How to catch Spam with variation names

Forum for MailWasher Pro 7 and/or older 2011/2012 versions.
Roy124
Student Sheep
Posts: 16
Joined: Wed Sep 29, 2010 9:36 am

How to catch Spam with variation names

Mon Jul 17, 2017 3:34 am

I have set a spam filter to catch Victoria Brides, another to catch Victoria_Brides but I then get a message from VictoriaBrides and sso on. It is as if each bounce encourages them to create a version designed to defeat the filters. The Domain name has similar variations.

One time the From address contained _ and then -- and then --- and so on as I created even more filters. Then stopped as if they had moved to a different pattern.

Is in possible to set up compound filter such as Victoria+*rides as the also change capitalisation and this seems to bypass the filters?

Roy
User avatar
Digerati
Microsoft MVP
Location: Nebraska, USA
Posts: 1921
Joined: Thu Jul 24, 2008 3:16 pm

Re: How to catch Spam with variation names

Mon Jul 17, 2017 3:43 am

Try shortening the pattern. For example, check for messages with vict instead.
Image Bill (AFE7Ret)
Freedom is NOT Free!
Image Windows and Devices for IT, 2007 - 2018
Heat is the bane of all electronics!
─────────────────────
User avatar
Sidewinder
Weary Womble
Posts: 11676
Joined: Sun Mar 29, 2009 2:05 pm

Re: How to catch Spam with variation names

Tue Jul 18, 2017 5:57 am

Bouncing remains a really bad idea. It encourages the spammers to attack since they know they have a live email address.

Use the Spam reporting function within MWP. It takes time but works.
You can also create a filter and use multiple variations of the keywords in the same rule and once you satisfied that it is working change the settings to auto delete the email.
I am not a Firetrust employee. Just a MW User & Volunteer BETA Tester.
Remember "FREEDOM IS NEVER FREE" U.S.N.
DT W7 64 HP SP1 16GB Ram - LT W7 32 HP SP1 4GB Ram - iPad4 64 GB Ram WiFi/Cellular IOS 9.3 Beta 3
User avatar
Digerati
Microsoft MVP
Location: Nebraska, USA
Posts: 1921
Joined: Thu Jul 24, 2008 3:16 pm

Re: How to catch Spam with variation names

Tue Jul 18, 2017 8:42 am

Bouncing remains a really bad idea. It encourages the spammers to attack since they know they have a live email address.
I think more than that, most spammers spoof an invalid or somebody else's email address in the spam messages. So bouncing back to the sender sends the message to the bit bucket, or to some innocent user. Either way just dumps more clutter on the internet.
Image Bill (AFE7Ret)
Freedom is NOT Free!
Image Windows and Devices for IT, 2007 - 2018
Heat is the bane of all electronics!
─────────────────────
User avatar
Resonant1
Mystified Moa
Posts: 5
Joined: Tue Jun 09, 2009 7:27 am

Re: How to catch Spam with variation names

Tue Aug 08, 2017 2:52 am

Digerati wrote:Try shortening the pattern. For example, check for messages with vict instead.
The trouble with shortening is that soon you can block legitimate return addresses and lose out on something you really wanted. The shorter and more generic a filter is, the more that will happen.

- Jim -
User avatar
Resonant1
Mystified Moa
Posts: 5
Joined: Tue Jun 09, 2009 7:27 am

Re: How to catch Spam with variation names

Tue Aug 08, 2017 3:25 am

Sidewinder wrote:Use the Spam reporting function within MWP. It takes time but works.
Don't be too quick on spam reporting. You can unintentionally make someone's life miserable if the spammer is using someone else's return address, as most spammers do for this very reason.

I once sent a funny story to my wife at her work address. Their IT department had their mail language filters wound too tight and cluelessly set them to automatically spam report any source with any hits on the filters. In my case they hit on a fairly innocuous word in my story. I was sending from my business account at the time.

From that moment on my business domain filtered into the lists of all the spam reporting agencies in every variation of my domain name. I could no longer send mail to my wife and I started getting grief from other agencies and internet service providers of all kinds. Once you're on the lists there is virtually no way to get off the lists. That was years ago and I am still impacted by it today over one ham-handed premature report.

Be mindful of what you are doing with reporting and be absolutely certain you have an actual spammer's address. Better yet, fix your own filters and skip reporting. Reporting is a "fire and forget" function that can do much more unintended harm than what you thought it would. Spammers have made a career out of learning how to foil reporting and filtering. That means that more often than not you are missing the real target.

A better approach is to filter on detailed body content instead of the from address and forget reporting altogether. And by "detailed" I mean non-ambiguous phrases rather than single words or generic phrases that anyone might use. You can even do a "view source" on the e-mail and filter on HTML or MIME text strings that do not normally appear on screen.

- Jim -

Return to “MailWasher Pro 7”