OE6.x Tip - Adding entire domains to 'Blocked Senders' List

Discussion in 'Home Networking' started by Mark Cherry, Sep 30, 2003.

  1. Mark Cherry

    Mark Cherry Guest

    (With apologies to regulars of this NG. If this looks like a 'boilerplate', it's
    because it is. Having seen the E-mail attack thread, I thought some people might
    be interested. There's a weblink to the freeware Macaffee "Stinger" program in
    here somewhere. I'll be back, seeking help with my networking woes once I've
    read the backlog of about 400+ recent messages...)

    To all,

    You're probably well aware that spammers and trolls employ frequent address
    changes or completely
    false email IDs and you may have given up all attempts to add them to your
    personal blocked senders
    list. Here's some tips which I hope prove to be of use in finding where it's
    coming from and how
    to stop it, with a minimum of effort.

    1. Examining junkmail message headers without opening the email.

    Some spam email comes in HTML form and may contain executable applets. These
    range from irritating,
    but harmless, time-wasters, like fake virus alerts or 'launch IE over and over'
    infinite loops,
    which force a reboot and could cause you to lose any unsaved work. These scripts
    often attempt to
    exploit the user's Outlook Express 'preview pane' but most users are already
    well aware of the
    dangers and have deactivated that feature. Nevertheless, the applets will
    execute if sheer curiosity
    causes you to open the post conventionally.

    To get around this problem, in Outlook Express, RIGHT-click on a suspect email
    and, on the drop-down
    menu, select 'Properties'. You will first get a small dialog displaying the
    message headers.
    The From: line will show you what domain it originated on and whether or not the
    sender's name has
    been anonymized (eg ). I they're not willing to make
    themselves known
    then you're not going to be interested in what they have to say/sell.

    2. If you're still convinced the email is benign and you REALLY want to see what
    you would be
    missing by deleting it....

    Whilst in the Message Properties box, click the 'Message Source' button to see
    the email in
    text-only form. You can view any HTML codes within the message without risk of
    any applets being
    executed. You may also see long, meaningless blocks of seemingly random
    characters at the end of
    the source, particularly where there is an attachment. Whilst this may be
    benign, like embedded
    font information, it could equally be harmful executable code, such as a virus,
    trojan, or worm.
    Exit the views and delete the message.
    You may also wish to:-
    a) Exit Outlook Express and run your virus checker on your system.
    b) Download the FREEWARE "Stinger.EXE" from http://vil.nai.com/vil/stinger/ to
    detect and remove some
    of the recent headline-hitting nasties and their variants.
    c) Check Windows Update for your OS, IE and OE versions for any emerging
    vulnerabilities in the
    message properties dialog and fixes on offer.

    3. Blocking the domain.

    Although the spammer may have successfully substituted some random characters
    for their username,
    you will note that the domain name is not similarly scrambled. The sender's ISP
    would not accept the
    message without this being valid. Sometimes a particular domain, or country of
    origin suffix is
    seen time and again. If none of your regular email contacts use these domains
    then you'll not be
    missing anything by blocking all output from it. Make a written note of it, or
    highlight everything
    after the '@' symbol, using the cursor and press CTRL-C, to copy it.
    Then, under [Tools Menu][Message Rules][Blocked Senders List][Add] type the
    domain name (no need
    to use the @ character) or CTRL-V to paste what you copied. Choose to block
    mail, news, or both and
    press OK. You can add more entries at this point, or click OK again, to back out
    of the Tools-Rules

    4. Trolls.

    This technique is also effective against newsgroup trolls, provided that all
    their multiple
    handles/email IDs all stem from the same domain, perhaps because they only have
    the one ISP
    account but adding more is no problem.

    5. The recent email 'flood'

    The following email rules are currentlly routing virtually all the phoney
    "Microsoft Security pack" emails to my deleted items folder.

    'Where the message has an attachment' Delete it
    'Where the message size is over 80kb' Delete it

    To make sure that things like attached photos from your family or friends don't
    get zapped by
    these, create additional rules which select on the basis of their email IDs (you
    can specify
    multiple names per rule) and use the 'move the message to the <specified>
    folder' option
    (create one or more extra local folders to move them to first).
    Add the 'and stop processing more rules' option, save the rule, then move it up
    the rules list
    so that it is processed before the 'delete-anything-with-attachment' rule.

    (In case you were wondering, 'stop processing more rules' means 'don't apply
    further conditional tests to *this* message' or 'goto next incoming message
    and restart from Rule #1').

    If in doubt, uncheck the tickboxes against the blanket-deletion rules and use
    the 'Apply Now'
    button in the rules menu (browse to and select Inbox to apply them to) after
    you've received
    mail, logged off, looked through your Inbox contents for attachments you were
    expecting and moved
    them to another folder.

    6. The more joy of bulk-deletion.

    That's all there is to it. Only a few mouse-clicks difference between automatic
    and manual rule application. All that remains is to empty the deleted items
    and you're done. No more hitting the delete key hundreds of times over....


    Mark Cherry, Sep 30, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.