I'm getting a ton of these Paypal phishing scam spams... most have the subject line: "PayPal Email ID PP321". On some days, I get one or two every 10 minutes... very annoying.

Nearly all are slipping through SpamCop filtering. I have all the Spamcop blacklists enabled and I have the SpamAssassin level set to 2.

I also move them into Spamcop and report them all. Sometimes I also forward them to spoof at paypal dot com. Is there any more I can do?

I can't put them on my personal blacklist because the from address is obviously spoofed.

Is adding more criteria to the personal blacklist a pratical thing for Spamcop to do? Like blocking by matching the subject line, keywords, or something?

This has been going on for a few weeks and getting worse. I would have thought that the Spamcop blacklist filters would have this subject line text incorporated by now. But then again, I don't fully understand the complexities of the problem.

Can anyone shed more light on this or suggest something more I can setup to get these trapped in the Held Mail.

I'm ready to take a road trip to Eastern Europe to hunt these scumbags down like the animals they are. I wish.

Anyway...

Thank-you.

Moderator Edit: Moved to the E-Mail account Help Forum section ....

Have you looked at the SpamCop FAQ here? There are a number of entries existing on both Black and White-Listing ..... And as I moved your post into the more appropriate Forum section, you're now better 'positioned' to maybe take a look at some existing Topics/Discussions to pickup a few more hints ...???

Have you kept up with your previous posting on the same subject at http://forum.spamcop.net/forums/index.php?showtopic=4288 ????

SpamCop Email personal blacklist paypal.com (and ebay.com) work fine (if any account you have with the real McCoy goes to a different email account.).

See http://www.spamcop.net/sc?id=z860758095z3e...bc21c4262218e9z
where the blacklist caught a spam which only had 'from: *@paypal.com' and a different 'return-path:'.

Some phishers can't spell Paypal of course, just as some can't spell Wells Fargo.

What SpamAssassin score are you getting for the 'Leakers' ?

Personal Blacklist-

I was under the impression that I can only blacklist the domain name or email address. Since they are always coming from different locations and all "from" addresses are spoofed to look like they come from Paypal or eBay, I just thought I couldn't use my personal blacklist for that.

Global Blacklist-

All have always been turned on.

This thread-

Sorry to cause so much trouble by asking a simple question. I wasn't complaining about anything but I was only wondering why these phishing scams all get through all the normal Spamcop Blacklists. I will continue to read the threads here.

I'll check out the FAQs again. Thank-you.



No I haven't until now. Email notifications of thread replies on this board are defaulted to "off". My mistake. I didn't realize that so now that I've subscribed to the thread I'll be more up to date on the replies.

I can't. The email account I use with PayPal and eBay is the same email account getting phished so I can't blacklist those.


I'll check that out. Thank-you.


These phishers are spelling everything fine, unfortunately.


The last one said "Blocked SpamAssassin=17" but it's one that I had to move into SpamCop myself.

Thanks to your question here, I think I just may have figured out why all are getting through. A few years ago, I found the need to personal whitelist "paypal dot com" and "ebay dot com" so my legit ones would get through. This was way back before I had any issues with phishing and I long since forgot that I had done this. Anyway, I deleted those just now so I'll probably see quite an improvement.

Thank-you and I'm sorry for wasting everyone's time with this.

Just by putting this update out here makes it not a waste of time. Hopefully someone else with a similiar problem will find this and solve their problem more easily than you did here.

Thank you