How to filter mail from an unknown ip address?

Question

Level 1

6 points

How to filter mail from an unknown ip address?

I keep getting spam from different email addresses, and different ip addresses that have a common look and feel. They generally are sent from some made up name, from some made up host, and have a one line description like "Save Money today, just go to this link: http://BLAH.com". What I find is that the in the long header "received from" usually identifies "unknown" as part of the host. I use dreamhost and they generally mark ip addresses that they don't know as 'unknown'. Can I use this in a email filter to eliminated all received email from an unknown IP address?

Posted on Apr 22, 2011 11:46 AM

Reply

Answer 1

Apr 22, 2011 2:19 PM in response to kludged

Yes, you can set up a filter. However, if you are using Apple Mail, it might be simpler to let it learn that you don't want these. Have you enabled Junk filtering in Mail's preferences? Have you been marking these unwanted messages as junk?

Reply

Answer 2

kludged Author

Level 1

6 points

Apr 22, 2011 3:07 PM in response to Austin Kinsella1

Yes, absolutely! But this particular message not only fails the junk mail tests, but I also have spam sieve installed and it fails spam sieve. Remember that it has a made up return path, so it's only the intermediate receiver that knows it's from an unknown IP address, I've taken out the to: and CC:

From: Enlargement pils Free trial<companionwaypowers@galiciajewishmuseum.org>

Subject: Jamie Lynn is a bigger **** thanBritney

Date: April 21, 2011 8:13:23 PM PDT

Return-Path: <companionwaypowers@galiciajewishmuseum.org>

Delivered-To:
x10710510@homiemail-mx12.g.dreamhost.com

Received: from abcf9819d8d314 (unknown [125.99.168.200])by homiemail-mx12.g.dreamhost.com (Postfix) with SMTP id 3056B2780F1; Fri, 22Apr 2011 11:53:47 -0700 (PDT)

Received: (qmail 6083 by uid 083); Fri, 22 Apr2011 11:51:32 +0800

Message-Id: <002801cc01b1$7e83d570$7b8b8050$@org>

Mime-Version: 1.0

Content-Type: multipart/alternative;boundary="----=_NextPart_000_0027_01CC01B1.7E83D570"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: AcjidAFNNjWFusN8Rk+HXMZApSrL/w==

Content-Language: en-us

The Key for all of these (I get about 20 a day which fail all spam filters and junk mail filters is that the RECIEVED: says 'unknown' that's what I'd like to filter on and I can't seem to get it to work

Reply

Answer 3

Apr 22, 2011 3:43 PM in response to kludged

OK, so set up a rule. It should be along the lines of "If any of the following are met - From contains unknown - move message to mailbox Junk. Call it anything - maybe Dump Unknown. On exit, don't apply it (this is always the safe option). If you still have one of them in your inbox, select it and use Message/Apply Rules to test what happens.

Reply

Answer 4

kludged Author

Level 1

6 points

Apr 22, 2011 4:32 PM in response to Austin Kinsella1

Yeah that's where I was this morning. I set up that exact rule and it didn't work; I suspect that I need a 'received from' which looks like it doesn't exist. I added the header field 'received' and this worked. Bad news: of my 9000 messages, 450 have unknown in the recieved field. :-(

Reply

Answer 5

Apr 23, 2011 3:57 PM in response to kludged

Sorry, but I am unclear as to whether or not the rule is now doing what you wanted ...

Reply

Answer 6

kludged Author

Level 1

6 points

Apr 23, 2011 8:47 PM in response to Austin Kinsella1

Yes, my rule is now working, I'm using received as the header item and filtering unknown. But it turns out lots of emails come from 'unknown' in receieved, so I was forced to use this parameter last and list all the valid email sources from 'unknown' and have them stop evaluating the rules; after all that, the filter is working.

Reply