SPAM Handling (2000 SR-1)

Topic

New Reply

Maybe it is me, but I find Outlook not very smart in its SPAM / “Junk” e-mail handling capabilities. Here what I found:

1) Junk E-mai/ Add to senders list does not work or works just on the one message you’re getting the address from. This is due to the fact that SPAM e-mail addresses are forged and mostly never repeated;

2) After much experimentation, I have opted for rules processing messages as they arrive and moving messages to a specific folder if specific words appear in the headers. This seems to work well except that I now have 25 or so such rules and adding 1-2 every day :-(. Besides spammers also change those trigger word too!

I have tested in various manners the use of specific originating IP addresses (e.g. 65.60.8.2 a well-known spam server) without any success: Outlook does not seem to be able to filter on an IP addresses basis. This is unfortunate as it is the most reliable way of filtering SPAM; known spammer addresses can be obtained from multiple sources.

Anybody with ideas to improve Outlook’s weak SPAM filtering?

Thanks in advance.

Reply | Quote

Replies

Mike Craven (The Office Maven) does! Or at least he was dissatisfied enough with Outlook’s filtering that he took matters into his own hands:

Mike is one of the developer’s behind WOPR and he’s been very busy trying to wrap up WOPR Junk Mail Remover – a spam utility to integrate with Outlook. Instead of depending on an extensive “black hole” list like most other spam utilities, WJMR uses logic that filters emails by content, maintaining a list of good and bad words, and learning as you go. The more you use it the better it gets. That’s in addition to filters you can create on any part of a message. It should be out of Beta soon.

Outlook XP at least let’s you combine your list into a single rule with multiple words/phrases, but it’s still a lot of work to keep up as spammers change addresses. If you can’t wait for WJMR, there are other commercial Spam filters out there, but as I said most rely on black hole lists (lists of known spammer addresses/domains). Some of the newer ones are even using a form of challenge/response to see if there’s a live person checking the reply-to address before allowing suspected junk-mail into your inbox.

HTH

Reply | Quote

Thanks for your interest Charlie.

I do not like the commercial “black hole list” handling because most are so aggressive that many genuine e-mail get filtered out. On the other hand a personal “black hole list” created with care and verification using tools to chop down headers and screening whois at sites like SpamCop can be built up pretty accurately (I don’t mind a little investigative work to get my filters accurate). I estimate that 80-90% satisfactory filtering can be achieved with a personal black hole list.

I like the idea of an “AI” filter like Mike is developing though and will certainly try it out. But I would also like the possibility of inserting my personal black hole list and hope that this is included in the “That’s in addition to filters you can create on any part of a message…” If so, I want to get my hands on Mike’s tool right away, maybe even help test it.

Again thanks for your reply.

Reply | Quote

[indent]

---

But I would also like the possibility of inserting my personal black hole list and hope that this is included in the “That’s in addition to filters you can create on any part of a message…”

---

[/indent]
Yes – you can create your own filters for Senders and specify domains in any of the header fields, including important fields like message-ID. It doesn’t look like there’s a simple way to grab the IP address out of the Received fields, so I’ll ask Mike about that.

The beta is coming to a close and I expect Mike to announce availability soon. Some people might have shipped by now, but he’s making sure he’s addressed every issue that’s come up.

HTH

Reply | Quote

Correction – I missed a setting on the Filter screen. It is ridiculously simple to create a filter on the IP address in the Received fields of the headers, although by default it’s looking for email addresses. You can do it through a wizard when you receive junk, or set them up manually in the Filters list.

No word yet on release date.

Reply | Quote

Great new!

I like the idea of stopping spam from “known spam servers” (I mean not all those in the various black lists but only those that I personally verified as repeatedly being the originating server for spam received).

Unfortunately Outlook chokes on IP addresses if set up in “when specific words appear in header fields”, it is completely unpredictable about what it does with that 🙁

Can’t wait for Mike’s add-in for Outlook 🙂 It is going to be in the next WOPR, am I right?

Anyway to get a beta copy if I promise to buy the real thing when it comes out (BTW I used to beta for WOPR a few years ago, but now I cannot commit so much time)?

Thanks,

Reply | Quote

It’s just you – NOT No one could accuse OL junk filtering of being sophisticated.

To make the most of it, I add spammers to the junk senders list as you do. Then, now and then I open the junk senders list and edit it to remove the garbled “name” portion of the addresses, leaving just the domain portion. That is “frednerk@aol.com” becomes “aol.com”. Then I delete duplicates. That works well for the major sources of spam by flagging anything from them as junk.

If you take this approach and receive genuine mail from domains in your junk list, you’ll need to create a rule to handle them, and place that rule above the junk filter rule. This exceptions rule should also have the “stop processing more rules” action enabled.

Not perfect, but works for me. May not be so brilliant if you get a lot genuine mail from many people at these domains.

Reply | Quote

Tim, thanks for your reply, but…

I have tried that approach and it is very frustrating. The main cause is that 90% of the originating mail domains are forged: the only reliable data is the sending IP as recorded in the headers by the receiving server. Positive identification on this IP results in a good personal black hole list, especially if no response comes from a report to the associated abuse@…. address.

I have little confidence in Outlook’s Junk Senders handling. Just for kicks I tried it with a single domain name and Outlook’s rule came to read something like “Apply this rule after the message arrives, suspected to be junk e-mail or from ‘Junk Senders’ or Junk Senders’ or ‘Junk Senders’ or…or ‘Junk Senders’ etc. The number of ‘Junk Senders’ appears to be random according to my experiments.

Let’s look at some “real” spam tools.

Thanks,

Reply | Quote

Understand your frustration, especially if you’re being hit by a lot junk. I guess I’m “blessed” by inexperienced spammers since simple measures are enough (so far). Typical day is only 2-3 spam, and 80% are from the major free email account providers.
Good luck in your quest!

Reply | Quote