Dealing with Spam at the Server Level and Locally

Dealing with Spam at the Server Level and Locally through Eudora and Outlook

This article is taken from the Technomax Hosting Review, but applies to anyone with a Web site. Simply ask your own Hosting Service to provide a similar service.

There is a variety of unwanted email that most of us simply hate receiving. It has been labeled SPAM and comes in three flavours - junk newsgroup postings, commercial messages usually promoting some scheme, scam or quasi-legal services and finally, targeted spam with real headers sent my responsible individuals. Spam cost the sender very little, but is very expensive from the receiver's viewpoint in terms of time and also wastes thousands and thousands in Gigabytes of bandwidth each day.

Of course the best way to stop SPAM would be to start charging the sender for each email sent. That is not something anyone really wants or that will happen any time soon. So let's look at methods that can be used today to drastically reduce SPAM volume to your inbox.

Stopping Spam at the Server Level

Filters are in place on all Technomax servers that will stop unwanted SPAM by blocking the domains (or IP addresses) that these junk mailers employ. Currently I have approximately 120 known bulk mail friendly ISP's blocked. This type of email typically includes those annoying messages that try to sell us magic elixirs, get rich quick schemes and anything for which most of us have no use and are too practical to even believe. Also peculiar to this type of SPAM is the fact that the headers are hidden and often forged.

This is one type of spam that we can drastically reduce by preventing these ISP's from using our servers. You may report these ISP's to me and we will block them from using our server. The procedure is really quite simple and requires just a few steps on your part. It is explained in detail at the end of this section.

Blocking Spam at the Local Level

Most email software will allow you to filter-out incoming email by address (joeschmuck@somedomain.com) but NOT by domain (@somedomain.com). This can serve as a very handy feature in several instances. However, one small morsel of advice first regarding free Web based email services like Hotmail, Yahoo, Netscape, AltaVista, and the like. Most times these addresses look like - 123roty34678###@freeemail.com. You are wasting your time trying to filter out these as they are probably fake and do not actually originate from the free email service servers. See below for more information.

Where the email address is real (once again see below section on reading headers) the filters on your email software come in real handy.

For example let's say that you subscribed to a newsletter or other service through an email address that was assigned to you by your employer and maps to another email address that is owned wholly by you. You now want to unsubscribe from that service but you are unable to remove an address you have no control over. Do you just keep on receiving the email or can you do something about it?

By filtering out the senders email address you can't stop the email, but you can redirect it to your trash box. How is how this done?

I only know Eudora and Outlook, which are probably used by 85% of all users anyway, so I can provide instructions for these two programs.

In Eudora (Pro version only):
1) Open up the email message from your inbox by double clicking it.
2) This will open up the window that contains the message.
3) Above this window you will see a menu. It starts with a little red icon that looks like a tow truck.
4) Right click on this red tow truck icon.
5) This opens up a menu. About half way down you'll see "Make Filter". Click on it.
6) On the next screen under action, click - "delete message transfer to trash". Then click on "Create Filter"

You will never have to deal with these messages again. All you need to do is clear your trash a few times a week. This function can also be used to transfer incoming mail to the mail box of your choice. This is a nice feature for newsletters or other email you receive on a regular basis but does not need immediate attention.

You can accomplish the same filtering as outlined above with Outlook Express by opening a message and then clicking on the Message Menu on the top menu bar. From there click on "create rule from message" or "block sender". I highly recommend the former.

How to Send Message Headers to Technomax

This section applies to those emails you receive that can't be blocked locally because the from address is fake.

However, first a little lesson in what to send and what not to send.

You must expose the complete header details and check out the information you view. To expose the headers in Eudora simply open a message and then click the "blah,blah,blah" icon which is just to the right of the red tow truck we mention above. In Outlook right click on a message and then click "properties" at the bottom of the menu that opens. Then click "details" to expose the headers. You'll need to cut and paste these into a new email to send them to me.

What to look for within the headers

Below is a spam mail I received just a few hours ago. I really do not get many, but they do keep coming. This is a typical example of the type of spam that drives us all nuts.

The first thing to note is the "Return-Path" which looks like a hotmail free email service address. If you look further down you'll note that Hotmail is also used for the "from" and "to" address as well.

Fact is that this email does NOT originate from Hotmail. The spammer just wants to make it appear that way so recipients will bug Hotmail. So complaining to Hotmail or trying to filter this email at the local level is a waste of your time.

Now look at the two items marked "Received", these are the actual paths (unless they are forged) the email followed. If you did a WhoIs search for the IP address (61.254.186.145) you would find an ISP in Korea owns that IP block. The aspadmin.net address is the Technomax mail server. When you receive an email with headers that look similar to this, you may send it to me using the email link above and I will block it at the server level. If you get lucky you'll see a field called X-Sender or Authenticated Sender - most times this is the real source of the spam.

X-Persona:
Return-Path: <rrn67klfesxb@hotmail.com>
Received: from mail.miraeasset.com ([61.254.186.145])
by 4h168239.aspadmin.net (8.10.2/8.10.2) with ESMTP id g06Fmnp10798;
Sun, 6 Jan 2002 07:48:53 -0800
Received: from 12.64.199.74 (slip-12-64-199-74.mis.prserv.net [12.64.199.74]) by mail.miraeasset.com (AIX4.3/8.9.3/8.9.3) with SMTP id AAA37142;
Mon, 7 Jan 2002 00:44:44 +0900
From: rrn67klfesxb@hotmail.com
Message-Id: <200201061544.AAA37142@mail.miraeasset.com>
To: <enesscbhac9@hotmail.com>>
Subject: COPY ANY DVD MOVIE FOR FREE!
Date: Sun, 06 Jan 2002 23:45:04 -0500
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
X-Priority: 3
X-MSMail-Priority: Normal
Errors-To: vtqbqtspy7z@miesto.sk
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-UIDL: QUV"!8a&"!bAQ"!JR!"!

What Not to send me

Please don't send me email with legitimate headers. What I mean by this is, one in which the Return-Path and the Received Paths agree. For example, if you receive an email from joeschmuck@yahoo.com and Yahoo.com shows up in the Received Path, then you have an email that is either very real or magnificently forged. Either way you can filter this out locally as detailed above.

Also I receive requests to block out free email services such as Yahoo!, Hotmail, Netscape and the like on a regular basis. I can't allow this for two reasons:

1) As you have read above these services are rarely the true source of spam. To the untrained (which you are no longer) this might appear the case, but it simply isn't. These services are generally excellent and responsible; and get rid of spammers quicker than a cat on a hot tin roof.
2) Many of our hosted clients receive dozens of emails daily from legitimate free email users. I would not be in business next week, if I did block these services. With the information herein you can now employ filters to solve this issue. There are also other solutions available, but they involve spending money, so why bother since it's really not necessary.

Some Advice in dealing with Spam

1) Don't use 'catch-all' set ups for your domain. What I mean is that any email sent to yourdomain.com will reach you. Rather set up specific email addresses. If I had it to do over again (if only I knew then, what I know now), I would not use generic email addresses like webmaster, support, sales and the like.
2) Don't expose your email addresses on your Web site. Spam Bots will harvest them and the spam will start to flood you inbox. There are javascripts and email forms that will hide your address from Spam Bots.
3) Be cautious when clicking on remove links - check the headers first. Many spammers just want to verify your email address. Best to filter them out as outlined above via local or server methods.
4) Keep your cool! Yes, SPAM is most annoying but sending flames or causing other problems will not help you at all. Most times the ISP you think allowed this nonsense is totally innocent and flaming them won't get you anything more than a door in the face. If you want to pursue an issue do so in a professional and kind manner and you may just get help. Personally I simply don't have the time, and I'll bet you're in the same frame. Once again filter the fools out of your life; it's the easiest method and involves far less time.
5) I receive at least 4 or 5 legitimate emails from solid business people each week. It may be unsolicited but I have made several very solid contacts and a few friends via email. I have not let my distaste for SPAM affect my thinking. Separating the wheat from the chaff is really very easy when it comes to SPAM.
6) Never send money to a true spammer for any reason. You most certainly have no use for what they are selling - email lists (never, ever buy one), pyramid schemes, magic elixirs, get-rich-quick schemes or just about any thing else. If we filter them out; never send them any money; never respond to them, we will most certainly bring them to their knees one day.

7) If you are NOT using your domain's email addresses, then I can't help you.

If any of you have any other helpful tips or specific knowledge, please feel free to contact me and I will share them with our readers (4000 strong all opt-in). Naturally, full credits go to you.

Some useful SPAM Links

UXN Spam Combat Site

James Huggins - Spam and the Law

An Article about reading Message Headers

By the way, each day I filter out over 1 MB of spam. It either never gets to me from the server or is sent straight to my trash box by Eudora. So the efforts have been well worth it. If you're using your domain's email addresses, then you are benefiting at the server level as well.

This newsletter and its contents are copyright Wally Gross of Technomax Software and Systems Inc.. If you find that the information contained herein may be of use to you or your customers, feel free to copy it (in whole or in part) and share it. All I ask, is that, this notice (starting with "This newsletter" to the end of this message) be left as is.

Could Spam Destroy the Web? It's a Thousand Times Worse than you could Imagine!


Return to Index of Spam Articles