6 Replies Latest reply: Apr 23, 2011 8:47 PM by kludged
kludged Level 1 Level 1 (0 points)

I keep getting spam from different email addresses, and different ip addresses that have a common look and feel.  They generally are sent from some made up name, from some made up host, and have a one line description like "Save Money today, just go to this link: http://BLAH.com".  What I find is that the in the long header "received from" usually identifies "unknown" as part of the host.  I use dreamhost and they generally mark ip addresses that they don't know as 'unknown'.  Can I use this in a email filter to eliminated all received email from an unknown IP address?

  • Austin Kinsella1 Level 6 Level 6 (11,520 points)

    Yes, you can set up a filter. However, if you are using Apple Mail, it might be simpler to let it learn that you don't want these. Have you enabled Junk filtering in Mail's preferences? Have you been marking these unwanted messages as junk?

  • kludged Level 1 Level 1 (0 points)

    Yes, absolutely!  But this particular message not only fails the junk mail tests, but I also have spam sieve installed and it fails spam sieve.  Remember that it has a made up return path, so it's only the intermediate receiver that knows it's from an unknown IP address, I've taken out the to: and CC:

     

    From:                                              Enlargement pils Free trial<companionwaypowers@galiciajewishmuseum.org>

                                             Subject:   Jamie Lynn is a bigger **** thanBritney

                                                   Date:   April 21, 2011 8:13:23 PM PDT

                                    Return-Path:   <companionwaypowers@galiciajewishmuseum.org>

                                    Delivered-To:   x10710510@homiemail-mx12.g.dreamhost.com

                                           Received:   from abcf9819d8d314 (unknown [125.99.168.200])by homiemail-mx12.g.dreamhost.com (Postfix) with SMTP id 3056B2780F1; Fri, 22Apr 2011 11:53:47 -0700 (PDT)

                                           Received:   (qmail 6083 by uid 083); Fri, 22 Apr2011 11:51:32 +0800

                                      Message-Id:   <002801cc01b1$7e83d570$7b8b8050$@org>

                                  Mime-Version:   1.0

                                 Content-Type:   multipart/alternative;boundary="----=_NextPart_000_0027_01CC01B1.7E83D570"

                                            X-Mailer:   Microsoft Office Outlook 12.0

                                   Thread-Index:   AcjidAFNNjWFusN8Rk+HXMZApSrL/w==

        Content-Language:   en-us

     

    The Key for all of these (I get about 20 a day which fail all spam filters and junk mail filters is that the RECIEVED: says 'unknown' that's what I'd like to filter on and I can't seem to get it to work

  • Austin Kinsella1 Level 6 Level 6 (11,520 points)

    OK, so set up a rule. It should be along the lines of "If any of the following are met - From contains unknown - move message to mailbox Junk. Call it anything - maybe Dump Unknown. On exit, don't apply it (this is always the safe option). If you still have one of them in your inbox, select it and use Message/Apply Rules to test what happens.

  • kludged Level 1 Level 1 (0 points)

    Yeah that's where I was this morning.  I set up that exact rule and it didn't work; I suspect that I need a 'received from' which looks like it doesn't exist.  I added the header field 'received' and this worked.  Bad news: of my 9000 messages, 450 have unknown in the recieved field.   :-(

  • Austin Kinsella1 Level 6 Level 6 (11,520 points)

    Sorry, but I am unclear as to whether or not the rule is now doing what you wanted ...

  • kludged Level 1 Level 1 (0 points)

    Yes, my rule is now working, I'm using received as the header item and filtering unknown.  But it turns out lots of emails come from 'unknown' in receieved, so I was forced to use this parameter last and list all the valid email sources from 'unknown' and have them stop evaluating the rules;  after all that, the filter is working.