BH said:
I could appreciate some advice, I am starting to get hundreds of emails(I
use outlook express) a day some from myself(or from my server address), and
loads from Russia Romania etc MAILER DELIVERY SYSTEM or MAILER-DAEMON.
It driving me nuts, I have contacted my isp and according to them all they
can do is report it to something like Spamcop, is there anything I can do to
stop or reducet the spam (other than change my email address)
And this had what to do with anti-virus, the topic of this newsgroup?
Do you often send yourself e-mails? If not, create a rule in your
unidentified e-mail client that checks if your e-mail address is in the
From header. If so, mark it read and move to Junk or Trash folder, or
permanently delete it if your e-mail client has that option (but then
you won't be able to retrieve if it was a false positive). Spammer use
the recipient's own e-mail address as the sender's e-mail address
knowing that it is highly unlikely that users will add themself to their
Blocked Senders list. That is, users don't blacklist themselves so
spammers pretend the user sent themself an e-mail.
Because you might send yourself test e-mails, or send a reminder to
yourself occasionally, put a passcode string in the Subject. Use a rule
to whitelist any e-mail that has the passcode in the Subject. Use some
oddball string that is not likely to appear in the Subject. Can be
anything, like "##B.H@12##". It doesn't have to be too long (4 to 6
alphanumeric chars along with non-alphanumeric characters). The
whitelist rule is at the top of your rules list. It merely check if the
string is in the Subject and, if so, doesn't do anything with it (so it
remains in your Inbox) but you might want to colorize it. When you send
test or reminder e-mails to yourself, just add the passcode to the
Subject to ensure it doesn't pass through the gauntlet of your other
anti-spam rules. If you use this scheme, check if you can define
server-side filters in your e-mail account (i.e., use the webmail
interface to your account to add filters up on the server). Check for
the passcode and, if present, leave in your Inbox.
Do you want to accept e-mails that are not addressed to you? If not,
use a rule to check if your e-mail address is in the To or Cc headers.
If not listed, you junk or trash the e-mail. Be aware that many bulk
mailers or listservers do not put your e-mail address in those headers
(they are NOT used to specify the recipient of an e-mail and are *data*
that the user's e-mail client puts inside the message). So you need to
use a whitelisting rule at the top of your rules list for filtering in
any newsletters, forum messages, or other subscribed mailings to keep
those in your Inbox. Also, anyone adding you to the Bcc field (for
which there is no Bcc header in their e-mail) means no recipient gets to
see to whom that e-mail was sent. That means your e-mail address won't
be in the To or Cc headers when someone BCC'ed you. Rather than junk or
delete an e-mail where your e-mail address is not in the To or Cc
headers, just colorize it to flag it as a suspect e-mail. I move those
into the Junk folder but do NOT mark it as read which means I'll see the
Junk folder is bolded because there is an unread e-mail in there. I use
auto-archiving on the Junk folder to permanently delete items that are
over a week old. I have a week to visit the Junk folder to check for
false positives. I'm more likely to check if the folder is bolded.
You could configure your e-mail client to junk or trash all e-mails that
are not from known senders. Add a whitelist rule (at the top of your
rules list) that checks if the sender is in your address book. This
works best if you can define a rule that looks in your address book
rather than having to maintain a long list of e-mail address of senders
in the rule. You filter-in the known good senders (those you added to
your address book). The rest are either sent to the Junk or Trash
folders or they pass through a further gauntlet of anti-spam rules. My
aunt doesn't use a local e-mail client but just the webmail interface to
her Hotmail account. At one time, Hotmail's configuration of Brightmail
was too loose and lots of spam got into her Inbox. So I told her of the
server-side option to make her account exclusive; that is, the only
e-mails that get into her Inbox are those from senders in her address
book. The rest go into a junk. She only occasionally visits the junk
folder to check for false positives, especially if she is expecting an
e-mail, like a confirmation e-mail to complete a site's registration
process. The same can be achieved with a rule in your e-mail client.
Do you really care that your e-mail was undeliverable to someone you
sent it to? What are you going to do about it if it is undeliverable?
Send them another e-mail which is also undeliverable? Most times the
NDR (non-delivery report) e-mails aren't of much value. In Outlook, the
rule would look like:
Apply this rule after the message arrives
with "report-type=delivery-status" in the message header
and move it to the Junk folder (or wherever you want)
and mark it as read
and stop processing more rules
Legitimate NDRs will have this header. Bogus ones written by a spammer
to pretend they are an NDR probably won't. Usually the legit NDRs tell
you to where you sent an e-mail and a reason code of why it was not
deliverable but they don't include the original e-mail that you sent.
The bogus NDRs often carry an attachment pretending it was the e-mail
that you sent to lure you into opening it to see their spam.
You could use an anti-spam program, like SpamPal (free), which
incorporates DNSBLs (DNS blacklists, or blacklists of known spam
sources) to help filter out the spam. SpamPal, unlike other anti-spam
programs, does not block the spam from getting to your e-mail client.
It merely tags the suspect e-mails and you decide what to do with them
by using a rule in your e-mail client. SpamPal will add an X-SpamPal
header with values telling you that it was SPAM (and if so which
blacklist on which the source was found or what other add-on you
installed in SpamPal determined the e-mail was suspect). If your e-mail
client cannot test on headers, SpamPal can add the "**SPAM**" tag to the
Subject header. You configure your e-mail client to connect to SpamPal
which then connects to your POP mail server (IMAP is not supported).
You can also send your outbound e-mails through SpamPal to your SMTP
mail host but the only time that is helpful is when using their Bayesian
add-on to add the content of your "good" outbound e-mails to the
database (but I tend to think that skews the database for content that
you really don't need to include in filtering inbound e-mails). SpamPal
does not support SSL connects so you cannot use it to, say, connect to
Gmail which demands SSL be used - but you can add sTunnel to SpamPal
(your POP client connects to SpamPal which connects to sTunnel which
makes the SSL connect to your e-mail provider).
Products like Mailwasher are only used in their payware version. Way
too much has been crippled in their free version plus the free version
only supports using it with just one e-mail account. If you have more
than one e-mail account then the Mailwasher Free is of little value.
Even if you only have one e-mail account, Mailwasher Free only uses one
DNSBL whereas with SpamPal you can pick and choose amongst several (and
even add others not in their pre-defined list). Another negative for
Mailwasher is that they do have a payware version (which is why they
have a crippled free version to lure you to buy their payware version)
yet they donate nothing to the blacklist(s) that they use. You using
the blacklists for free is expected but someone that has a commercial
venture that utilizes these blacklists should be helping to fund them.
Some DNSBLs are too aggressive for my taste; for example, SPEWS (when it
existed and now in its UCE-Protect form) isn't useful for identifying
spam in personal e-mails but instead merely to indicate how spammy is a
domain so you should only use it when your e-mail client lets you score
an e-mail (i.e., if from a "bad" domain then you add add/substract to
the score for the e-mail to make it more likely it gets identified as
spam but being from a "bad" domain is not the only measure of whether an
e-mail is spam or not). You don't use SPEWS, UCE-PROTECT, or similar
domain-ranking blacklists in an e-mail client that is black or white in
its decision on whether or not an e-mail is spam. In SpamPal, I use
SpamHaus SBL+XBL (but note their PBL) and SpamCop. The PBL blacklist
identifies if the source of an e-mail came from a dynamic IP addressed
host, like some user's host that is spewing e-mails using a mailer
trojan. For e-mails that get routed within the same domain (i.e.,
e-mails between users of the same e-mail provider), it's possible the
sender's host IP address is identified and it will be a dynamic IP
address, so the result of using SpamHaus' PBL list (or their XEN list
which includes PBL) is that you could end up tagging as spam everyone's
e-mail using the same e-mail provider as yourself. It depends on what
Received headers your e-mail provider adds to e-mails that are routed
within that e-mail provider's own domain or network.
By using the DNSBLs, like SpamCop, you and others reporting spam to them
along with their honeypots to catch spam will update their list of known
spam sources. Unlike SPEWS/UCE-Protect, SpamHaus and SpamCop will
expire these sources after a few days because they are no longer valid
records (spam sources come and go, often within a day or two, or even
after just 4 hours) unless the spam source gets reported again in which
case it stays longer in their database. So you can use a DNSBL to block
spam plus you can help report spam that hasn't been detected or reported
yet. SpamCop also sends abuse reports to the sender's e-mail provider
but that isn't the point of SpamCop. The reports only help the legit
non-spam friendly e-mail providers target their own users that are spam
sources and kill those accounts. Most e-mail providers don't do much
with those reports and the spam-friendly providers will do nothing. You
reporting the spam is mostly to get their blacklist updated (to
re-energize their record, if present, for the same spam source to keep
it listed longer or to add a new record). SpamHaus finds most of the
spam and only occasionally does SpamCop detect one that SpamHaus did
not.
There are lots of anti-spam products out there. Many, like SpamBayes,
just rely on Bayesian filtering (historical word weighting database)
which is a guessing scheme. Lots of those seem to want to hide that
they are using a Bayes filter by vaguely describing the "intelligence"
in their scheme. Microsoft spends writing a long paragraph to evade
from coming right out to say that Outlook 2003/2007 use a Bayes filter
(which has poor learning and cleanup and why they shove out a monthly
update). Presumably you already enabled the server-side anti-spam
filter provided by your e-mail service.
