Available Now: Buy the new iPhone 14, iPhone 14 Pro and iPhone 14 Pro Max from AT&T!
Need to update email settings?
dobbswhit's profile

New Member

 • 

2 Messages

Sat, Feb 19, 2022 11:58 PM

Getting spam at att.net

I have an sbcglobal.net email. For the past two weeks, I am getting up to 10 phishing emails a day in my inbox all directed to an att.net email. How can I rectify this?

ATTHelp

Community Support

 • 

200.1K Messages

7 m مضت

Hello again, cc7372.

 

There are two more things you can do to limit the amount of spam emails coming in:

  1. Forward the emails to us at abuse@att.net so we can investigate it. Make sure you include the full header so we can find out exactly where it came from.
  2. Create a filter to send the emails to spam following these steps:
  • Select the gear and then More Settings.
  • Choose Filters.
  • Select Add to create a filter.
  • Enter the conditions for your filter and then select Save.

We hope this information proves helpful. If you need help with anything else, let us know. Thanks for visiting the AT&T Community Forums.

 

Aminah, AT&T Community Specialist

tonydi

ACE - Guru

 • 

7.4K Messages

7 m مضت

Anyone care to post the full (raw) headers from one of these?  Obviously X-out your real email address, you don't need even more spam.

Visitor

 • 

10 Messages

7 m مضت

I just sent 6-8 of these spams from different addresses.  I hope someone can clear this up.  As it's just started happening in the past 2 weeks or so and their are quite a few of us going thru this, it has to be on ATT's end. Please help.

(edited)

tonydi

ACE - Guru

 • 

7.4K Messages

7 m مضت

@sonnyboy43   Spam happens.  My primary Gmail account hardly got a handful of spam a week.  Then about 6 weeks ago I started getting 20-40 a day.  You could tell by just looking at the list that they were coming from just a few different sources. 

Go to https://haveibeenpwned.com/ and plug in your email address.  How many breaches has that address been compromised in?

New Member

 • 

9 Messages

7 m مضت

Okay, @tonydi, below are the headers from one of two emails I've received today from users at public.govdelivery.com. (Part 1 because of post length limits here)

Received: from 10.220.191.55
 by atlas101.sbc.mail.ne1.yahoo.com with HTTPS; Thu, 24 Feb 2022 00:17:23 +0000
Return-Path: <[email scrubbed]>
X-Originating-Ip: [52.100.16.202]
Received-SPF: pass (domain of imagineindependence810.mail.onmicrosoft.com designates 52.100.16.202 as permitted sender)
Authentication-Results: atlas101.sbc.mail.ne1.yahoo.com;
 dkim=perm_fail header.i=@ImagineIndependence810.onmicrosoft.com header.s=selector2-ImagineIndependence810-onmicrosoft-com;
 dkim=perm_fail header.i=@public.govdelivery.com header.s=13q2;
 spf=pass smtp.mailfrom=imagineindependence810.mail.onmicrosoft.com;
 dmarc=unknown header.from=public.govdelivery.com;
X-Apparently-To: XXXXXXXXXXXX; Thu, 24 Feb 2022 00:17:23 +0000
X-YMailISG: ghnIGmkWLDv5XzZFlrK6ih.IcRNM0R1QSqlOHdt1a6jGiBw8
 2pYUCME_53zE53q24kPqT84mJQmXzoJIeywT2UsmANBIO_elRW9bKQcJpDir
 d.xnFvCKwhTgOSId0ht5n3WjBgn..yS4E0MQEkAAazfZSdlxKwkmaLqQ2Loa
 UIY5A0EXfUVKnKa2X3Rib2Vh0xfco0noUC3hsuVggCK8x4AdxV4ecXbZ5BUb
 ouhTmVg7en4COiuWjABWe4rKvZZb4hVADlz97Eu8BzKijpqZ2W2nOdHC_2li
 uU5Xa9EA60yhBDL3FkNlEhkzv8voA4Edp21FHavXkMbo1xuc8UoTEbUOa_WU
 lgA9MYKx8RGHwM1b5vVmaAT0ThX1qs33x9JtJIkLJ3s0AYzDD4EADNktLtcw
 WWhy3yT4eRd3YsTqmG6SzLrZepExoYMTldCSyMM90c81GCqtf3VwxzWu8Hj4
 3qG6MognwVdHq1TU9oSCmQJ5qDEc297T4CTcL_4_kHt4YjO1LgyYOeUXDY6X
 n4GlcEQlch7fVSw1e30EvaTbh06081E2imu8Qwhs73Uo8ZvZFtQHqoIERBkM
 oVhqtiBxZEkO96r9fnefOclXPZG.IsxtH5GWCo3xW4B8j0S_Qclqp0pqQqAm
 qAou42cyVeIzzG5N5ZQKOoGSkjJnDfq0jH13EW7yTe_A4aWmw0Cz8rWQEE1E
 GpSXjSncMT0nAYrIjk5sZ9LM4M9vIwU96rBc9sq6X3F2HLmCcpT4FeCYVJWe
 mLtlnAhtyvwsbXZOkkgVprGhVbR9sYWHcDXfugrZzhvoowu9jRMPFGZuAf.1
 zDqVvqu5mij5HO5UEQuqhiG5_Ujw7XolrEQeGBtmz1RJm5OUb5iEO6UyeioD
 quyW.LOnMuTVSJss8OJCKdRqQW9GuX3.MIFqdc_wR5i1RZ9fbqJOP7n.xhV_
 mxrHDNpFRrmNTuzZEga9kjZBrYPUo.vGU4Fnqmf3dSw_SYJmsbJlaaScc9wb
 JYmvyLXYzPY1PSCzk8Grw0AEk2c87PKq.B.KocFbPn2IhCRfbZZP5JScoka_
 lzroagYcrAV(Edited per community guidelines)3bjHhNHBt.v9lpkMNbyS.MPrr_z85eisQ2loicyVej620r
 aVBigbCPjNe06ByLlDfUSItWSsdW54587IWIx7fmdlBoENsr
Received: from 144.160.152.210 (EHLO flpd571.prodigy.net)
 by 10.220.191.55 with SMTPs
 (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
 Thu, 24 Feb 2022 00:17:23 +0000
X-Originating-IP: [52.100.16.202]
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03hn2202.outbound.protection.outlook.com [52.100.16.202])
	by flpd571.prodigy.net (Inbound 8.15.2/8.15.2) with ESMTPS id 21O0HKnk092153
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=OK)
	for <XXXXXXXXXXXX>; Wed, 23 Feb 2022 16:17:22 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ImagineIndependence810.onmicrosoft.com;
 s=selector2-ImagineIndependence810-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=lm14cUaD85Zpkfuunu0jVg4FkJWxsmulctaSC7onuRw=;
 b=Jy2vRl+0tqaZ+D+7h+p8LEC51bWvNcicYHOX9E3vqUGCQ8hKEUMxOczQfJXtxngHbB7DOEk5N3upb4ZR8Rw3m2XQPnFI6cqSFeSX7cHdCznjZ5bok+ccT187t761OjuveT/ltnhh887RPfBp354puCmt6sCH6B21LcZ4/LwoVb4=
Received: from AM6P194CA0069.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:84::46)
 by VI1PR08MB2671.eurprd08.prod.outlook.com (2603:10a6:802:1d::28) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.24; Thu, 24 Feb
 2022 00:17:18 +0000
Received: from VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:209:84:cafe::c3) by AM6P194CA0069.outlook.office365.com
 (2603:10a6:209:84::46) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.21 via Frontend
 Transport; Thu, 24 Feb 2022 00:17:18 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 45.144.29.230)
 smtp.mailfrom=ImagineIndependence810.mail.onmicrosoft.com; dkim=fail
 (signature did not verify) header.d=public.govdelivery.com;dmarc=none
 action=none header.from=public.govdelivery.com;
Received: from arii.sAmartintech.ru (45.144.29.230) by
 VE1EUR03FT005.mail.protection.outlook.com (10.152.18.172) with Microsoft SMTP
 Server id 15.20.5017.22 via Frontend Transport; Thu, 24 Feb 2022 00:17:14
 +0000

(edited)

New Member

 • 

9 Messages

7 m مضت

@tonidi  (Part 2)

X-Google-Smtp-Source: ABdhPJxUBKYbf28cGEHigJo7kIWz0RZJvhbQnZ2jQj/ePZ4U6lANK80qw4aNDa2g+aUIsawd3XRq X-Received: by 2002:a37:8906:0:b0:649:599e:6e22 with SMTP id l6-20020a378906000000b00649599e6e22mr813919qkd.749.1645651333259; Wed, 23 Feb 2022 13:22:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645651333; cv=none; d=google.com; s=arc-20160816; b=qyQfKy/NpsOdC4sNkdu9HdQGMyIfWSWIkLXb5jSmMhnivB+WK9gFtSrfLH0HRV14aK HWxz9kA3Fo6z2DAjXZRnj86MRnNgolQxw2uF3vfDSHMFz4PdVfCDRQ6okCbCAaE+et2H EtvFc6CehnOps6hOS3pSBtUWzmzLnkEN7pj5E4GIgETfnhDGiprdzKrVtT+Vya/xQTMx z2sZhRA314H4gEaax3SodzvDW3D3rvumofkaBBgGxzwPBEpDCC0szdwXqh1n6F74J0ay admsyasg5Q4sac2nSIXJJoK+KH49WTD53JqfeVJNjq6EKbnoox5U2/eodF1pER5pp8+X tayw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=from:reply-to:to:date:subject:message-id:mime-version:errors-to :list-unsubscribe:content-transfer-encoding:dkim-signature; bh=QFfsUb4pa4qbHKfEz573xGum498mZp4X8Ahrvg0xGeY=; b=J933KiboHtJsfduZwjCSCbzVW5g/E8JnWBah4Rw/R990WV56mZ9kcI8537V3as62fJ U9IzyythWlfaBjxxACNyPTOKanVnZqnctpd2oO3XVzOBGbrt2O7HqeA88qbOVYOrzO6l In+7rX1xfwk4skUZADdmi05GSaNvubwKz9DTK9kqjPdOtrXHA9d5/GMbox1LkaBtsKtF Hc5oFtMcNsNQBbdXtew701qZTdHIw7sOHudlcLEwuT3FEwjFHmgGw7zQ/YFfNkzpcuKu Li6mvWyuITf+lPheIWQMCZ65vehz3FM/FRBOyH8EZG5qlv0slVF9j7pnFNeTpFZPQp+z 50WQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@public.govdelivery.com header.s=13q2 header.b=pEeyKt6B; spf=pass (google.com: domain of [email scrubbed] designates 69.5.86.161 as permitted sender) smtp.mailfrom=[email scrubbed] Received: from mailer086161.service.govdelivery.com (mailer086161.service.govdelivery.com. [69.5.86.161]) by mx.google.com with ESMTPS id p20si349020qkk.256.2022.02.23.13.22.12 for <[email scrubbed]> (version=TLS1 cipher=ECDHE-ECDSA-AES128-SHA bits=128/128); Wed, 23 Feb 2022 13:22:13 -0800 (PST) Authentication-Results-Original: mx.google.com; dkim=pass header.i=@public.govdelivery.com header.s=13q2 header.b=pEeyKt6B; spf=pass (google.com: domain of [email scrubbed] designates 69.5.86.161 as permitted sender) smtp.mailfrom=[email scrubbed] Received: from gasdp-smeds5-1.systems.dc.gdi ([10.1.36.21]) by mailer086161.service.govdelivery.com (-); Wed, 23 Feb 2022 21:21:41 +0000 X-VirtualServer: VSG001, mailer086161.service.govdelivery.com, 10.1.38.161 X-VirtualServerGroup: VSG001 X-MailingID: 16810085::20220223.53899771::1001::MDB-PRD-BUL-20220223.53899771::[email scrubbed]::31082_0_0 X-SMHeaderMap: mid="X-MailingID" X-Destination-ID: [email scrubbed] X-SMFBL: YmVzdG5ld3NsZXR0ZXIyMjIyQGdtYWlsLmNvbQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=public.govdelivery.com; s=13q2; i=@public.govdelivery.com; h=Content-Transfer-Encoding: Content-Type:x-subscriber:X-Accountcode:List-Unsubscribe: Errors-To:MIME-Version:Message-ID:X-ReportingKey:Subject:Date:To: Reply-To:From; bh=QFfsUb4pa4qbHKfEz573xGum498mZp4X8Ahrvg0xGeY=; b=pEeyKt6BB3qryyuA+VisMt2OGsDfhCU8kZmeY51UMDpDSpN74Sh8peGoHxsF87 Mx/vWCA8xz5NWwK7JSMb/NkCODtzWrCvoV9SWRtG/xjQw8N42uNrqSf+R4OcU0ul zt+FeuQI8M+BzWYHw8NBNF/iuEwpNbJ0lejI2X8b5/zcJ2tRCwjz7Kz8QztGszZU LR1Wjbv1b0gZvPsso12NOWoYIiFdwHETaoMr3iq2GKztfiu0h3N4Vrzg5GyqvmDG bitiqsiRrQPZMh5UcE6zrSUGtH6wWvo9tJcrwFrOTKPqm04RnNgOOL18fd9WQeU3 grm9G3vy9oFh6ULyUeYenNMA== Content-Transfer-Encoding: 7bit Content-Type: multipart/alternative; boundary="----=_NextPart_A6D_AD7A_7438A1B3.26357CD0" x-subscriber: 3.qXZGu8GRJVEuP+CBb9Lnf4m9VCpWNNzbovr8tYuDZrFA6HMpD2KarAUygW0yj5YmczOnzf5cR3Hp4v1gfnJUISTaGsmbq31qN6SFcOzVH5G7FWdje5e+2eellQKTQ6enD80bFCA0yOfO7olCpUU5DBVOfe8ot3FX+CZbMyKumSU= X-Accountcode: USHUDFHA List-Unsubscribe: <https://public.govdelivery.com/accounts/USHUDFHA/subscriber/one_click_unsubscribe?verification=5.5b1e101c70e4f8cde44b34c549136c84&destination=bestnewsletter2222%40gmail.com> Errors-To: [email scrubbed] MIME-Version: 1.0 Message-ID: <[email scrubbed]> X-ReportingKey: MJJJ2EWJK4F0_JJ4A1-JJJ::[email scrubbed]::[email scrubbed] Subject: WeLLcoMe BonuS_EsB5CVS Date: Thu, 24 Feb 2022 01:14:38 +0100 To: [email scrubbed] Reply-To: [email scrubbed] From: C$V$S*preMiuM <[email scrubbed]> Delivered-To: [email scrubbed] Received: by 2002:a17:90a:24d:0:0:0:0 with SMTP id t13csp733206pje; Wed, 23 Feb 2022 13:22:13 -0800 (PST) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c6e32e37-5e62-412b-c0e9-08d9f72b04a7 X-MS-TrafficTypeDiagnostic: VI1PR08MB2671:EE_ X-Microsoft-Antispam-PRVS: <[email scrubbed]> X-MS-Exchange-SenderADCheck: 2 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 00vEn9jMsU17+CBDbRejd4PZvmNfE3dvJWgg1epQKhMy51sjQ7IiBJ+YJryt0Yq8TGvckKJHIGYaH7U7MGtXWEmOY8t8sJDfaIG6xoQ45sff5xeFFHiczBIKdwCh4fRzsNPZRHxoCJlxTnTy/XI3lOeAvDETwa9tjai+Bara3xYtIEvvlsMyfEAa0oHJrDO3l1b28s8slmBP9VaQIs5zlzLR7GfC3hOC5FsPHeNdbNcrU7bI+mT+Q9iMA+aW1+mOCcB8uNGUTOoXMpyAZpItCTl/Ka6Qpp9suP+JL/8ELikBbxsgcpdIAEDc5wCJgza6jvddxo2ktxhL5+zJl1H2toPP1B3hBr0s4FPGWidAEtid/QKYDw07dFNYqFpu29/+N/Vz8pxkx+dAmEyX8ZnvddaIZS8HRNqIE8mxf/dK3k35ujzp9IiCv0KYnDarj+U1PPyiEeakF7F6ZLKdmH7S6TqM/ELKmiNZ4lYwvdABOBHNWkUrnOAYKu11Yyt8uf3sAIXkNaIgbYkFofrrBHcWhBDO6+bLZg4YtxQIn8NLzAt0FiPHvaG2ZLb4fD7Dp3IKFwxho7368DyTmIrRKBkI/nBIH8zTnOHUwJQbRWGVYZ0b818Wf1m221Y4Twt+kn3USqXQQ9AiOJaygGD1UaOQ4wm7tp0Lmfy1onbItnsjmL6PoXm8ICpUjSBkX5piYOxASh0Mr2INw+hPH9tItE4r6x9QtDjuiu8VE/UJg/DRFk7c852FtOQqXfCm6GO49ii5m98GkqjZFhMQ5DTEuugEWR7RGWyLuNlcmKbrPOAd8zCbL1Jg2JQXBFcASsLJ/rK49AEw9b/+eU/u9eTGAhD0HA== X-Forefront-Antispam-Report: CIP:45.144.29.230;CTRY:NL;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:arii.sAmartintech.ru;PTR:vm319125.pq.hosting;CAT:NONE;SFS:(13230001)(36840700001)(46966006)(40470700004)(40460700003)(2616005)(10700001)(42882007)(186003)(336012)(34020700004)(76236003)(26005)(36860700001)(224303003)(83380400001)(19627405001)(47076005)(82310400004)(81166007)(70206006)(356005)(3450700001)(70586007)(44144004)(508600001)(15974865002)(966005)(6666004)(83170400001)(34206002)(9036002)(8936002)(5660300002)(316002)(40140700001)(166002)(2906002)(42186006)(59666005)(15450700017);DIR:OUT;SFP:1501; X-OriginatorOrg: ImagineIndependence810.mail.onmicrosoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Feb 2022 00:17:14.7769 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c6e32e37-5e62-412b-c0e9-08d9f72b04a7 X-MS-Exchange-CrossTenant-Id: 3888df3c-3cca-430f-a2dd-1e9934fe6288 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3888df3c-3cca-430f-a2dd-1e9934fe6288;Ip=[45.144.29.230];Helo=[arii.sAmartintech.ru] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT005.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2671

(edited)

tonydi

ACE - Guru

 • 

7.4K Messages

7 m مضت

Thanks but between what you edited out and what the forum software removed it's pretty hard to tell what's what.

I asked for headers because sonnyboy43 insisted that he was getting emails that didn't have his address. 

The email address you edited and that the forum "scrubbed", is that your address? 

New Member

 • 

9 Messages

7 m مضت

@tonidi . . . I replaced my email address in two places with several X's. Other than that, all I left out was the content info that was at the bottom. Did this forum's software really remove parts of it?

tonydi

ACE - Guru

 • 

7.4K Messages

7 m مضت

Yeah, it can recognize email addresses (most of the time) and removes them for obvious security reasons.

For example....

 (google.com: domain of [email scrubbed] designates 69.5.86.161 as permitted sender) smtp.mailfrom=[email scrubbed]

Regardless, the fact that your real address was in the headers proves what I was trying to tell sonyyboy43.  There's no way you get that email unless your address is in the headers in the appropriate places.

Oh, I guess some Russians are busy sending spam instead of lining up to invade other countries since it looks like that is the source of this spam.

(edited)

New Member

 • 

8 Messages

7 m مضت

I have been having the exact same problem with 2 pacbell.net accounts that I have had for many many years.  20 + obviously spam emails are in the inboxes every day for the last week or so.  I mark them as spam but they keep on coming.  They appear to be from different email addresses.  Yahoo used to catch such spam and I rarely even got spam in my spam folder.  Something has clearly changed!

Visitor

 • 

10 Messages

7 m مضت

tonidi insists that somewhere in all of these spam emails, my address at sbcglobal.net is in there somewhere.  No, my sbc.net address isn't in any of them,.  I would you suggest you ignore tonidi as he or she thinks that he or she knows all.  Sad.

tonydi

ACE - Guru

 • 

7.4K Messages

7 m مضت

sonnyboi43, how do you think emails find their way into your Inbox without your email address being in the headers someplace. Do you think the email fairy flies by and drops them in there?  Show me something, anything, that explains how that works. 

tonydi

ACE - Guru

 • 

7.4K Messages

7 m مضت

Well, we haven't seen sonniboy43's headers.  But email does not use IP addresses to find the correct Inbox, just the correct email server.  Once there, the server uses the email address to determine where to put it.  Think about it, if one IP = one email address we would have been out of IPv4 addresses a long time ago.

tonydi

ACE - Guru

 • 

7.4K Messages

7 m مضت

@txakura   Thank you!  I didn't realize how IPv6 plays into email routing so I definitely need to educate myself more on that.  Much appreciated.

New Member

 • 

11 Messages

7 m مضت

I apparently have been stricken with this fabulous new occurrence of spam a long with several of my family members and some people in a discussion on reddit. This seems to be a new thing and in my opinion, something that ATT has done to push their Mail+ service, which has only started being pushed recently as well. 

Previously, a user on here requested the header of the email, I can verify that my email address is not in the header of these emails, therefore, there is some BCC that is happening. This is one of the many that I have received. I am up to 122 spam emails yesterday, 80 of which I personally moved from my inbox and marked as spam. Today so far, I have 62, 40 of which I have had to mark as spam.

I have attempted to create a filter on the advice of a fellow redditor that would send email messages that Do Not Contain my email address in either the To or CC fields to a special folder, so far, that has done nothing. 

So here is another product service line that ATT ( @ATTHelp ) has sucked in and caused to go to crap.

Many of the other clearly spam messages that I have received have a bunch of question marks as the Subject.

Need help?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.