Preventing Phishing Emails from entering an IPad’s Email Inbox

How do you stop emails that enter an iPads mail Inbox where the senders name varies in every email that has no legible English or meaning and is a mixture of letters and at times numbers on both side of the ‘@‘ symbol? Suggestions of hitting the senders name and then selecting block does not resolve the problem. Why isn’t there an app that filters out mail like this and tracks it back to the source and the IP Address. Then blocks that unique IP Address. I can not believe this has not been thought off until now. Need a solution ASAP Please. Plus I am 100% certain I am not the only one who has this ongoing problem. Service provider do not want to do anything about it.

iPad

Posted on Jun 5, 2024 4:13 AM

Reply
Question marked as Top-ranking reply

Posted on Jun 5, 2024 4:44 AM

Sadly, if your private email address is being used as a target for phishing or spam, there is little that you can do to stop it reaching your mailbox; anyone that has your email address can send email to it. Instead you have no alternative other than to “manage” it…


First, be wary of any “unsubscribe” links that may be embedded in the email messages. For the most part, unless unsolicited email is from a reputable advertiser, the unsubscribe link will not stop the messages. Instead, clicking the link will simply confirm to the bad Actor that the email address is monitored by a warm-blooded victim - and more phishing and unwanted spam content is likely to come your way.


For unsolicited email, you can use the native blocking feature of iOS/iPadOS to automatically block/delete unwanted email from a sender - although this will only be effective for spam that arrives from a consistent email address:

Block phone numbers, contacts, and emails on your iPhone, iPad, or iPod touch - Apple Support


Linking unwanted email to source IP Addresses is ineffective; mail can be originate from multiple mail relays - and temporary sources that may only exist for a short time period. As such, source IP Addresses are likely to be transient.


Where email is using “spoofed” email sender addresses, as is common for malicious and spam mail, your block-list will be ineffective.


The best advice is to avoid becoming a victim. Be careful where you use your email address to subscribe to services. Perhaps keep a secondary address just for this purpose - or, if you have updated to iOS/iPadOS15.1 or later, consider using Apple’s new Hide My Email facility:

What is Hide My Email? - Apple Support

Set up and use Hide My Email in iCloud+ on all your devices – Apple Support


Again, this new feature cannot stop everything, but is another way to reduce the likelihood of receiving and managing email and messaging spam. 


In extremis, if the volume of unwanted or malicious mail becomes intolerable, you may have no alternative other than to abandon your current email address and use a replacement - being careful to communicate this address only to trusted people or organisations with whom you need to communicate.


Apple's Hide My Email service is an excellent defence - as you can generate an unlimited number of secondary email addresses that can be used to register with services that you do not wish to disclose your true email address. These mail addresses can be individually disabled as and when necessary.

5 replies
Question marked as Top-ranking reply

Jun 5, 2024 4:44 AM in response to SignalsCad

Sadly, if your private email address is being used as a target for phishing or spam, there is little that you can do to stop it reaching your mailbox; anyone that has your email address can send email to it. Instead you have no alternative other than to “manage” it…


First, be wary of any “unsubscribe” links that may be embedded in the email messages. For the most part, unless unsolicited email is from a reputable advertiser, the unsubscribe link will not stop the messages. Instead, clicking the link will simply confirm to the bad Actor that the email address is monitored by a warm-blooded victim - and more phishing and unwanted spam content is likely to come your way.


For unsolicited email, you can use the native blocking feature of iOS/iPadOS to automatically block/delete unwanted email from a sender - although this will only be effective for spam that arrives from a consistent email address:

Block phone numbers, contacts, and emails on your iPhone, iPad, or iPod touch - Apple Support


Linking unwanted email to source IP Addresses is ineffective; mail can be originate from multiple mail relays - and temporary sources that may only exist for a short time period. As such, source IP Addresses are likely to be transient.


Where email is using “spoofed” email sender addresses, as is common for malicious and spam mail, your block-list will be ineffective.


The best advice is to avoid becoming a victim. Be careful where you use your email address to subscribe to services. Perhaps keep a secondary address just for this purpose - or, if you have updated to iOS/iPadOS15.1 or later, consider using Apple’s new Hide My Email facility:

What is Hide My Email? - Apple Support

Set up and use Hide My Email in iCloud+ on all your devices – Apple Support


Again, this new feature cannot stop everything, but is another way to reduce the likelihood of receiving and managing email and messaging spam. 


In extremis, if the volume of unwanted or malicious mail becomes intolerable, you may have no alternative other than to abandon your current email address and use a replacement - being careful to communicate this address only to trusted people or organisations with whom you need to communicate.


Apple's Hide My Email service is an excellent defence - as you can generate an unlimited number of secondary email addresses that can be used to register with services that you do not wish to disclose your true email address. These mail addresses can be individually disabled as and when necessary.

Jun 5, 2024 6:22 AM in response to SignalsCad

First, perhaps understand the Apple Support Community is a user-to-user technical forum. Contributors here are all end-users, just like you. While some senior contributors here are known to have a professional background or interest in Information Technology and Information Security, we have absolutely no influence over how Apple may or may not develop its products and software.


Also be aware that other than the site Moderators, Apple neither monitor nor participate here. As such, if you hope to reach Apple through these forums, or for your comments and suggestions to make any impact upon Apple's future releases of iPadOS, you will be sadly disappointed.


That said, Apple does invite submission of comments and feature requests via its Product Feedback portal. If you wish to direct feedback to Apple, this would be the most effective and appropriate channel through which to direct your remarks:

Product Feedback - Apple



Returning to your comments made here...


Unfortunately, it is impossible to reliably filter email in the manner that you suggest. While there are indeed some technologies employed in Enterprise environments to manage the authenticity of Mail - such as DMARK and SPF - these technologies are (a) non-trivial to implement and (b) are rarely if ever available when using commercial email services such as those provided by your Internet Service Provider.


Should you choose to do so, you might consider accessing your mail via one of many commercial security vendor's mail proxies - where mail can be examined and filtered for common threat indicators or content. If this is an attractive proposition, consider investigating one of the subscription Apps available from the Apple App Store - such as Norton. Some end-users find these Apps to be helpful, while others might avoid them - this being choice that only you can make.


Finally, at no point have I suggested that you have used any "unsubscribe" links. My cautionary note in this regard served merely to warn of the potential consequences of using these links should they appear within unsolicited email. To extend this point, be wary of accessing any embedded link - or indeed automatically downloaded any embedded content or images. Download of any embedded content, no matter how seemingly innocuous, can alert the sender that an email has been accessed by the recipient/target.


If you need assistance in hardening your iPad's email settings to reduce risk, I would be delighted to share additional guidance. However, no matter how you optimise your local email client settings, nothing can prevent unwanted email from reaching your mailbox if a determined Actor intends to circumvent available device controls.

Jun 5, 2024 5:02 AM in response to LotusPilot

Hi, Firstly, thanks for the quick response secondly I have already enabled the hide my email function under settings. Thirdly, this type of phishing can be prevented through firmware updates where anything that comes into the inbox through is filtered out and sent to the Junk mail and blocked by the means of any senders names that dont have a physical name that means something then it should be blocked. A mixture of letters and nos that dont mean anything should not get through. It all comes back the English dictionary and any words that do not have meaning can be filtered out. Can that be something that Apple can look at in their next update?

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Preventing Phishing Emails from entering an IPad’s Email Inbox

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.