Create new anti-spam rule Outlook 2003

F

FrankSpokane

I recently started getting spam that contains stock quotes - but all the
stock information is in a single graphic embedded in the spam so I can't
filter it by key words that reappear, etc.

They all have the same look from the same spammer, but they all are sent
from different domains, email addys, and ip addresses.

The only commonality I can see in the headers is that they all are received
from qmail and they all have a X-Spam: Statistical 64% in the header.

If anyone knows how to filter these out I would appreciate it.

Below are the actual headers from 3 of the spams if anyone wants to look
through them:

Stockscam email header properties

Email 11-2
Received: (qmail 1035 invoked from network); 2 Nov 2006 13:31:21 -0000

Received: from pre-smtp10-01.prod.mesa1.secureserver.net ([64.202.166.55])
(envelope-sender <[email protected]>)
by smtp02-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
for <[email protected]>; 2 Nov 2006 13:31:21 -0000

Received: (qmail 29627 invoked from network); 2 Nov 2006 13:31:21 -0000

Received: from www.asiangolfer.com.hk ([202.85.38.240])
(envelope-sender <[email protected]>)
by pre-smtp10-01.prod.mesa1.secureserver.net (qmail-ldap-1.03)
with SMTP
for <[email protected]>; 2 Nov 2006 13:31:20 -0000

Received: from [202.85.89.177] (helo=202.85.89.177)
by www.asiangolfer.com.hk with smtp (Exim 4.24)
id 1Gfd0N-0004Vl-4q; Thu, 2 Nov 2006 21:53:15 +0800
Message-ID: <[email protected]>
Date: Thu, 2 Nov 2006 21:46:25 +0800
From: Grace Morris <[email protected]>
To: (e-mail address removed)
Subject: [SPAM] negotiate supplies
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="04CDDC7CF9171960B9CC"
X-Spam: Statistical 64%

Email 10/31
Received: (qmail 7821 invoked from network); 1 Nov 2006 00:49:24 -0000

Received: from unknown (HELO pre-smtp22-01.prod.mesa1.secureserver.net)
([64.202.166.38])
(envelope-sender <[email protected]>)
by smtp10-01.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
for <[email protected]>; 1 Nov 2006 00:49:24 -0000

Received: (qmail 14013 invoked from network); 1 Nov 2006 00:49:23 -0000

Received: from unknown (HELO dmecit) ([121.134.6.200])
(envelope-sender <[email protected]>)
by pre-smtp22-01.prod.mesa1.secureserver.net (qmail-ldap-1.03)
with SMTP
for <[email protected]>; 1 Nov 2006 00:49:23 -0000

Received: from 121.134.122.110 ([121.134.122.110])
by dmecit (8.13.2/8.13.2) with SMTP id kA10pnYG050419;
Wed, 1 Nov 2006 09:51:49 +0900
Message-ID: <[email protected]>
Date: Wed, 1 Nov 2006 09:49:08 +0900
From: Geffrey Hicks <[email protected]>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: (e-mail address removed)
Subject: [SPAM] continuation truthfully
Content-Type: multipart/related;
boundary="------------080805020603000201060509"
X-Spam: Statistical 64%

Email 10/26
Received: (qmail 17642 invoked from network); 26 Oct 2006 19:34:56 -0000

Received: from unknown (HELO pre-smtp05-01.prod.mesa1.secureserver.net)
([64.202.166.14])
(envelope-sender <[email protected]>)
by smtp21-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
for <[email protected]>; 26 Oct 2006 19:34:56 -0000
Received: (qmail 675 invoked from network); 26 Oct 2006 19:34:55 -0000
Received: from unknown (HELO 27.Red-88-17-178.staticIP.rima-tde.net)
([88.17.178.27])
(envelope-sender <[email protected]>)
by pre-smtp05-01.prod.mesa1.secureserver.net (qmail-ldap-1.03)
with SMTP
for <[email protected]>; 26 Oct 2006 19:34:35 -0000

Received: from 88.17.31.28 ([88.17.31.28])
by 27.Red-88-17-178.staticIP.rima-tde.net (8.13.5/8.13.5) with SMTP id
k9QJjUFx033423;
Thu, 26 Oct 2006 21:45:30 +0200
Message-ID: <[email protected]>
Date: Thu, 26 Oct 2006 21:39:49 +0200
From: Elsie Morrow <[email protected]>
User-Agent: Thunderbird 1.0.7 (Windows/20050923)
MIME-Version: 1.0
To: (e-mail address removed)
Subject: [SPAM] branch
Content-Type: multipart/related;
boundary="------------050209080704020901070209"
X-Spam: Statistical 64%
 
R

RichN

Hi Frank,

First off, have you tried using the Rules Wizard to incorporate some of the
info from the stock quote emails?

Beyond that, these ideas might not solve your problem, but they may help.
1) Try the "Organize" tool on the toolbar - it has a link you can click to
the MS website that will update your Outlook anti-spam filter.
2) Most of my computer use is at work, and the company has a powerful spam
filter in use. However, at home, I created about 3 different email addresses
(on yahoo and hotmail) - one for work-related stuff, one for personal, etc.
I never use the personal email address for anything other than personal
email, and I never get any spam at that address.
3) I recently wrote a blog, and (naively) included my work-related email
address in it. Spam (including adult) starting coming in like crazy. I
deleted the email address off the blog, and the spam disappeared almost
overnight.

Good luck, and don't give up.

FrankSpokane said:
I recently started getting spam that contains stock quotes - but all the
stock information is in a single graphic embedded in the spam so I can't
filter it by key words that reappear, etc.

They all have the same look from the same spammer, but they all are sent
from different domains, email addys, and ip addresses.

The only commonality I can see in the headers is that they all are received
from qmail and they all have a X-Spam: Statistical 64% in the header.

If anyone knows how to filter these out I would appreciate it.

Below are the actual headers from 3 of the spams if anyone wants to look
through them:

Stockscam email header properties

Email 11-2
Received: (qmail 1035 invoked from network); 2 Nov 2006 13:31:21 -0000

Received: from pre-smtp10-01.prod.mesa1.secureserver.net ([64.202.166.55])
(envelope-sender <[email protected]>)
by smtp02-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
for <[email protected]>; 2 Nov 2006 13:31:21 -0000

Received: (qmail 29627 invoked from network); 2 Nov 2006 13:31:21 -0000

Received: from www.asiangolfer.com.hk ([202.85.38.240])
(envelope-sender <[email protected]>)
by pre-smtp10-01.prod.mesa1.secureserver.net (qmail-ldap-1.03)
with SMTP
for <[email protected]>; 2 Nov 2006 13:31:20 -0000

Received: from [202.85.89.177] (helo=202.85.89.177)
by www.asiangolfer.com.hk with smtp (Exim 4.24)
id 1Gfd0N-0004Vl-4q; Thu, 2 Nov 2006 21:53:15 +0800
Message-ID: <[email protected]>
Date: Thu, 2 Nov 2006 21:46:25 +0800
From: Grace Morris <[email protected]>
To: (e-mail address removed)
Subject: [SPAM] negotiate supplies
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="04CDDC7CF9171960B9CC"
X-Spam: Statistical 64%

Email 10/31
Received: (qmail 7821 invoked from network); 1 Nov 2006 00:49:24 -0000

Received: from unknown (HELO pre-smtp22-01.prod.mesa1.secureserver.net)
([64.202.166.38])
(envelope-sender <[email protected]>)
by smtp10-01.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
for <[email protected]>; 1 Nov 2006 00:49:24 -0000

Received: (qmail 14013 invoked from network); 1 Nov 2006 00:49:23 -0000

Received: from unknown (HELO dmecit) ([121.134.6.200])
(envelope-sender <[email protected]>)
by pre-smtp22-01.prod.mesa1.secureserver.net (qmail-ldap-1.03)
with SMTP
for <[email protected]>; 1 Nov 2006 00:49:23 -0000

Received: from 121.134.122.110 ([121.134.122.110])
by dmecit (8.13.2/8.13.2) with SMTP id kA10pnYG050419;
Wed, 1 Nov 2006 09:51:49 +0900
Message-ID: <[email protected]>
Date: Wed, 1 Nov 2006 09:49:08 +0900
From: Geffrey Hicks <[email protected]>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: (e-mail address removed)
Subject: [SPAM] continuation truthfully
Content-Type: multipart/related;
boundary="------------080805020603000201060509"
X-Spam: Statistical 64%

Email 10/26
Received: (qmail 17642 invoked from network); 26 Oct 2006 19:34:56 -0000

Received: from unknown (HELO pre-smtp05-01.prod.mesa1.secureserver.net)
([64.202.166.14])
(envelope-sender <[email protected]>)
by smtp21-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
for <[email protected]>; 26 Oct 2006 19:34:56 -0000
Received: (qmail 675 invoked from network); 26 Oct 2006 19:34:55 -0000
Received: from unknown (HELO 27.Red-88-17-178.staticIP.rima-tde.net)
([88.17.178.27])
(envelope-sender <[email protected]>)
by pre-smtp05-01.prod.mesa1.secureserver.net (qmail-ldap-1.03)
with SMTP
for <[email protected]>; 26 Oct 2006 19:34:35 -0000

Received: from 88.17.31.28 ([88.17.31.28])
by 27.Red-88-17-178.staticIP.rima-tde.net (8.13.5/8.13.5) with SMTP id
k9QJjUFx033423;
Thu, 26 Oct 2006 21:45:30 +0200
Message-ID: <[email protected]>
Date: Thu, 26 Oct 2006 21:39:49 +0200
From: Elsie Morrow <[email protected]>
User-Agent: Thunderbird 1.0.7 (Windows/20050923)
MIME-Version: 1.0
To: (e-mail address removed)
Subject: [SPAM] branch
Content-Type: multipart/related;
boundary="------------050209080704020901070209"
X-Spam: Statistical 64%
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

All my emails are in some code that is impossable to read? 0
my account keeps on showing (Mail Delivery Subsystem)... 0
Some emails going to junk 0
CNAME lookup failed temporarily. 1
Outlook 2003 - Not displaying attached images (html format) 1
Attached message header order 0
meeting request - not working with different outlook version 1
failure notice although message has delivered 1

Top