Block mail sender using my address

How do I block spam/phishing email from a sender using my email address?


iMac 24″, macOS 13.3

Posted on May 18, 2023 3:43 PM

Reply
9 replies

May 18, 2023 4:49 PM in response to deepend

deepend wrote:

How do I block spam/phishing email from a sender using my email address?


If they're not arising from your email account and from your mail server...


You don't. Spoofing sending email addresses is trivial. Nothing you can do.


And no, you can't track the sending address, as there can be hundreds or thousands of those. It's usually a botnet, with myriad compromised clients, or with myriad compromised mail server credentials. (If we could identify spammers from mail headers, we would not have a spam problem.)


Somebody spoofed one of my email addresses for a large spam run a while back, and all the ill-configured-mail-server mail-related errors and rejections from that spam run—mail servers should not be generating those replies, but there were and remain lots of ill-configured servers—saturated the mail server that was in use for most of a day.

May 18, 2023 4:50 PM in response to deepend

You can't. As D.I. Johnson mentioned spammers are spoofing your email address. There is an AppleScript from VikingOSX to check incoming emails to see if they are really from what is shown in the From field:


-- return-path.applescript
-- Select a given message item in Apple Mail, and then run this script. It will produce a dialog
-- showing the sender's From and Return-Path addresses. Copy the entire Return-Path
-- string into the right-window of an Apple Mail rule.
-- This script *does not* alter, or remove individual email messages.
-- VikingOSX, 2019-10-23, Apple Support Communities, No warranties of any kind

use framework "Foundation"
use AppleScript version "2.4" -- Yosemite or later
use scripting additions

property NSString : a reference to current application's NSString
property NSRegularExpression : a reference to current application's NSRegularExpression
property NSRegularExpressionCaseInsensitive : a reference to current application's NSRegularExpressionCaseInsensitive

tell application "Mail"
	if not it is running then activate
	
	if not (get selection) is {} then
		set theMsg to item 1 of (get selection)
	else
		return
	end if
	
	tell theMsg
		set theSender to its sender
		set theHDR to its all headers
	end tell
end tell
set rtnpath to my return_address(theHDR) as text
set fmsg to "Sender Address:" & return & theSender & return & return & ¬
	"Return-Path:" & return & rtnpath

display dialog fmsg with title "Current Mail Item Addresses"
return

on return_address(atxt)
	set hstr to NSString's alloc()'s initWithString:atxt
	set pattern to "(?<=Return-Path:|Return-path:)\\s+<(.*?)>.*"
	set regex to NSRegularExpression's regularExpressionWithPattern:pattern options:NSRegularExpressionCaseInsensitive |error|:0
	set hrange to current application's NSMakeRange(0, hstr's |length|())
	set matches to (regex's firstMatchInString:hstr options:0 range:hrange)
	
	if matches = "" then return "Not Found"
	
	set matchrange to matches's rangeAtIndex:1
	return (hstr's substringWithRange:matchrange) as text
end return_address

I copied and pasted the above script into a blank Script Editor window, compiled it and saved as an application. I then put it in the Dock where I can access it easily to see if any email is legit.


You could tell your email recipients that they may get email which appears to be from you but is not. They can look at the full header to see if it's legit. I got some from a friend asking for help in getting an Amazon gift card. It's all a scam.


May 18, 2023 4:30 PM in response to deepend

The only thing you can do is change the password of your email address to ensure that anyone who might have access to it no longer will.


Whomever is sending those spam emails is likely not actually sending from your legitimate email address, but rather spoofing (correct term?) the address to make it look like it's yours. If you don't find those messages in your "sent email" box, then it's pretty sure they are not actually originating from your email server.


If you in fact do see them in the Sent email box, then definitely change the password and contact your email provider for additional assistance.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Block mail sender using my address

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.