I recently began receiving spam that comes as an HTML email with a number of picture attachments (like 20 or so). When assembled, the attachments form the spam message. Since they are image files though, the junk mail filter doesn't catch them. So my question is this:
Is there any way to set up a rule based on the number of attachments?
Since most people don't send me more than two or three attachments at a time, I'd like to send all emails that have more than 10 to my trash.
I have been getting the same kind of spam emails with "images" in the body, and not text - so a rule for text will not work. This began the week-end of June 10-11, 2006.
**In the RULE EDIT SETTINGS there is a rule for "Any Attachment Name" in its own section third up from the lower edge of that area. Look for it.
I receive five to six of these every day, and I continue to think of ways to set rules. The ultimate, which we we would not prefer to do, would be to not accept emails with any attachments, and only accept emails with text only
&:~( .
I have set rules to delete any email with: Sender is not in my address book, and with: Sender is not in my Previous Recipient. That works for my Apple Mail on my desktop. I would prefer to not get these even in my mail on line.
I hope this works for you. I am still continually being extremely bothered with these, and I have no way of knowing where they came from.
Paula F.
iMac 1.9 GHz PowerPC G5 1.5 GB DDR2 SDRAM Mac OS X (10.4.3) Slot Loading 8X Dual Layer SuperDrive, iSight & Apple Remote
I have been getting the same kind of spam emails with "images" in the body, and not text - so a rule for text will not work. This began the week-end of June 10-11, 2006.
**In the RULE EDIT SETTINGS there is a rule for "Any Attachment Name" in its own section third up from the lower edge of that area. Look for it.
I receive five to six of these every day, and I continue to think of ways to set rules. The ultimate, which we we would not prefer to do, would be to not accept emails with any attachments, and only accept emails with text only
&:~( .
I have set rules to delete any email with: Sender is not in my address book, and with: Sender is not in my Previous Recipient. That works for my Apple Mail on my desktop. I would prefer to not get these even in my mail on line.
I hope this works for you. I am still continually being extremely bothered with these, and I have no way of knowing where they came from.
Paula F.
iMac 1.9 GHz PowerPC G5 1.5 GB DDR2 SDRAM Mac OS X (10.4.3) Slot Loading 8X Dual Layer SuperDrive, iSight & Apple Remote
Does this email include attachments that can be saved outside of the message or must these pictures or images be rendered from a remote server to be viewed?
Get SpamSieve at
http://c-command.com/spamsieve/ and tell it which messages are Spam and Good to train its filters. Works very well with all sorts of spammers, and gets updated by its creator as soon as new tricks emerge 🙂
And it will learn by itself all the little details that give away spammers (be it base64 code, img tag tricks, IP-Adresses, specific mailers, spammers domains, …)
12" PB G4/1.2GHz- Mac Book Pro 15 ( - 12" iB G3/500 MHz - PowerMac G4/450 MHz Mac OS X (10.4.6)
Thanks guys. I'll take a look at Spam Sieve. In the meantime, I've gone into my preferences, viewing tab and diabled all the automatic "display remote images in HTML messages" checkbox. Seems a shame I have to shut down all my HTML email, but I guess that's what I should do for now. At least now if I see someone I don't know has sent me a message with a random subject line and about 30 attachments, then I can chuck it manually. Thanks again.
To be honest I'm not sure. My mail was set to automatically download images embedded withing HTML emails. So I've now tweaked that setting in my preferences. By not downloading images, I should insulate myself somewhat, but I still will have to delete the messages manually. Ideally I was hoping I could set up a rule (something not as blunt as a "sender not in my address book") but there doesn't seem to be a "number of attachments" pull down. I was hoping someone might have a suggestion on how to do this since I'm assuming more and more people are starting to see this kind of spam.
If this spam was composed in HTML and includes embedded images that must be rendered from a remote server to be viewed, these are not attachments.
For security, you should not automatically render all HTML received regardless the email client used. If you automatically render all HTML received with the Mail.app and a spam message is automatically marked as Junk when received and includes any embedded images or objects that must be rendered from a remote server to be viewed, these will not be rendered automatically by the Mail.app as a security feature.
If a spam message is composed in HTML and includes embedded images or objects that must be rendered from a remote server to be viewed and these are rendered when opening the message, then it is very likely you are revealing that your email address is valid or "known good" to the spammer causing even more spam to be received.
Thanks again for your response. I double-checked one of the previous spam emails I received, and I do believe they are actually attached image .jpgs. I believe the email size is too large for just a series of references.
At any rate though, I have disabled automatic rendering of HTML images just in case. And I've also stopped using the preview pane so I now have to "open" messages to see them, and not just click on them.
But I suppose I was hoping I wouldn't have to radically change my behaviour to deal with these occasional annoyances. In particular, I thought a simple rule or filter based on the number of attachments would be a relatively easy solution. But then again, I don't seem to be able to find a way to set up a rule to do that. But thanks anyway for the tips.
You are correct in saying it is a shame that you have to shut down the HTML portion of receiving email, but in my determination, the very act of being able to email has been greatly VIOLATED by these spammers. In my opinion they very well could be terrorists who are working so we will not be able to communicate with each other in a quick manner - email.
Now, this is the reason I am making a "blunt" move to not allow anyone who is not in my address book if you hadn't read the "STUMPER SPAM EMAIL" by me:
"...My email address appeared in the very middle of all the other email addresses, and I was the only person from ".Mac." It was made to look as if all emails would land right the doorstep of my email address.
CLINCHER to figure out:
Usual headers followed by:
BEGIN--
"32 really goofy, made up email addresses, most from honest to goodness domains, and a few from made up domains;
Message-id: <E1Fji1c-000269-Mvserver782.dnslive.net>
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - server782.dnslive.net
X-AntiAbuse: Original Domain - mac.com
X-AntiAbuse: Originator/Caller UID/GID - [32184 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - server782.dnslive.net
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php formmail.php
X-Source-Dir: (named)cityballet.org:/public_html
Original-recipient: rfc822;<myemailaddress>
Thank you for your feedback, . We will be in contact shortly.
--A8C3390B-0281-4E48-8F3D-F138EF708F3B--
END--
I think that what someone did above looks like "mac.com" was severely compromised and that really hit me the wrong way and I started taking action.
The links that Allan gave were marvelousely wonderful helpful tools.
It is a shame that we all have to take measures we would rather not take, but
at the rate things are going, we may end up not being able to email at all. Isn't that worth the fight we are undertaking?
iMac 1.9 GHz PowerPC G5 1.5 GB DDR2 SDRAM Mac OS X (10.4.6) Slot Loading 8X Dual Layer SuperDrive, iSight & Apple Remote; iPod Video
