If its spam , have you tried adjusting the spam filter settings ?

@Leftshark Do you use a mail client or just webmail?

If you use a client, how many email addresses do you have? A program I use, with all PN filters turned off, is 'MailWasher'. It does need a bit of initial training, but IMO, is an excellent piece of kit. There is a Free version which will monitor just one account or a paid for one which covers any number - well worth the investment.

It does mean an extra couple of 'clicks', but is fast and responsive and with it, you don't - as I used to - lose those emails that Cloudmark wrongly thinks are spam, as you are totally in charge of what reaches your mailbox(es).

@jab1 

As I am reading it the problem is that the sending domain is an ever changing combination of three random numbers, you can't therefore block the domain unless you can automatically block all domains consisting of three numbers, that is 1000 domains. Can mail washer do that without entering every one in the blocked list and will it handle that many addresses?

Personally I would take this as an indication that the bad guys have got my email address and change it despite the [-Censored-] involved.

Edit

For the life of me I can't think of the synonym I used for hassle that has been censored. The PC brigade have obviously taken exception to it. Ho Hum!

Edit 2

On reflection I think that it was also a synonym for cigarette.

@Baldrick1 I don't know what the capabilities of the current iteration of MW can do - I'm on a very old version that still works as I need it - I'm a Yorkie and don't like spending money if I don't need to, but you can block say all '.com' addresses in the global filter and specifically 'allow' any you know are OK - the 'friends' list takes precedence over the 'blacklist' for such entries. As I said earlier, training the program takes a while, but you see all mail waiting for download, identified as 'spam' if the domain/sender is already on the bad-boys list, 'Friend' if on the allow list and a couple of other options if MW doesn't quite know what to do with it.

You have the option to review every item before deciding. Screenshot below, but they are all OK as most, if not all, of my spam comes through my old Tiscali mailboxes, and I delete it via their webmail interface before telling MW to download. Not essential. as all blacklisted mail is discarded and held in a 'pending' file for as long as you set the rule for it.

@jab1 

I get that, so it is a convenient way of blocking a single message and stop that address being used again. So potentially you need to keep manually blacklisting these emails until either the spammer gives up or potentially you have manually blocked all 1000. Hence my question of whether there was a limit to the number that you can blacklist.

Ideally what you want is a rule that a domain should be blacklisted automatically if the address consists of just three numbers.

You don't need to manually block individual addresses - just set an initial wildcard '*'.com filter up, then add valid .com addresses to the 'friends ' list - two clicks.

There is no limit to the length of your filter lists, anyway - at least not in my version.

@jab1  OK I get it now. Rather than blacklist every sender that you want to reject you whitelist all the ones that you want to let through.

Does this mean that all the new blacklisted ones aren't automatically deleted but presented to you for review or alternatively are any emails from new addresses that you want but have failed to add to your whitelist are dumped along with the spam? I can see that this would work, you just need to monitor the spam file and whitelist those that you need to let through.

@Baldrick1 In simple terms, anything sent to you, whether on a whitelist/blacklist/no-list is picked up by MW and presented to you for review. You do the review - making sure any tick-boxes are in the correct state, then hit the 'process mail' button. This puts the 'spam' into the recycle bin - in case you inadvertently make a mistake, so you can recover it, and opens your mail client so you can hit the 'get mail' or whatever it is called , and it then just pulls the valid mail.

Thanks for taking the time to read and comment Guys!

I think I need to add some more information.

My email clients are Outlook (on PC) and standard IOS-mail on iPhone. My Wife has same setup with a laptop and her iPhone.

To illustrate what's happening lets assume I'm 'Ken', my Wife is 'Barbie' and my +net domain is 'Carson'.

We have two mailboxes 'ken@carson.f9.co.uk' and 'barbie@carson.f9.co.uk'.

My Wife (barbie@) has had email from:

MastrPlux8706@7778.com

MastrPlux0402@6302.com

MastrPlux9719@6729.com

MastrPlux4144@4144.com

MastrPlux4261@1440.com

MastrPlux4559@3420.com

On my (ken@) mailbox I've had email from:

MastrPlux5446@4726.com

MastrPlux9295@6511.com

MastrPlux7832@6893.com

MastrPlux1560@9033.com

and I've also had one from here:

Noah1171@1171.com

All emails are of this form:

Hey, I infected your computer, one of your passwords is: XXXXXN, right?! ;-D

Read the attachment for more information, but please don't flip out, you still got the chance to save your ass.

Now for me, the password quoted may have been used by me once, and is the same format that I used to use. For my Wife it is in fact an old password she used!

I have put our real email addresses into   ';--have i been pwned?   and our +net mailboxes and these particular passwords may indeed be compromised.

We're not worried at all by these threats but they're a tedious annoyance now.

Note that we both have other mailboxes at Google (ie gmail.com) and these remain remain free from spam and 'threats'!

It's sadly all due to the +net domain

MisterW - Yes, that is an option that I think I'll try. I'm on Level two at the moment.

jab1 & Baidrick1 - Thanks for your information on MW and suggestions. I'd prefer to stick with my current mail clients but it's useful to know what else is available. I like the idea of blocking everything but have a whitelist of good folks. There's also the option of new mailboxes I guess despite the cigarette involved

Thanks for your interest! 

I apologise for not getting back sooner.
I thought I should provide some information for clarity and completeness.
Both my Wife and I have had these email 'threats' and our mailboxes are like:
me@mydomain.f9.co.uk
wife@mydomain.f9.co.uk
We use Outlook for PC and standard ios mail on iPhones
The content of the emails is similar (password and address *'d):

-----------------------------------
From: Mastr Plux <MastrPlux5446@4726.com>
Sent: 14 June 2020 18:40
To: ****@*****.f9.co.uk
Subject: I RECORDED YOU

Hey, I infected your computer, one of your passwords is: *******, right?! ;-D

Read the attachment for more information, but please don't flip out, you still got the chance to save your ass.
-----------------------------------

Those to my Wife contain a password she has used in the past, and for me a password I may have used, but also, a while back.
I've checked our email addresses on 'Have I been pwn'd' and both have been subject to a compromise.

@MisterW - Thanks for this suggestion. I'm currently on Level 2. I think I will try a higher setting

@jab1 & @Badrick1 - Thanks for the information on MW and how to use it. I like the idea of blocking all and just letting the good people through. As regards changing the email boxes I'll keep for now; as you say, changing is a bit of a cigarette

Thanks so much for your time and interest

We've had messages from:
-----------------------------------
MastrPlux8706@7778.com
MastrPlux0402@6302.com
MastrPlux9719@6729.com
MastrPlux4144@4144.com
MastrPlux4261@1440.com
MastrPlux4559@3420.com
MastrPlux5446@4726.com
MastrPlux9295@6511.com
MastrPlux7832@6893.com
MastrPlux1560@9033.com
-----------------------------------
and last but not least:
Noah1171@1171.com

Sample email header (after being moved to/from Spam folder)and my address *'d out
-----------------------------------
Received: from [2.181.49.9] ([151.234.138.109])
by Plusnet Cloudmark Gateway with ESMTP
id kWc5j5YpqZAtykWc7jaryW; Sun, 14 Jun 2020 18:40:14 +0100
Received: from jgfi ([71.58.208.117]) by 7567.com with MailEnable ESMTP; Sun, 14 Jun 2020 22:10:13 +0430
Received: (qmail 89108 invoked by uid 891); 14 Jun 2020 22:10:11 +0430
Received: from [84.93.223.74] (helo=avasin03.plus.net)
by inmx19.plus.net with esmtp (PlusNet MXCore v2.00) id 1jkWcF-0004DI-K4
for ****@*****.f9.co.uk; Sun, 14 Jun 2020 18:40:19 +0100
From: "Mastr Plux" <MastrPlux5446@4726.com>
To: <****@*****.f9.co.uk>
Subject: I RECORDED YOU
Date: Sun, 14 Jun 2020 18:40:13 +0100
Message-ID: <891080.89108057@7567.com>
MIME-Version: 1.0
Content-Type: text/plain;
boundary="hkkiy891080589108";
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQLpbzspbShvTZxtz9nsE43lgxvgxg==
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.3 cv=aZP6YSgt c=1 sm=1 tr=0 cx=a_idp_d
a=8UOSL/VhbBSY336UZdJ97A==:117 a=8UOSL/VhbBSY336UZdJ97A==:17
a=nTHF0DUjJn0A:10 a=T0qGHcylBcRtWTnNjWMA:9 a=z310GJM4DYEKbvTbzc5QQXUV8SA=:19
X-CMAE-Envelope: MS4wfPi967LyUh9oBkrF5r36frovtO0KPC01gxTQjuOQQ98QRjdxEPLRywqYBupc54WVrCVpSc3nRYWzuHBPgvLZLNwKNUnX9ODSG6GIJCz+4Bum+5Y5pznt
afGCBrXS1W+2mbAWHKEgwnDr5dtrh7QkuXksA1okxCJJQyYkE8J3j37Y8RMdQ7LEFyYBMRyO+0bxPg==
X-pn-pstn-db: " Spam 99
X-PN-Virus-Filtered: by PlusNet MXCore (v5.00)
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
-----------------------------------

Guys- I don't use this forum a lot but yesterday I spent a while composing a reply with a sample of the email I've received a a list of addresses received from. All nicely formatted and it's gone!

This morning I created a reply in Notepad to be safe with similar content but also added full header from one email and just *'d out my information. Again it's not there! [-Censored-]!

@Leftshark Did you actually post them to the forum? In case you did, I'll 'report' your post - possibly got caught in the spam filter.

Hi @jab1 

Yes, sure I did, just like the reply above!