Dealing with spam

Junk E-mail folder

There’s a really interesting article in this month’s PC Plus magazine about the war against spam which gave me the impetus to try to do something about those annoying spam messages that appear in my inbox with my email address in the ‘from’ field, like this:

123greetings.com [[email protected]]

Anti-spam software

I use Cloudmark Desktop, a spam blocking add-in for Microsoft Outlook 2007. It’s unobtrusive and pretty reliable, eliminating about 99% of all spam that gets delivered to my inbox. (In the last 4 days I’ve received 166 junk mail messages.)

But it has been those last 1% of messages that have been really annoying me these last few weeks, the ones that have been sent out to look as though they have come from my email account.

So I did a bit of investigating and have discovered a way that I can also send those messages to the Junk E-mail folder while retaining those emails that have genuinely been sent my myself (test emails or those that I’ve CC-ed or BCC-ed to myself for archiving purposes).

Outlook rules

Like most email clients Outlook allows you to define rules (sometimes known as filters).

Rules help you manage your e-mail messages by performing actions on messages that match a specific set of conditions. After you create a rule, Microsoft Outlook applies the rule when a message arrives in your Inbox or when you send a message.

1. Rules and Alerts…

In Outlook 2007 you can access the rules wizard by going to Tools > Rules and Alerts…

Outlook rules

Not surprisingly, this brings up the Rules and Alerts window:

Rules and Alerts

2. Email headers

And now for the science bit… It occurred to me that I needed to create a rule that did two things:

  1. Flag any emails that have my email address in the sender’s address.
  2. Check to see if I really did send those or not.

So within any message supposedly sent from myself I needed to look for some kind of unique value that could prove to Outlook that I really did send those emails. For that information I turned to the email headers.

In Outlook 2007 these are located on the Options panel, by clicking the tiny arrow at the bottom right of the panel:

Viewing Internet headers in Outlook 2007

As well as the information that you can immediately read within an email there is a lot of hidden data, known as ‘headers’, also transferred with each email; information such as where the email message was sent from, its return path (where the email should be sent if the recipient presses “Reply”).

Here’s an example from a random item of spam I received yesterday:


X-POP3-From: [email protected]
Return-path: <surveyingxq @rossiter.com>
Envelope-to: [email protected]
Delivery-date: Mon, 12 Oct 2009 13:17:47 +0100
Received: from laubervilliers-000-11-22-33.w444-555.abo.wanadoo.fr ([123.145.156.178]:25793 helo=SpeedTouch.LAN)
by server.mymailhost.co.uk with esmtp (Exim 4.54)
id 1MxJqT-0000Xc-4O
for [email protected]; Mon, 12 Oct 2009 13:17:46 +0100
Received: from 123.145.156.178 by mail.rossiter.com; Mon, 12 Oct 2009 14:17:43 +0100
Message-ID: <[email protected]>
From: "123greetings.com" <gareth @garethjmsaunders.co.uk>
To: </gareth><gareth @garethjmsaunders.co.uk>
Subject: You've received a postcard
Date: Mon, 12 Oct 2009 14:17:43 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_01CA4B36.00064AD0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180</gareth></surveyingxq>

I can immediately identify a number of values here that prove to me that I didn’t send this email:

  1. The return-path is wrong. It’s not set to my email address. (With some testing, however, I discovered that this isn’t a reliable field to check against as some spammers also populate this with the email address they send the email to, i.e. yours!)
  2. The HELO value is also wrong — “HELO” is the SMTP command that the sending machine uses to identify itself to the receiving machine — it should be set to the network name of my PC, which for arguments’ sake we’ll call ‘GARETH-PC’.
  3. The X-Mailer value is also wrong. I don’t use Microsoft Outlook Express.
  4. I also noticed that this email didn’t have an Organization set in the headers. Now I know that I have set the organization information in my email account, so that’s another value I can check for.

So against any of these four items I can check any message that has been supposedly sent to me and determine whether I really have sent it or not.

3. My rules

So I have built up my rule piece by piece to read:

Apply this rule after the message arrives
with [email protected] in the sender’s address
move it to the Junk E-mail folder
except if the message header contains ‘helo=GARETH-PC’ or ‘my_alternative_isp.com’ or ‘Organization: My organization name’

And that’s it. Remarkably, it seems to work quite effectively. In the last few days that I’ve been using it I’ve had only 1 spam message left in my inbox. Everything else has been suitably and efficiently whisked away to the Junk E-mail folder. Long may that continue.

Phishing spam

Got some more phishing spam this week at work.  This time it was supposedly from ACCOUNT CENTER and had the subject UPGRAD YOUR ACCOUNT.

Nice use of British English there.

Here’s what it said:

Dear Email Account Owner,

Wow! A personalised email, then!

This message is from educational messaging center to all our email account owners. We are currently upgrading our data base and e-mail account center.

We are deleting all our  email accounts to create more space for new accounts.

Wait, wait, wait!

First of all, I love the name of the administrational unit: “educational messaging center”, and with American spelling of centre too … and not a capital letter in sight.

Their reasoning for asking you to send them your username and password (which is the next bit) is terrific: “we are deleting all our email accounts to create more space for new accounts.”

That doesn’t even make business sense!  It’s like a bank saying: “we are clearing out all the money in the bank in order to create more space for new money.”

It finishes off by saying:

Thank you for using st-andrews.ac.ukk!
Warning Code: VX2G99AAJ

I looked up that warning code, it stands for: “This e-mail was sent by phishing, scamming scum”.  Good to know.

NOTE: This message is authorize by the st-andrews.ac.uk email account protector unit.Notification message will be send back to you after verifying your account before account could be reset. All right reserve.

Wow! I wish we had an “email account protector unit”, that sounds like a cool place to work. I imagine that they dress up in armour and have a big round table with a hole cut out of the centre in which they place the e-mail server.

Do not reply

SERIOUSLY, if you ever get an e-mail anything like this: DO NOT REPLY.

Instead, if you have any doubt about its authenticity then just forward the e-mail to me, along with your username and password, date of birth, address and …

Only joking, I don’t want to see your spam, I get enough of it myself!

Bank account locked

Egg Internet Banking - Your Online Banking Account Is Locked

It would appear from these 13 emails that I received this afternoon — in the seven minutes between 14:02 and 14:09 — that access has been locked to my Egg Internet Banking account.

That might otherwise concern me, were it not for the fact that I don’t actually bank with Egg Internet Banking.  I have a shoebox stuffed with cash stored securely in the safe of another UK bank.

Don’tcha just love spam!

Remember folks, if you get an email purporting to be from your bank: treat it with the utmost suspicion.  I don’t ever remember my bank ever emailing me.  If in doubt: phone the bank, or visit your local branch, never reply to those emails.

Apart from that one time when I had to arrange for US $23,000,000 to be paid into it for a couple of weeks while I was helping out some displaced African prince who’d kindly got in touch with me via email.

Junk E-mail

Unbelievable!  Since Sunday I’ve been sent 499 spam (unsolicited/junk) e-mails to my home accounts!

I was reading recently that currently something like 90+% of all email is spam, and that it comes from only a handful of sources.

In many ways I’d much rather our governments waged a ‘war’ on spammers than on the anonymous face of international terrorism.

I hate spamming myself!

Spams #1 and #2

Don’t you just hate it when you come in to work on a Monday morning, fire up your e-mail client and discover that over the weekend you’ve been spamming yourself!

Yesterday I received an e-mail with the subject: “January 73% OFF”. This morning I received one that offered: “January 78% OFF”.

I reckon I’ll hold out until Friday when I expect to get a whole 100% off January.

Update – Spam #3

I can’t say I’m not disappointed in myself. My latest spam message is offering only “January 71% OFF”.

I think I might have blown it now. I fear that I’ve waited too long.

I may now not be the proud owner of a brand new shiny January of my own. Only time (and spam) will tell.

Update – Spams #4 and #5

Well, thankfully I appear to be the only person offering reduced rates on January so the competition isn’t high.  Yesterday I apparently offered myself “January 73% OFF”.

This morning it was up to “January 76% OFF”. Still nowhere near the bargain of 78% off from a couple of days ago.

Come on me. Surely I could do a better deal than that for myself. Mates’ rates and all that.