There’s a really interesting article in this month’s PC Plus magazine about the war against spam which gave me the impetus to try to do something about those annoying spam messages that appear in my inbox with my email address in the ‘from’ field, like this:
123greetings.com [[email protected]]
I use Cloudmark Desktop, a spam blocking add-in for Microsoft Outlook 2007. It’s unobtrusive and pretty reliable, eliminating about 99% of all spam that gets delivered to my inbox. (In the last 4 days I’ve received 166 junk mail messages.)
But it has been those last 1% of messages that have been really annoying me these last few weeks, the ones that have been sent out to look as though they have come from my email account.
So I did a bit of investigating and have discovered a way that I can also send those messages to the Junk E-mail folder while retaining those emails that have genuinely been sent my myself (test emails or those that I’ve CC-ed or BCC-ed to myself for archiving purposes).
Like most email clients Outlook allows you to define rules (sometimes known as filters).
Rules help you manage your e-mail messages by performing actions on messages that match a specific set of conditions. After you create a rule, Microsoft Outlook applies the rule when a message arrives in your Inbox or when you send a message.
1. Rules and Alerts…
In Outlook 2007 you can access the rules wizard by going to Tools > Rules and Alerts…
Not surprisingly, this brings up the Rules and Alerts window:
2. Email headers
And now for the science bit… It occurred to me that I needed to create a rule that did two things:
- Flag any emails that have my email address in the sender’s address.
- Check to see if I really did send those or not.
So within any message supposedly sent from myself I needed to look for some kind of unique value that could prove to Outlook that I really did send those emails. For that information I turned to the email headers.
In Outlook 2007 these are located on the Options panel, by clicking the tiny arrow at the bottom right of the panel:
As well as the information that you can immediately read within an email there is a lot of hidden data, known as ‘headers’, also transferred with each email; information such as where the email message was sent from, its return path (where the email should be sent if the recipient presses “Reply”).
Here’s an example from a random item of spam I received yesterday:
X-POP3-From: [email protected]
Return-path: <surveyingxq @rossiter.com>
Envelope-to: [email protected]
Delivery-date: Mon, 12 Oct 2009 13:17:47 +0100
Received: from laubervilliers-000-11-22-33.w444-555.abo.wanadoo.fr ([18.104.22.168]:25793 helo=SpeedTouch.LAN)
by server.mymailhost.co.uk with esmtp (Exim 4.54)
for [email protected]; Mon, 12 Oct 2009 13:17:46 +0100
Received: from 22.214.171.124 by mail.rossiter.com; Mon, 12 Oct 2009 14:17:43 +0100
Message-ID: <[email protected]>
From: "123greetings.com" <gareth @garethjmsaunders.co.uk>
To: </gareth><gareth @garethjmsaunders.co.uk>
Subject: You've received a postcard
Date: Mon, 12 Oct 2009 14:17:43 +0100
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180</gareth></surveyingxq>
I can immediately identify a number of values here that prove to me that I didn’t send this email:
- The return-path is wrong. It’s not set to my email address. (With some testing, however, I discovered that this isn’t a reliable field to check against as some spammers also populate this with the email address they send the email to, i.e. yours!)
- The HELO value is also wrong — “HELO” is the SMTP command that the sending machine uses to identify itself to the receiving machine — it should be set to the network name of my PC, which for arguments’ sake we’ll call ‘GARETH-PC’.
- The X-Mailer value is also wrong. I don’t use Microsoft Outlook Express.
- I also noticed that this email didn’t have an Organization set in the headers. Now I know that I have set the organization information in my email account, so that’s another value I can check for.
So against any of these four items I can check any message that has been supposedly sent to me and determine whether I really have sent it or not.
3. My rules
So I have built up my rule piece by piece to read:
Apply this rule after the message arrives
with [email protected] in the sender’s address
move it to the Junk E-mail folder
except if the message header contains ‘helo=GARETH-PC’ or ‘my_alternative_isp.com’ or ‘Organization: My organization name’
And that’s it. Remarkably, it seems to work quite effectively. In the last few days that I’ve been using it I’ve had only 1 spam message left in my inbox. Everything else has been suitably and efficiently whisked away to the Junk E-mail folder. Long may that continue.