2026-04-gmail-phishing-filter-action

Gmail phishing / spam filter action – April 2026

Date: 2026-04-13
Owner: Ops / Uttam
Scope: 43 mailbox-enabled users

Summary

We ran a two-pass audit of spam across the company mailboxes and then applied Gmail inbox filters to the approved spam sender domains.

What was blocked

First-pass sender domains:

• webscalemode.com
• trythecustomers.live
• trydirectmarketinggroup.help
• soluxdesign.agency
• f.lushanotice.com
• leadhubbusiness.com
• btlmi.com

Second-pass sender domains:

• webymkt.com
• zcsend.in
• repdatallc.com
• activecsllc.com
• leadmarksync.org
• theleads.email
• internetsoft.co
• softstackinsider.com
• geniusmatch.io
• activestaffing.co
• collabraze.com
• gomerge.com
• lsladvisors.com
• techconglobal.com

Additional approved sender-domain block:

• engage.affinity.studio

What stayed unblocked

These were explicitly reviewed and left alone:

• trustvicinity.com
• leoluna.finance
• default.com
• braintrustdata.com

Impact estimate

We scanned 649 spam messages across the 43 mailboxes. Based on the observed spam corpus, the blocked sender domains account for roughly 70-100 spam emails in the current sample.

That is a conservative estimate:

• it counts sender-domain matches only
• it does not count every rotated reply-to pattern or all future repeat campaigns
• the benefit should grow over time as the same sender infrastructure repeats

Notes

• Filters were applied at the mailbox level across all mailbox-enabled users.
• The goal was to keep enforcement approval-gated, so benign or borderline domains were left out rather than overblocking.
• A follow-up pass can focus on reply-to-only infrastructure if we want to tighten coverage further.