Another SWEN coming in every hour

[Veronica Loell]

James Egan wrote / skrev:

If it's a minimum, how do you to increase it?




Loads of them have more than 20 lines of (body) crap before getting to
the html tag.


Jim.

All swen-email that I get is detected with 25 lines. But I detect both
on the html-crap and the attachment-type.

- Veronica Loell

 

[James Egan]

All swen-email that I get is detected with 25 lines. But I detect both
on the html-crap and the attachment-type.

Here's an example of one I just got which is just short of 50 lines
into the body text before the HTML tag.


Return-Path: <[email protected]>
X-Original-To: (e-mail address removed)
Delivered-To: (e-mail address removed)
Received: from hfep05.dion.ne.jp (hfep05.dion.ne.jp [203.181.105.71])
by mail8.easyspace.com (EasyPost) with ESMTP id CA8528B4AB
for <[email protected]>; Thu, 9 Oct 2003 09:46:15 +0000 (GMT)
Received: from ivmxk ([210.234.206.187]) by hfep05.dion.ne.jp with
SMTP
id <[email protected]>;
Thu, 9 Oct 2003 18:46:25 +0900
From: "MS Corporation Security Section"
<[email protected]>
To: "Microsoft Customer" <[email protected]>
SUBJECT:
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="pzfoddqtw"
Message-Id: <[email protected]>
Date: Thu, 9 Oct 2003 18:46:29 +0900
X-UIDL: L&*"!YJ*!!@4d!!+?#"!

--pzfoddqtw
Content-Type: multipart/related; boundary="dbwhgpfmf";
type="multipart/alternative"

--dbwhgpfmf
Content-Type: multipart/alternative; boundary="caoqnixfhy"

--caoqnixfhy
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Microsoft Customer

this is the latest version of security update, the
"October 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express.
Install now to help protect your computer
from these vulnerabilities, the most serious of which could
allow an malicious user to run code on your system.
This update includes the functionality =
of all previously released patches.


Microsoft Product Support Services and Knowledge Base articles =
can be found on the Microsoft Technical Support web site.
http://support.microsoft.com/

For security-related information about Microsoft products, please =
visit the Microsoft Security Advisor web site
http://www.microsoft.com/security/

Thank you for using Microsoft products.

Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable =
to respond to any replies.

----------------------------------------------
The names of the actual companies and products mentioned =
herein are the trademarks of their respective owners.
Copyright 2003 Microsoft Corporation.

--caoqnixfhy
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD> ...

 

[Veronica Loell]

James Egan wrote / skrev:

Here's an example of one I just got which is just short of 50 lines
into the body text before the HTML tag.

Ah, yes sorry, I actually filter on
"this is the latest version of security update, the"
must have been half asleep when I wrote that...

- Veronica Loell

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

Is that in the registered version only? I can't see an editable
setting in the free version.

Mailwasher Pro v3.2

Maybe it's a registry setting?

I don't know if this key will work in the free version:
---begin---
REGEDIT4

[HKEY_USERS\.Default\Software\FireTrust\MailWasher Pro\prefs]

"Lines to download"=dword:00000014

---end---
note* the dword value 0x00000014 is 20
for any other number of lines just edit the dword accordingly.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on Thu, 09 Oct 2003

All swen-email that I get is detected with 25 lines. But I detect both
on the html-crap and the attachment-type.

What do you filter for to get attachments,
the word "multipart"?
My "html" filter seems to get almost all of it.

 

[Veronica Loell]

Bart Bailey wrote / skrev:

In Message-ID:<[email protected]> posted on Thu, 09 Oct 2003
11:57:45 +0200, Veronica Loell wrote:




What do you filter for to get attachments,
the word "multipart"?
My "html" filter seems to get almost all of it.

Content-Type: audio/x-wav; name=
Content-Type: audio/x-midi; name=

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on

Here's an example of one I just got which is just short of 50 lines
into the body text before the HTML tag.

I think it's my header filter on the word "Microsoft"
that's getting those.

 

[James Egan]

I think it's my header filter on the word "Microsoft"
that's getting those.

I've got other rules which catch them so it's not a problem. I was
just trying to figure out how to extend the body download.

Regarding the registry, the free version has prefs in the same place
as you posted except under eCOSM\MailWasher instead of
FireTrust\MailWasher Pro

The "Lines to download" setting wasn't there but I tried adding it in
to see if it did anything but unfortunately it didn't. Looks like you
have to pay for the privilege.


Jim.

 

[Veronica Loell]

James Egan wrote / skrev:
[...]

to see if it did anything but unfortunately it didn't. Looks like you
have to pay for the privilege.


Jim.

Or use an open source tool that is really free instead...

 

[FromTheRafters]

Hi Rafters,



And...you're asking 'me' how OE is supposed to determine this?? Hey,
remember me, I am the learnee here <vbg>

However, if it is indeed true, and I am not doubting you, just asking, that
the message must first be downloaded for the Rule to apply, then why does MS
provide for this action 'delete from server'.

I used to use OE's multiple identities to sort my e-mails. Any e-mails
I received would be downloaded but a copy left on the server so that
any for my mother could be later downloaded to her computer sitting
downstairs (she can't go upstairs). My main identity (on this computer)
could apply rules to delete from the server any e-mails to me, while still
retaining hers on the server. That way I could use her computer to get
her e-mail to her (her OE also left a copy on the server). My *other*
identity on the upstairs computer would be used to purge the server
of any collected e-mails.

The point here is that "delete from server" is not equivalent
to "do not download", and even so ~ Microsoft's allowing
you to choose an impossible scenario is typical Microsoft
behavior.

It is somewhat misleading in it's inference by terminology that the
message would indeed be deleted from the server level at the point
of contact by the Rule criteria.

If it is deleted from the server, it will not be accessible via webmail
or through another computer using the same account. That is not to
say that it hasn't already been downloaded to the current client.

But, the e-mail body having met the criteria for the "do not
download" action is indeed, as you say, a little bit like having
the "do not open" instructions on the *inside* of the box.

People familiar with programming are quite used to the way
computers follow instructions even though they themselves
see those instructions as illogical. Perhaps they should have
programmed in a "greying out" of the "do not download"
action when it is determined that the criteria required it being
downloaded.

Being a
novice at all this, and not that familiar with all the workings of how the
programming works to seek out and determine if a message meets specific
criteria for the Rule action to act on, or at what point in the loading
process....well...I am sorta lost on this concept.

I think the e-mail filter rules work on the message in two basic
parts - the header - and the body. The "attachment" or "inline
content" of the message is only a part of the body (rfc822).
The server has information about file size, and probably can
reference that information by its internal "Message ID" string.

The filter can determine file size (by querying the server), and
can parse the downloaded header (for string matching), or part
of the body (for HTML or MIME clues), or download the whole
thing.

No Rafters, I don't have any have any options in place to provide for a copy
to be left of the server.

So then downloading implies deletion from the server anyway,
its default setting.

To clarify, I only have 1, One, #1, Uno, Rule in
place at this time.

One *compound* rule, but lets not quibble. ;o)

It is..Rule: 'where the FROM line contains "M' or 'MS'
or Microsoft'; Action: 'delete from server'. I have tied to keep it as
basic and simple as I can. There are no other Rules above or below this one
and only Rule, so there should not be anything that can interfere with this
only Rule as far as I have been able to derive.

Okay, you just threw me off with that "attachment" and "delete"
post. This does seem simple enough. Just out of curiosity, have
you tried this?

Apply this rule after the message arrives
Where the From line contains 'M' or 'MS' or 'Microsoft'
Do not Download it from the server

followed by:

Apply this rule after the message arrives
Where the From line contains 'M' or 'MS' or 'Microsoft'
Delete it from server

I am sorry for the confusion on my part to be more clear. But, would you
please clarify a bit more on this statement. I thought that I had referred
to the correct criteria data in the headers in the FROM line.

You did, I was referring to the if "attachment" then "delete" rule
you mentioned.

However, if
this is not the case, then what have I left out or entered incorrectly? I
would truly appreciate it if you would explain this concept and where my
thinking is in error. I truly apologize for being so very dense on this,
but, the inference of the Rule options and what you are saying as
to the 'delete from server' is somewhat confusing. In what way is
it self-defeating?

I misunderstood which "one rule" you were referring to.
My error.

 

[James Egan]

James Egan wrote / skrev:
[...]

to see if it did anything but unfortunately it didn't. Looks like you
have to pay for the privilege.


Jim.

Or use an open source tool that is really free instead...

Yes. mmm seems to do what I want better than (free version) mailwasher
so I'll be running with it.


Thanks

Jim.

 

[Jan Il]

Hi Rafters!

It was a rhetorical question <g>.
...and I don't think any of us here are done learning. :O)

Yeah...tell me about it! ;-)))

I used to use OE's multiple identities to sort my e-mails. Any e-mails
I received would be downloaded but a copy left on the server so that
any for my mother could be later downloaded to her computer sitting
downstairs (she can't go upstairs). My main identity (on this computer)
could apply rules to delete from the server any e-mails to me, while still
retaining hers on the server. That way I could use her computer to get
her e-mail to her (her OE also left a copy on the server). My *other*
identity on the upstairs computer would be used to purge the server
of any collected e-mails.

Well...I can see your need to do so, but, I am the only one who uses my
computer, so for me it is not necessary to keep anything saved on the server
I don't need. The only time I might do this is if I am accessing my account
from the webmail from work or away from home, and may have reply or draft
that I want to save for later. But, that is a very rare case, and surely

The point here is that "delete from server" is not equivalent
to "do not download", and even so ~ Microsoft's allowing
you to choose an impossible scenario is typical Microsoft
behavior.

Oh..?? Well...I am beginning to see this as I go through the various Rules
and how they seem to relate to the different messages. It would seem that it
gives you a variety of choices, but, they don't all work as the wording in
the setups would suggest.

If it is deleted from the server, it will not be accessible via webmail
or through another computer using the same account. That is not to
say that it hasn't already been downloaded to the current client.

But, the e-mail body having met the criteria for the "do not
download" action is indeed, as you say, a little bit like having
the "do not open" instructions on the *inside* of the box.

True, and if indeed, as you, and a few others have said, that the message
*must* be downloaded before the Rule criteria can be applied, then the
'delete from server' action is a totally useless and misleading option.

People familiar with programming are quite used to the way
computers follow instructions even though they themselves
see those instructions as illogical. Perhaps they should have
programmed in a "greying out" of the "do not download"
action when it is determined that the criteria required it being
downloaded.

While the more experienced may well be knowledgeable of how the programming
is designed, and knows the holes that extemporaneous or even irrelevant
actions or Rules are presented, the majority, like myself, will simply that
these at face value and expect them to work accordingly. This can lead to
frustration, confusion and perhaps even the spread of these things as a
result.

Actually, upon reviewing the information presented here on this issue, I can
see that it would be better to let the message download and then deal with
it. At least that way you know that the action is actually taking place, as
you can see if the message is in the delete box, or if in the inbox, and you
can then delete it.

I think the e-mail filter rules work on the message in two basic
parts - the header - and the body. The "attachment" or "inline
content" of the message is only a part of the body (rfc822).
The server has information about file size, and probably can
reference that information by its internal "Message ID" string.

The filter can determine file size (by querying the server), and
can parse the downloaded header (for string matching), or part
of the body (for HTML or MIME clues), or download the whole
thing.

This could be true, but, with a good many of the samples that I have seen,
especially lately, there does not seem to be a whole lot of consistency in
the messages, as to working, size, headers, body, they are changing all the
time. It is like living in an apartment building where one tenant has
roaches. They stray into your apt, and you spray or bomb to get rid of them.
They go somewhere else, then, in a while, they are back at your place, they
just make the rounds of the safest host at the time. But, unless the whole
building is bombed, they will not go away. Even then, you can bring home 1
in a paper bag, or a bag of potatoes, etc, and then...it all starts over
again. All you can do is try to put out the Roach Motels, sprays, bait, etc.
and hope that they will be kept to a minimum. But, they do, and will come
back, no matter how clean 'you' are.

So then downloading implies deletion from the server anyway,
its default setting.


One *compound* rule, but lets not quibble. ;o)

Why stop now!! I'm just now beginning to understand what the peach fuzz
you're talking about..sheesh...I'm on a roll!!...;-)))

Okay, you just threw me off with that "attachment" and "delete"
post. This does seem simple enough. Just out of curiosity, have
you tried this?

As this thread (tome) has progressed, I have been trying various types and
combinations of Rules and actions along the way, but, always only one at a
time. Thus, yes, I can see that you may be reading more than one Rule from
post to post...but...you really must try to keep up...

Apply this rule after the message arrives
Where the From line contains 'M' or 'MS' or 'Microsoft'
Do not Download it from the server

followed by:

Apply this rule after the message arrives
Where the From line contains 'M' or 'MS' or 'Microsoft'
Delete it from server

'k...now, I have a really great opportunity here to test your suggestion. I
will be going out of town on Sat. and won't be able to access my e-mail,
and I will set the Rules and actions exactly as you have suggested. By the
time I return home a next Friday, there should be some significant data to
research how well it has/hasn't worked on these particular messages.

I'll post back, if you'll check back. Deal?? I mean, there will be no point
to post back to thin air.

You did, I was referring to the if "attachment" then "delete" rule
you mentioned.

Oh...that one...that was like..a while ago....>

I misunderstood which "one rule" you were referring to.
My error.

s'ok. One really does seem to be the loneliest number. But ..it's

 

[Jan Il]

Hi Veronica!

Jan Il wrote / skrev:

Small email-school ;-)

An email-program can choose between 3 things basically in regards to how
they get information about an email message from the server.

1. simply getting the size of the message (usually this is done by
sending the LIST-command which returns a list of all message-ids along
with their size.
2. getting just the header of the message. This is the part that
contains information about subject, from, to date etc. Optionally one
can get additional lines along with the header (this is what I use in my
filter for MMM3, download for each message 25 lines along with the header).
3. get the entire message.

Now as for attachments. If doing 2 the email-program will know whether
the message has any attachments because it will contain a line like:
"Content-Type: multipart/"

The thing to consider when setting your email-client to automatically
delete all messages containing attachments is that it will delete
HTML-format emails, and also emails with signatures produced by some
Microsoft programs.

- Veronica Loell

I will certainly look further into this further when I return home, as I am
off to attend a PowerPoint conference for a week on Sat., and I am looking
forward to seeing what I have in the minnow bucket when I get back. The one
thing that confuses me is that the majority of the Swen messages seem to
have website type bodies, and not much separate text. I mean, I have done
this myself, created the body of an e-mail message in Word and then copied
it to the body of an OE e-mail to send. So...how can these rules determine
which HTML is the virus, and which are a legitimate e-mails in which someone
has copied some Word or other word processor text into the body of their
e-mail body? I am just asking, as I am truly curious how the HTML can be
determined as friend or foe...or can it?

Thank you for all your time and assistance, and information. I really
appreciate it.

Jan

 

[FromTheRafters]

True, and if indeed, as you, and a few others have said, that the message
*must* be downloaded before the Rule criteria can be applied, then the
'delete from server' action is a totally useless and misleading option.

Only if from the "delete from server" you mistakenly infer that
it means that you don't want to ever see that particular message.
What it really means is that you don't want that message retained
on the server. "Do not download" would mean that you don't want
to see that message (in OE) but by not downloading ~ the default
option of deleting after downloading wont take effect either, and
the message will be retained on the server for access by another
client such as webmail. I am assuming by all of this that the wording
being used means exactly that and nothing more. The "delete from
server" action means *only* that (the message will be deleted from
the server) and implies nothing other than that ~ same goes for the
"do not download" action. I could easily be wrong on both counts,
Microsoft's wording often makes me wonder...

(hide preview pane, rather than disable preview pane, was one
such case)

While the more experienced may well be knowledgeable of how the programming
is designed, and knows the holes that extemporaneous or even irrelevant
actions or Rules are presented, the majority, like myself, will simply that
these at face value and expect them to work accordingly. This can lead to
frustration, confusion and perhaps even the spread of these things as a
result.

This is exactly the point that Sugien keeps trying to make. Misunderstanding
what they are being told because those doing the telling are using specific
language unfamiliar to those being given the information. However, if those
doing the telling use words more familiar to the public, the actual information
being conveyed becomes less accurate.

Actually, upon reviewing the information presented here on this issue, I can
see that it would be better to let the message download and then deal with
it. At least that way you know that the action is actually taking place, as
you can see if the message is in the delete box, or if in the inbox, and you
can then delete it.

That is why I suggested using the rule with an action to highlight with
red or send to folder ~ you can see the results of the matching of text
to criteria. Then you can change the action to see if the action was the
intermittent problem. Such testing would be complicated if you didn't
work with a single rule at a time though.

[snip]

Why stop now!! I'm just now beginning to understand what the peach fuzz
you're talking about..sheesh...I'm on a roll!!...;-)))

Quibbling follows:

Three simple rules...

Rule #1 = If "From:" contains "M" then highlight as red.

Rule #2 = If "From:" contains "MS" then highlight as red.

Rule #3 = If "From:" contains "Microsoft" then highlight as red.

....could also be written as one compound rule...

If "From:" contains "M", or "MS", or "Microsoft", then highlight as red.

[snip]

As this thread (tome) has progressed, I have been trying various types and
combinations of Rules and actions along the way, but, always only one at a
time. Thus, yes, I can see that you may be reading more than one Rule from
post to post...but...you really must try to keep up...

Posts don't always show up (or get read) in the same order in which
you post them, I was replying directly to the post that mentioned
"if attachment then delete from server" after you said that you had
simplified the ruleset to one rule only. I'll try to keep up to the best
of my ability. ;o)

[snip]

'k...now, I have a really great opportunity here to test your suggestion. I
will be going out of town on Sat. and won't be able to access my e-mail,
and I will set the Rules and actions exactly as you have suggested. By the
time I return home a next Friday, there should be some significant data to
research how well it has/hasn't worked on these particular messages.

I'll post back, if you'll check back. Deal?? I mean, there will be no point
to post back to thin air.

I will stick around for a little while longer...I promise.

 

[Jan Il]

Hi Rafters -

Only if from the "delete from server" you mistakenly infer that
it means that you don't want to ever see that particular message.
What it really means is that you don't want that message retained
on the server. "Do not download" would mean that you don't want
to see that message (in OE) but by not downloading ~ the default
option of deleting after downloading wont take effect either, and
the message will be retained on the server for access by another
client such as webmail. I am assuming by all of this that the wording
being used means exactly that and nothing more. The "delete from
server" action means *only* that (the message will be deleted from
the server) and implies nothing other than that ~ same goes for the
"do not download" action.

Well, there are certain words in the English language that do have
particular meaning to some of us, even though I speak 5 languages (none
fluently, including English, my 1st language), but, when there are written
instructions presented, one would think that these words would denote the
actual meaning of the action that would happen if your chose this option. I
realize that is such a thing as Cyber-speak, Computerese, Syntax, VBA,
Esperanto, Monday Night Football, Legalese (aka, fine print), etc., but,
if they are going to market a product for the average non-expert user, they

should make sure that the wording they use is in keeping with the normally
accepted nomenclature of the language that they instructions are written
in. I should not have sit and look at each Rule and try to determine what
the peach fuzz it is *really* trying to say what selecting this Rule will
actually do.

(rant..'k..I'm done). If the action says 'delete from server', that should
mean, that as soon as the message that meets this criteria enters my
account, it should be deleted..plonked..zapped...'poof'. But, now......ya
mean it 'really' don't mean that?? And if I use the action 'don't down load'
that means it just sits out there in my account somewhere like an unwelcome
in-law that won't go away??

I could easily be wrong on both counts, Microsoft's wording often makes me
wonder...

Well..while it may make you wonder..it is driving me to picking plaster
nodes off the wall with a pair of tweezers....I'm well past the wallpaper at
this point...

(hide preview pane, rather than disable preview pane, was one
such case)

...eh....that too??

This is exactly the point that Sugien keeps trying to make. Misunderstanding
what they are being told because those doing the telling are using specific
language unfamiliar to those being given the information. However, if those
doing the telling use words more familiar to the public, the actual information
being conveyed becomes less accurate.

I have been reading a lot of the other posts and responses to issue
regarding problems with all sorts of AV's, ones that work well for some, yet
not for others..and I wonder..how can this be? But, now I am beginning to
understand how this can happen. It really is not always a matter of user
ignorance per se, but, that the user is following the instructions, and
meaning of the letter of the actions/Rules, but, in fact, this is not really
what is happening. So, they 'are' doing what they think is the right thing
to do based upon the information their program is presenting to them.

I relate this somewhat, sorta, like a blind person standing at the corner of
the street after first finding, then pressing, the button to call for the
pedestrian crossing light. In some areas, there is the sound of a bird that
lets the sight impaired know when the pad light is green and they can start
across, only to find that even though the light is on, and they are given
the prompting that it is safe to cross, that the light/sound is really does
not mean that it is safe, it just means that the light is green...cross at
your own risk... ??? Perhaps not quite the proper comparison, but, you get
my drift.

Actually, upon reviewing the information presented here on this issue, I can
see that it would be better to let the message download and then deal with
it. At least that way you know that the action is actually taking place, as
you can see if the message is in the delete box, or if in the inbox, and you
can then delete it.

That is why I suggested using the rule with an action to highlight with
red or send to folder ~ you can see the results of the matching of text
to criteria. Then you can change the action to see if the action was the
intermittent problem. Such testing would be complicated if you didn't
work with a single rule at a time though.

[snip]

To clarify, I only have 1, One, #1, Undo, Rule in
place at this time.

One *compound* rule, but lets not quibble. ;of)

Why stop now!! I'm just now beginning to understand what the peach fuzz
you're talking about..sheet...I'm on a roll!!...;-)))

Quibbling follows:

Three simple rules...

Rule #1 = If "From:" contains "ME" then highlight as red.

Rule #2 = If "From:" contains "MS" then highlight as red.

Rule #3 = If "From:" contains "Microsoft" then highlight as red.

...could also be written as one compound rule...

If "From:" contains "ME", or "MS", or "Microsoft", then highlight as red.

Ohm...alright. I'll try it. Geese...now I'm color coding my

[snip]

As this thread (tome) has progressed, I have been trying various types and
combinations of Rules and actions along the way, but, always only one at a
time. Thus, yes, I can see that you may be reading more than one Rule from
post to post...but...you really must try to keep up...

Posts don't always show up (or get read) in the same order in which
you post them, I was replying directly to the post that mentioned
"if attachment then delete from server" after you said that you had
simplified the rule to one rule only. I'll try to keep up to the best
of my ability. ;of)

...well...'key....you're forgiven...not pardoned...just forgiven....

;-))

[snip]

I will stick around for a little while longer...I promise.

Okiedokie...then I'll layout the Rules and red color codes as you
instructed, and then report back what I find as a result when I get back.

Now.....all I have to do is layout a breadcrumb trail to find my way back
here after 8 days....whew!! On the other hand...never mind the
breadcrumbs...better make that boulders...with a big red 'AX'S on 'me!

Hang tight....I'll be back....film at 11:00... ;-))

 

[Jan Il]

Hi Rafters!

I'mm baacccckkkk! ;-))

True, and if indeed, as you, and a few others have said, that the message
*must* be downloaded before the Rule criteria can be applied, then the
'delete from server' action is a totally useless and misleading option.

Only if from the "delete from server" you mistakenly infer that
it means that you don't want to ever see that particular message.
What it really means is that you don't want that message retained
on the server. "Do not download" would mean that you don't want
to see that message (in OE) but by not downloading ~ the default
option of deleting after downloading wont take effect either, and
the message will be retained on the server for access by another
client such as webmail. I am assuming by all of this that the wording
being used means exactly that and nothing more. The "delete from
server" action means *only* that (the message will be deleted from
the server) and implies nothing other than that ~ same goes for the
"do not download" action. I could easily be wrong on both counts,
Microsoft's wording often makes me wonder...

(hide preview pane, rather than disable preview pane, was one
such case)

While the more experienced may well be knowledgeable of how the programming
is designed, and knows the holes that extemporaneous or even irrelevant
actions or Rules are presented, the majority, like myself, will simply that
these at face value and expect them to work accordingly. This can lead to
frustration, confusion and perhaps even the spread of these things as a
result.

This is exactly the point that Sugien keeps trying to make. Misunderstanding
what they are being told because those doing the telling are using specific
language unfamiliar to those being given the information. However, if those
doing the telling use words more familiar to the public, the actual information
being conveyed becomes less accurate.

Actually, upon reviewing the information presented here on this issue, I can
see that it would be better to let the message download and then deal with
it. At least that way you know that the action is actually taking place, as
you can see if the message is in the delete box, or if in the inbox, and you
can then delete it.

That is why I suggested using the rule with an action to highlight with
red or send to folder ~ you can see the results of the matching of text
to criteria. Then you can change the action to see if the action was the
intermittent problem. Such testing would be complicated if you didn't
work with a single rule at a time though.

[snip]

Why stop now!! I'm just now beginning to understand what the peach fuzz
you're talking about..sheesh...I'm on a roll!!...;-)))

Quibbling follows:

Three simple rules...

Rule #1 = If "From:" contains "M" then highlight as red.

Rule #2 = If "From:" contains "MS" then highlight as red.

Rule #3 = If "From:" contains "Microsoft" then highlight as red.

...could also be written as one compound rule...

If "From:" contains "M", or "MS", or "Microsoft", then highlight as red.

[snip]

As this thread (tome) has progressed, I have been trying various types and
combinations of Rules and actions along the way, but, always only one at a
time. Thus, yes, I can see that you may be reading more than one Rule from
post to post...but...you really must try to keep up...

Posts don't always show up (or get read) in the same order in which
you post them, I was replying directly to the post that mentioned
"if attachment then delete from server" after you said that you had
simplified the ruleset to one rule only. I'll try to keep up to the best
of my ability. ;o)

[snip]

'k...now, I have a really great opportunity here to test your suggestion. I
will be going out of town on Sat. and won't be able to access my e-mail,
and I will set the Rules and actions exactly as you have suggested. By the
time I return home a next Friday, there should be some significant data to
research how well it has/hasn't worked on these particular messages.

I'll post back, if you'll check back. Deal?? I mean, there will be no point
to post back to thin air.

I will stick around for a little while longer...I promise.

Well, Rafters.....are ya still here??? If so...you sure are a glutton for
punishment.. ;-))

'k.....I didn't mess around with nuttin' all the while I was on vacation.
Cross my heart...and when I got back about an hour ago, I checked my
e-mails. Out of the 134 e-mails that I had, only one of which was a legit
e-mail, not ONE red highlighted Swen. But, there were 15 Swen, 'cept not
one with the criteria as you instructed. :-(((

So.....what?? Ahmm...I mean, you didn't state any action that was supposed
to happen other than the show in red besides the just setting Rule
criteria. So, I did not set any action to take place regarding any messages
that might fit the Rule criteria. Thus, if there had been any messages that
would have fit the various criteria that you instructed me to set for the
Rules had shown up, then, they should have been displayed with red. Is this
correct?

Jan

 

[Jan Il]

I will stick around for a little while longer...I promise.

So what...so you hung around for a minute? Sheesh!! Now we know who stood
up Delta Dawn!


;-))