Xfinity SPAM filters are no longer working

Hello and thank you for taking the time to reach out to us here on our Xfinity Forums. I can absolutely understand not wanting to get spam mail and I would be just as confused if I were getting mail from months ago! The spam filters you have set up, did you set those filters up in the 3rd party email client or via the Xfinity website? I would recommend checking to make sure the filters are set on both options.

I have Xfinity's overall SPAM filter turned on, that is the filter I'm referring to as not working. My third party email client has nothing to do with the problem I'm having. If the Xfinity SPAM filter works as it should then spam emails go to the spam folder thus never reaching my inbox that my third party email client pulls from.

The only way I've ever set up a personal filter to block spam is by blocking the sender's domain, but these spam emails are from different domains each day, which would require me to setup about 5 filters everyday. If you know of a "catchall" filter to setup I'd love to know what it is. 

... they always show as being received on July 6th or 7th of 2021...

You should be able to catch these with a filter like:

Conditions:   Header   Name   Date   Contains   Jul

Actions:        Move to folder   Select folder   Spam

@user_3f87fe 
Good Morning,

Unfortunately, the time/date timestamp provided for the header LMTP log is not the reason these emails have been delivered to the inbox. Dates/Times are never accurate means of filtration due to it being a commonality amongst all emails regardless of their content/intention. If emails were to be filtered by time/date - you would not only block potential spam, but all emails sent at that exact date/time leading to a larger issues. Reviewing our logs for the domain in the screenshot you provided it appears they are likely escaping the filtration due to changing their email address every time (green@domain.com, blue@domain.com, purple@domain.com, etc.). In regards to the spam filtration system, it does take some time to create an accurate filtration pattern which means that a large bulk of initial emails sent by a spammer will likely end up in the inbox until properly filtered. Each "mark as spam" report assists in the speed of the filtration as our system will have further examples to compare the emails by. 

As mentioned above, you can create a filter rule to specifically target the domain and place them into your spam folder automatically. Example filter setup:

To note, reviewing our logs it appears to be a domain that has been sending large amounts of spam to our users and has since been filtered as a spam sender and should be going to the spam folder currently. It also appears the volume of spam has significantly reduced due to likely high volumes of Comcast recipients marking their emails as "spam", making their spam campaign likely useless. Unfortunately, this usually indicates that a new email domain will likely be created for further spamming activities. Should you receive further spam emails, please be sure to mark as many as possible as "spam" so that our system can record the email and start processing the emails for spam filtration.

@user_3f87fe wrote: "... Maybe the "contains" operative only looks at the message body and not the header/source?"

Your filter looks good except for the "Content" keyword. I know of no actual documentation, but my impressions is that "Content" means "look through the message body", whereas here you want to be looking at the "Date:" header. That's why I recommended using a "Header   Name   Date   Contains" condition. 

"... When I try to set up that filter it requires text in the "Name" field ..."

The Name field in the Header condition is just the name of the header you want to compare the contents of the Contains field to. So in this case the name should be "Date" (without the quotes, without an "@" symbol, and without a trailing ":").

It should look just like I posted above:

• Header   Name   Date   Contains   Jul

Which just means "If the 'Date:' header contains 'Jul', take the Action following"

"... thanks for explaining ..."

Most welcome. What I would rather see them do is document some of this stuff! We shouldn't have to guess what the keywords mean or what the syntax is, we should be able to find the information in some sort of reference. C'mon Comcast!

I have exactly the OPPOSITE problem.

Having just spent the previous four days getting Comcast to fix an unrelated ( well, not totally unrelated)  email problem (that I wont detail here)  I now can send test messages FROM <(my email)@comcast.net) TO

<my other email@comcast.net> and actually see them being delivered.

Problem is that mails I send TO MYSELF are being diverted to the spam folder. Now I DID say "that was OK" in an act of desparation to get the other problem solved, however I said that because I believed I could set up a filter rule in the destination mailbox to PREVENT  automatic diversion to the SPAM folder. Particularly if I'M the sender, and I AM (under a different or even the same) RECIPIENT.

No such luck.

Over 10 test messages I sent myself, all 10 failed to be filtered and (contitue to) end up in the SPAM folder.

Now, I've sadly accepted (over 20 years)  the fact that mails that I recieve on ONE of my 3 comcast emails can easily and regularly evade comcast's spam filters. I simply rarely use that account (and use its contents to train the bayesean analyzer I have running on a local system that pulls that inbox via IMAPs and feeds it to a bayes engine).  MY bayes engine keeps the good mail and diverts the spam , more accurately, (You  can ask me later which bayes engine I'm using. Its been around for a while and it's free.) 

But setting a filter to unconditionally accept an email address by discrete pattern matching does NOT take artificial intellegence, folks. If the address is an exact match, the filter should take the matching action, deterministically.  The filter in my case says

contains <(my_account@comcast.net)> (no parens, no braces):  action 1: KEEP action 2: move to: INBOX.

No joy. To the spam folder it goes. Even with a volume as low as 7 test messages over a 1 hour period (the time delta beween comcast fixing the "other" problem and me sending test messages to prove the "other" problem was fixed.)

I fear that what may happen is that messages that  I purposefully send to one of my accounts via process automation (in low volume, NON UCE, light payload, to monitor servers and IDS devices) will be "learned" by Comcast's apparently defective filtering and auto-learning algorithm as SPAM, and then the OTHER problem (which I did not detail here) will pop up AGAIN as some misguided naive  brute-force anti-UCE/SPAM countermeasure, ${DIETY_OF_CHOICE} forbid. 

And yes, I know what I'm talking about. I used to build enterprise-class mail systems on non-Microsoft environments, with bayes-based UCE filtering and learning algorithms before google and microsoft broke all of this. 

Im also unhappy to report that a similar test message I sent to myself at a corporate email account hosted at Microsoft's office365 two hours ago and just now have not been delivered.

This certainly looks like a breakage at comcast extends to the outbound mail.

My junk mail folder count at office365 stands where it has been for 15 days. I'm still investigating if there's some method to unconditionally whitelist senders at office365 but at the moment it looks like Comcast's outbound mail queue has a severe outbound delivery problem with accepting mail via the authenticated relay (as in "message accepted for delivery") in my local logs) but then  either not delivering it or refusing to DKIMS sign it to circumvent foreign delivery system countermeasures.

(in which case there should still be RFC compliant  bounce messages indicating the cause of the failure).

So it would also appear that the often-touted solution of adding a non-spam sender to the recipient's address book to prevent automatic diversion to the spam folder is a no-op and ineffective solution. The sender and recipient are the same address; the MUA is the web interface at comcast; the sender gateway is the 587/TLS authenticated comcast mail gateway using comcast as a "smarthost". (Yes, that was the "other problem" that was broken for a week and a half and, according to percentage of delivery, is still  > 50% broken). 

The sender / recipient is now in the sender  (/recipient) address book. A message sent after this change still gets diverted to the spam folder.

I gotta tell you, I dont have $200/month for gigabit business internet but my employer does. With everyone wigging out about the new Covid variants, my employer offered to put business internet in my house and pay for it in full, as a business expense, sometime within the next 45 days or so.

I gotta tell you, the number of things I've found just plain not working with comcast in the past 2 weeks (specifically as it relates to mail) leaves me thinking that Comcast would not be my first choice for an upgrade to business class service at this point unless I see some results....

Just to add this note, as I also struggle with 1 spam email every literal minute.  My box goes from 0 emails to 999+ in a few days.  DO NOT, go to the website and click unsubscribe. I listened to this advice and my problem only got worse.  I went to as many as I could in a few hour of work and unsubscribed.  Now, not only do I still continue to get emails about liposuction, my car's extended warranty, & roof repair (I live in an apartment), my spam emails have tripled.  I think they just take your email you enter and then sale it to whomever once they've confirmed you are a actual person. 

It would be nice If there was a way to select a few emails at a time, mark them as spam and then I could request the Xfinity email program to scan my 999+ emails for duplicates.  As it is, I've been clicking them .. one by one..