Emojis in heading cause bypassing of Telstra Webmail inbox filters

Telstra’s email service can be accessed either at their Webmail site or via a client app. Like some client apps, the Webmail site allows the setting up of mail filters, aka inbox-management rules. For example, filters can be set to automatically delete or to move to a nominated folder any incoming emails which meet particular criteria, such as having specified words included in their subject heading. I attempted to use this facility to automatically delete a type of phishing email I’ve been receiving. The subject headings of these always start with the words “Automatic response” (or its French equivalent) and also include some emojis. But such emails were not blocked and still appeared in Webmail’s inbox. By sending test emails to myself, I discovered that it was the presence of the emojis in the heading that was enabling the filters to be bypassed. I suspect that the scammers sending the emails are aware of, and are exploiting, this shortcoming with Telstra’s Webmail site. I am currently using only one email client app that has similar filtering options, namely Mozilla Firebird, and it isn’t fooled by the emojis.

Have any other members experienced the same problem with the Webmail site?

And if Telstra are providing a service with a feature that doesn’t function properly, are they in breach of the ACL?

2 Likes

Try including the emojis in a filter? Copy and paste them if the filter supports adding images/gifs.

2 Likes

The filters don’t accept emojis, and in any case the scammers use different ones each time. They also send from a different address each time, so the messages can’t be filtered out on that criterion either.

3 Likes

It could be scammers have cottoned on to this and why this particular one uses emojis.

I have also noticed that if the subject is filled with the maximum number of (random) characters, it also tends to bypass filters.

Filters are as good as the code that sits behind them. It appears there are scenarios which weren’t considered when coding the filters. Hopefully future updates cover these eventualities.

1 Like

I think you can purchase an anti spam option from Telstra that allows them to filter before you receive the emails. But you can mark items as Spam already without purchasing their product and their inbuilt Spam filter will learn and block automatically and it gets better over time.

To use the spam filter

Select the message/s you wish to mark as Spam using the selection box/es on the left hand side

Once all the ones you want to mark as Spam are selected from the bar select More and then the choice Mark as Spam (see screenshot)

Keep doing this as the emails come in and the filter will get much better at discerning the Spam emails.

1 Like

I’m aware that Webmail (like some client apps) has this AI-based learning capability, but I believe it results in the filtered-out emails reporting to the junk folder, from which they then have to be deleted. If it worked correctly, the inbox-management rule approach would be better, because it can be set to automatically and permanently delete the dodgy emails in one step.

2 Likes

Generally the Junk Folder is auto deleted monthly but you can delete sooner if you so choose. I would be wary of deleting all possible Spam emails before you look at them just to ensure you don’t kill off a wanted one.

2 Likes

I agree that as a general rule one should check the contents of the junk folder before deleting. It’s not unusual to find that a wanted email has been erroneously sent there (and by selecting it and clicking on ‘not junk’ the system will eventually learn better). But the emails I was trying to have intercepted have a relatively unique heading arrangement which I think a wanted one would be unlikely to share.

2 Likes

I hope the code will be updated to overcome the issue too, but when I raised the matter with Telstra’s customer service team I certainly was not given the impression that such a move was being contemplated. Instead I was told that Webmail has limitations and lacks certain features that are provided by some applications (which is a bit misleading - the feature is there, but it doesn’t always work correctly).

1 Like

You possibly will find that they haven’t created the code/webmail platform that they use…but use one under licence. They will have to wait until it is upgraded, issued and accepted. This could take some time.

You could pose that to Telstra, that the service they provide is not of sufficient quality. It isn’t a working one from your perspective and you’re entirely within your rights to either cancel the service or to test a case for some compensation as long as you used the service in the beginning believing it to work to the level you required ie that filtering wouldn’t be “confused” by simple emoji. I’d probably try for compensation for the part that doesn’t work if you wish to continue using Telstra. So write a formal complaint and ask for compensation (or choose to cancel your contract if that is your preferred outcome) for the failed feature (the broken filtering), there are links which you should be able to find by searching on this site about CHOICE’s templates and the ACCC supplied ones (either supplied sources are good). Give Telstra a reasonable time to respond eg 7 or 14 days and if they don’t respond or don’t respond favourably then lodge a complaint with the TIO.

No I haven’t, I use Mozilla Thunderbird as my preferred email client and just have it collect and sort my emails from all my providers. I use quite a few rules and I find it quite a decent client, so it is usually only while on my Smartphone that I ever have to use the Telstra Webmail portal and even then it is a very rare occurrence.

Sounds like a fairly dumb parsing routine that gives up as soon as a non-ascii code is encountered. Emojis are unicode.
Are you able to set the filter rule to look at other fields in the message, like sender?
Or specify a rule like ‘starts with’ instead of ‘contains’, for instance?

"Starts with’ isn’t an option. Filtering is based on whether specified content either is or is not present in one or more of the following fields: SUBJECT, FROM, TO, CC, or both TO and CC. So a message could be filtered out based on its sender, but with the phishing emails that isn’t much help because the scammers tend to use different aliases each time. For the same reason, adding them to the ‘blocked senders’ list is of little use.

1 Like

I’m not sure about seeking compensation, because I wouldn’t be able to demonstrate any financial loss as a result of the issue with the Webmail inbox filters. My preferred outcome would be to see the problem fixed. Telstra have apologize for the annoyance caused, but the solution they have suggested is not that they will fix Webmail’s shortcomings, but that I should switch to a client app with mail filtering capabilities (they mentioned Outlook). And by installing Thunderbird I’ve followed that advice.

As a matter of interest, I’m attaching a screen shot of the heading of one of the phishing emails in question. Thunderbird immediately highlights such communications as spam because it detects that the ‘from’ address isn’t the same as the ‘reply to’ address. (The bait offered in this scam was a discount on the activity tracker mentioned.)

It’s an image, the subject line, I suspect not text so it won’t filter.

No loss? that it doesn’t work as expected the value is diminished in regard to what you paid. The difference is what you seek compensation for.

How many of these emails do you receive in a day? I use Thunderbird with no filtering, and I run my own email server without filtering, so I get to see all the junk mail. Thunderbird is set up to not preview, and to provide a list with from and recipient. When the 10 or 20 spam emails arrive it is look, click, delete and takes maybe 10 or 20 seconds to clear spam for the day. This may seem tedious but occasionally I see a legit email that a spam rule might have deleted. The extra few seconds a day make up for the chaos caused by missing an email that I should have acted on. If it were a hundred a day I might think about a filter.

3 Likes

Each to his/her own taste and circumstances, and your simplified approach to using Thunderbird clearly has its merits.

I too have Thunderbird’s preview panel turned off and the few filters I have been using were designed to to intercept phishing emails with specific words in their subject fields, words that are unlikely to be present when the email is one I need to see. But even with a ‘delete’ filter active, the risk of accidentally missing a desired email is lessened by the fact when Thunderbird acts on the filter it doesn’t permanently delete the item and flags that it has put it in the ‘Deleted’ folder by highlighting the latter’s line in the folders column. However, I have to agree that using ‘delete’ filters to tackle this kind of phishing is probably a needless complication, especially given that Thunderbird automatically flags such emails as suspected spam anyway because it detects that their ‘from’ and ‘reply to’ addresses differ.

2 Likes