Bad "house" icon only shows up with malicious email

Certain types of email get through my mail filters, and they don’t have enough in common that I can customize filters to block them. One of the most persistent SPAM/Phishing email messages that I see are all logged with the same icon in eM Client. They look like this:

badhouse

I do not understand where this icon come from, but I certainly wish I had a way of tagging the email messages as malicious and shunt them into a folder rather than have them show up in my inbox.

Does eM Client have a way to filter based on these icons? And where does the icon come from, is it specified by the email itself or is eM Client filling it in?

Have you examined the header information of the emails in question to determine if there is any commonality in the From, To, Subject, Reply To fields contents? If so, then that info can be used as the basis for a rule.

That was the first thing I checked; updating .mailfilter is how I handle messages that have ‘fallen through’ the other mail checks. But in this case there do not appear to be any fields in common. These emails have a token that is attached to many fields that might otherwise be useful for catching commonalities. In these two messages the tokens are AeGjnAvjmV_sTmzh and Af1U7ejQGs_sTmGV.

I also don’t see anything in these headers which would cause the “house” icon to show up in eM Client. If it was in the header, then filtering would be easy, but I don’t see something like that in these headers.

I examined the snapshots (very difficult for me as I have OLD eyes) and I would try a header rule that checks the FROM field for everything prior to the ‘email address’

Not sure of your knowledge level, so if you need more assistance, let me know.

The two messages for which you provided headers are not from the same address, but do come from different domains on the same sarver. Both of them have the same avatars registered for the accounts, so the house icon you see.

Probably every message you get from them comes from a different address, so Rules are not the way to block them. Better is to open the webmail interface for your email provider, select the messages in your Inbox and mark them as spam. Thereafter your provider will learn from that and mark similar messages as spam.