Re: [Evolution] Forwarding a mail to action fraud that is potentially fraudulent

[Pete Biggs <pete biggs org uk>]

> Yes, I'm using POP/SMTP - the message is :
> Data Command failed: Message contains malware (detected as Sanesecurity.Phishing.Fake.Coin.29059.UNOFFICIAL)

That's definitely from your SMTP host, not Evolution.  

> >
> I didn't use my brain - I have a different EMail client on my phone, so I've just forwarded the message 
> from there to
> see what happened. It appears to forward ok.

OK. A few observations.  

The mail must be using different SMTP servers. It's unlikely that an
SMTP server would treat mail differently from different clients.

The fact that the SMTP service used by Evolution detects the phishing
email, but it's not being detected before it got delivered to you
indicates that they are two different providers - it's not sensible
that it would only detect it on outgoing mail!

Personally, if it is detected by the outgoing SMTP server, and not the
incoming one, then I would have a serious look at your mail provider
and ask some questions. It may need some configuration setting to
reject or spam bin known spam/phish - things are complicated in this
respect if you use POP

Since the phishing attempt is detected by SANE, it's clearly a known
phish, so sending it to Action Fraud is not a priority. There is
guidance from NCSC about how to report phishing - including what to do
if your mail provider blocks it.  See:

 https://www.ncsc.gov.uk/collection/phishing-scams/report-scam-email

Two things to note: they don't need to see spam binned stuff & if in
doubt use a screen shot.

P.