If they're not arising from your email account and from your mail server...
You don't. Spoofing sending email addresses is trivial. Nothing you can do.
And no, you can't track the sending address, as there can be hundreds or thousands of those. It's usually a botnet, with myriad compromised clients, or with myriad compromised mail server credentials. (If we could identify spammers from mail headers, we would not have a spam problem.)
Somebody spoofed one of my email addresses for a large spam run a while back, and all the ill-configured-mail-server mail-related errors and rejections from that spam run—mail servers should not be generating those replies, but there were and remain lots of ill-configured servers—saturated the mail server that was in use for most of a day.
You can't. As D.I. Johnson mentioned spammers are spoofing your email address. There is an AppleScript from VikingOSX to check incoming emails to see if they are really from what is shown in the From field:
-- return-path.applescript
-- Select a given message item in Apple Mail, and then run this script. It will produce a dialog
-- showing the sender's From and Return-Path addresses. Copy the entire Return-Path
-- string into the right-window of an Apple Mail rule.
-- This script *does not* alter, or remove individual email messages.
-- VikingOSX, 2019-10-23, Apple Support Communities, No warranties of any kind
use framework "Foundation"
use AppleScript version "2.4" -- Yosemite or later
use scripting additions
property NSString : a reference to current application's NSString
property NSRegularExpression : a reference to current application's NSRegularExpression
property NSRegularExpressionCaseInsensitive : a reference to current application's NSRegularExpressionCaseInsensitive
tell application "Mail"
if not it is running then activate
if not (get selection) is {} then
set theMsg to item 1 of (get selection)
else
return
end if
tell theMsg
set theSender to its sender
set theHDR to its all headers
end tell
end tell
set rtnpath to my return_address(theHDR) as text
set fmsg to "Sender Address:" & return & theSender & return & return & ¬
"Return-Path:" & return & rtnpath
display dialog fmsg with title "Current Mail Item Addresses"
return
on return_address(atxt)
set hstr to NSString's alloc()'s initWithString:atxt
set pattern to "(?<=Return-Path:|Return-path:)\\s+<(.*?)>.*"
set regex to NSRegularExpression's regularExpressionWithPattern:pattern options:NSRegularExpressionCaseInsensitive |error|:0
set hrange to current application's NSMakeRange(0, hstr's |length|())
set matches to (regex's firstMatchInString:hstr options:0 range:hrange)
if matches = "" then return "Not Found"
set matchrange to matches's rangeAtIndex:1
return (hstr's substringWithRange:matchrange) as text
end return_address
I copied and pasted the above script into a blank Script Editor window, compiled it and saved as an application. I then put it in the Dock where I can access it easily to see if any email is legit.
You could tell your email recipients that they may get email which appears to be from you but is not. They can look at the full header to see if it's legit. I got some from a friend asking for help in getting an Amazon gift card. It's all a scam.
The only thing you can do is change the password of your email address to ensure that anyone who might have access to it no longer will.
Whomever is sending those spam emails is likely not actually sending from your legitimate email address, but rather spoofing (correct term?) the address to make it look like it's yours. If you don't find those messages in your "sent email" box, then it's pretty sure they are not actually originating from your email server.
If you in fact do see them in the Sent email box, then definitely change the password and contact your email provider for additional assistance.
I'm pretty sure it's "spoofing" as you say. But is there a way I can look at the plain text of the email to see the real sender's address?
Maybe. Probably? But I don't know enough about that to give guidance.
But there are lots of smart folks here in the Community. Be patient and I'm sure others will contribute.
🙂
FWIW, you can configure macOS Mail to show the Return-Path or any other lines from the header in the standard mail display. No script needed.
Yea, but when I get to this window:
I have no idea what to enter. Now you did it, show me up: đź¤
With the script VikingOSX did all the thinking.
Tap the + and enter the name of the header you want to see, and press return.
To see what you can choose from the current message header, View > Message > All Headers
Thanks everyone for the helpful suggestions. I will try the Return-Path idea and see if I can block-list the sender.
Thanks again.
Block mail sender using my address