tbone said:
I received spam with this header:
From:VIAGRA ® Pfizer Inc.<
[email protected]>
which is shown in the message window at being from:
VIAGRA ® Pfizer Inc. [
[email protected]]
It appears that Outlook will only look at the portion in the brackets
when attempting to match on sender address, because any rule I tried
with a match on "viagra" or "Pfizer" would not work.
The email address in the brackets is a valid email address - mine - so
I can't use that as the discriminator.
I suppose the solution is to treat as spam any message that is from
and to the same address. Since I have more than a few email accounts,
this is not a general solution unless I can say something like:
Apply this rule after the message arrives
with recipient's address equal to sender's address
A general solution to the sender address problem would be helpful.
The From header's comment field might be UTF encoded. When looking at the
raw source for the e-mail (not possible in Outlook but doable in Outlook
Express or possibly your webmail interface when viewing the full message),
you might see something like "From: ?=UTF-8?Q?<string>=?". Outlook renders
the encoding to display it as text; i.e., Outlook shows you the decoded
version of the string. So what Outlook shows you might not be the string
for the header's actual value. Alas, the rules test on the actual value and
cannot decode an encoded string and then test on the decoded value.
If you don't send yourself e-mails then e-mails From you and To/Cc you are
bogus. So define a blacklisting rule that looks for:
Apply this rule after the message arrives
with <email1> or <email2> in the sender's address
<action>
and stop processing more rules
All the e-mail addresses specified would be your own. Alternatively, if you
want to keep these rules separate by account, define N blacklisting rules
for your N accounts, like:
Apply this rule after the message arrives
through the <account1> account
with <email1> in the sender's address
<action>
and stop processing more rules
Apply this rule after the message arrives
through the <account2> account
with <email2> in the sender's address
<action>
and stop processing more rules
I use separate rules that check through which account the e-mail was
delivered to see if my e-mail address for that account is in the From
header. I sometimes send test e-mails *between* my accounts so I don't
necessarily want to block all e-mails sent from me, just those the claim to
be sent by me to my account and supposedly came from that same account. For
times when I do want to send test e-mails to myself, I add a passcode to the
Subject header and test on that, like:
Apply this rule after the message arrives
with <passcode> in the subject
stop processing more rules
This is a whitelisting rule near the top of my rules list (the blacklisting
rules come afterward). There is no action because I want the message left
in the Inbox folder to where it got delivered. The passcode is any string
you add to your Subject which is likely to be unique for all your e-mails,
like "@@TB.80##". Pick something that you'll remember but isn't a word and
jumbles alphanumeric and non-alphanumeric characters together. You can even
give out this passcode to senders to include in their Subject header so
their e-mails bypass all your blacklist and spam filters. If the passcode
gets abused, just change it in your rule. Then when you send yourself a
test e-mail from your account to that same account, you could use something
like "test e-mail @@TB.80##" in the Subject header. You could even use a
different passcode for each account by using a whitelisting rule for each
account, as in:
Apply this rule after the message arrives
through the <account1> account
and with <passcode1> in the subject
and stop processing more rules
Apply this rule after the message arrives
through the <account2> account
and with <passcode2> in the subject
and stop processing more rules
With the passcoded whitelisting rule(s) following by the me-in-From
blacklist rule(s), you can still send test e-mails to your own accounts but
anyone pretending to be you will get their e-mails junked or deleted
(because they won't know about adding a passcode or what to add).