Spammers are starting to use email addresses with "renewal" in the address, bypassing junk filters. How do we fight this without blocking legitimate renewal emails? - eviltoast

For several months now I’ve started to receive an unprecedented number of emails from addresses named some variation of “renewal@”.

The issue is that creating an email filter which would move these emails to your junk folder would also inadvertently move legitimate subscription renewal emails to your junk folder as well. What are some steps that can be taken to deal with this issue? Which apps, clients, or email services deal with junk/spam the best?

    • dlpkl@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      Ah that’s a good tip. Next step for me is figuring out how to use aliases in outlook then, thanks

    • Rudee@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Do you use a service for the relays, or is it possible to self-host?

      • hedgehog@ttrpg.network
        link
        fedilink
        arrow-up
        4
        ·
        11 months ago

        Not the same commenter, but I use the SimpleLogin service (and I liked it enough that I’ve been a paid user for a couple years), which is FOSS and can be self-hosted. I have not tested out self-hosting myself but there are detailed instructions in the repo.

        • jon@lemmy.tf
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          I run the self-hosted version, aside from having to deploy a couple Docker containers it’s pretty much the same as the SaaS product.

          • hedgehog@ttrpg.network
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            That’s awesome! I have a fair number of Docker containers running on my Linux server and may try deploying SL at some point.

            One thing that may stop me - are you able to use the mobile app with it, or are you only able to use the webapp?

  • markstos@lemmy.world
    link
    fedilink
    arrow-up
    11
    ·
    11 months ago

    Spam filters rely on many signals besides the from address to decide if a message is spam, because one signal alone is often not reliable enough.

    It’s hard to see who deals with spam with the best because when the filters are working well, you don’t notice how much is being blocked.

    I can say that both Fastmail and Google work fairly well. Unless things have changed, about 90% of email is spam, with most getting blocked or diverted at different levels. So even if some gets through, it’s possible the systems to block it are still working very well.

    • dlpkl@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      Yeah and I have to be honest, usually outlook/Hotmail is pretty good about adapting to spam but this seems to have evaded them for much longer than other types of spam. Fingers crossed they figure it out soon

  • lemmyvore@feddit.nl
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    11 months ago

    Subscribe to things with personalized individual aliases instead of your main address.

    That way you don’t get much spam to begin with because they’d have to guess what aliases you use, and you reject anything that’s not sent to one of those aliases.

    Assuming one of the sites you subscribe to sold you out or was broken into and their alias starts receiving spam, you simply block or disconnect their alias.

    If you haven’t been doing this, the address you use now (for everything) is undoubtedly on many spamming lists. It’s best to get a domain and start moving subscriptions to aliases on that domain.

    Nobody should ever know the main account address, it should be reserved for logging in to the account. Even friends and family should be given aliases (because their address books and contact lists inevitably get sold and compromised eventually).

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    ·
    11 months ago

    I just use a separate email for subscriptions and whatnot vs “actual” email. That helps mitigate a lot of it since I can easily dismiss any “business” communications from one and be on my guard with the other.

    But the real solution imo is to not use email for such things. If I need to renew something yearly, I set up a reminder on my calendar or wherever yearly.