Firetrust Support Forums

I have been getting a lot of these spam emails lately and have been dealing with them manually. MWP is guessing their spam - it's right. What I would like to do is create a filter that traps these spam emails, bounces them, and then deletes them. I have looked at the Regex Filters link for syntax, but not before both Malwarebytes Browser Guard and Bitdefender Total Security told me that the link was unsafe. Regex syntax was very confusing to me.

Any help would be appreciated. Thank you, and have a great day.

Regards,
Phil

https://www.sendspace.com/file/fa6ck6

Well, sorry, but I'm not clicking on the random link you included.

With this being your one and only post, we don't know you. With you providing absolutely no explanation for what that link is, we don't know what it is. And when I hover over that think and still get no clue as to what it is, then sorry, but that all adds up to suspicious behavior.

This is a security oriented site. It is a common target for bad guys who don't like programs, people and companies that try to block their nefarious activities. An unidentifiable, unsolicited link in a member's one and only post is a BIG red flag. And one of, if not the most important "practice safe computing" rules EVERYONE must follow ALL THE TIME is, "don't be 'click-happy' on unsolicited links!"

Nothing personal - just the way it is.

However, also typical is for those site spammers to have just joined. You apparently joined in April 2022 and never posted. So, in case you are an innocent person with a legitimate question, I will try to address some of your concerns. First, I am not an expert on Regex syntax either. That is too much like programming and I'm a hardware tech. I much prefer a meter probe in one hand, and a soldering iron in the other. But I have been using MailWasher for 20+ years.

Note there would have to be something in common with all these emails in order for a single filter to pick them up. Spammers specifically try to avoid that just so filters can't pick them up. So, if me, I would look for a common address or term and create a filter for that.

I do things a bit backwards from many around here - but it works great for me. I get about 60 - 80 emails a day, addressed to 6 email accounts from gmail and my ISP. What I have done is create almost 3 dozen regular filters that pick up all the "good" emails I regularly get.

Since the good senders do not use deceptive tactics, it is easy to create a filter for my friends, family, and other contacts, newsletters, my banks, forum post notifications and other things I intentionally subscribed to.

Then in the morning, when most of my emails come in, I can easily scan my MWP inbox and immediately spot the emails that were NOT tagged by one of my filters as there will be no filter name label in the Status column. With no label, odds are, it is spam.

IMO, it generally is not a good idea to have MWP automatically delete your tagged emails. This is because false positives happen, even with the best filters and spam blockers. IMO, it is better to have suspect spam simply tagged as spam (or not tagged at all with my filtering method) so you will spot it and can make the decision yourself, on an individual basis.

Do NOT use bounce! Bounce is a feature that should go away, and hopefully will go away in the next version.

The reason why is simple. Spammers NEVER use their own email addresses. Instead, they typically spoof some innocent person's or company's address so you will think it comes from that innocent person or company.

If you bounce the spam email (if not blocked by your ISP) that innocent person will get the bounce notice, not the spammer. In effect YOU will be attacking that innocent person with spam! Note too, many ISPs don't like their customers bouncing emails and they could terminate your agreement.

Or, spammers use a fake email address. This results in your bounce hitting a server, the address rejected as not valid, and it gets bounced right back to you. You end up spamming yourself!

The ONLY time bouncing might be effective is if your EX is stalking you, you know the address she is using is legit, and you want her to think you no longer exist.

Also, spammers are constantly changing the email addresses they use (or spoof) - often multiple times a day. This is to prevent those addresses from getting blacklisted, or because they have already been blacklisted. Ether way, your bounce is ineffective.

BTW, why can you trust my link to "spoof" yet I cannot trust your link? Because (1) you can hover over mine and see it goes to www.fbi.gov. and even get a sense of the topic. I hover over yours and it tells me nothing. And (2), this is not my first and only post on this site.

@Digerati

I have seen you around the Forums I visit. Thanks for the explanation of the "Bounce" feature. I will cease using that.

I have seen you over at the Malwarebytes Forums, where I am an "Expert." I am a Malware Response Instructor over at Bleeping Computer and a Dell "Tech Expert" at the Dell Forums. I am most definitely not a spammer. I just never had a reason to post here before, although I have visited a number of times to see what is going on and to learn more about MailWasher Pro.

The link is to a snip of my MWP Recycle Bin posted at Sendspace.com, a file-sharing outfit. I could not get the "[IMG]" tags to work, so I just linked to it directly.

I just had to reinstall an older version of MWP to get it working again. It was fine yesterday and crashing today, so after this post, I will have a grand total of 4 posts here.

Have a great day.

Regards,
Phil

You say now you had to roll back to a previous version of MWP to get it working "again". Your opening post did not suggest it used to work then stopped working. And for sure, it seems odd you would have to revert back to a previous version. The last update was back in August.

I suspect if you upgrade the latest again, it will work as you expect.

@Digerati

Firetrust has acknowledged the problem. The Forum is full of complaints. Here is a link to one response from Firetrust.

viewtopic.php?f=50&t=58531#p168192

For the record, my first post yesterday had nothing to do with this bug, which I only found this morning, like other users. My initial request was for help with constructing RegEx filters against spammers inundating my Inbox.

Perhaps I am mistaken, but I sense some hostility . . .

I am not sure what error I committed in asking for help with RegEx syntax, but you started by assuming I was a spammer and now have confused this new bug with my initial request in my first post.

Have a great day.

Regards,
Phil

I am aware of that problem. As you noted, the forum is full of complaints. The primary thread is here: viewtopic.php?f=50&t=58513

but you started by assuming I was a spammer and now have confused this new bug with my initial request in my first post.

Not true at all! I simply noted your post appeared suspicious for the reasons I stated. If I assumed you were a scammer, I would have reported you and not replied at all.

And no where did I suggest or indicate your regex issue had anything to do with this unknown error - so I am afraid it is you making assumptions and jumping to conclusions.

And as you noted, your initial post did not indicate it was related to this unknown error problem. And when I initially replied, I was not even aware of it either because I was still replying to you based on email notifications I received BEFORE this unknown error issue surfaced.

So I am not sure what you mean when you say you sense hostility - but it is now me sensing it from you. If you felt it was from me, my apologies - none meant. As I noted, if I was upset with your post (thinking you were a spammer) I would have just reported your post as suspicious. But as I explained, I was giving you the benefit of the doubt since you didn't just join before posting.  

I hope we are on the same page now. We are good, as far as I am concerned. Now we just need to hurry up and wait for this other problem. That said I don't see how it will affect your regex issues.

Have a good day.

@Digerati,

Thank you for your reply. As you noted, spammers normally jump right in immediately after joining. Yes, I registered for this Forum immediately after purchasing lifetime licences for MailWasherPro 18 months ago to read about how to use the program most effectively. I had nothing to contribute, so I declined to make useless posts.

In any event, my question still stands about whether RegEx filters can be used to automate the handling of some of the multiple spam emails I receive daily, and I thank you for your response. I read the tutorials by Andrew. I was very sorry to learn that he had passed away many months ago. He was a frequent and valued contributor at Bleeping Computer, my cyber "home base."

Have a great day.

Regards,
Phil

Wizcrafts is probably the most knowledgeable when it comes to RegEx filters. I have asked him to pop into this thread and perhaps, offer some suggestions.

@Digerati,

Thank you for your kind interest in soliciting assistance for me. I suspect, as you have suggested, it might be impossible to approach the problem of identifying the random spammer addresses and that perhaps I should construct RegEx filters to identify good senders.

I hope that Wizcrafts accepts your invitation.

Thank you again, and have a great day.

Regards,
Phil

@Digerati

This Forum has very restrictive avatar photo pixel restrictions. I spent some time and resized a photo to conform to those restrictions and have also added a signature to my profile. Perhaps it will eliminate any possibility of being suspected of being a spammer. I should have done that when I joined.

Have a great day.

Regards,
Phil

Issue resolved, please see:
viewtopic.php?f=16&t=58538&p=168432#p168432

Thanks!

In light of gingbat's post, is your RegEx issue resolved?

Edit comment: fixed typo.

garioch7 wrote: ↑

Sun Nov 12, 2023 8:15 am

I have been getting a lot of these spam emails lately and have been dealing with them manually. MWP is guessing their spam - it's right. What I would like to do is create a filter that traps these spam emails, bounces them, and then deletes them. I have looked at the Regex Filters link for syntax, but not before both Malwarebytes Browser Guard and Bitdefender Total Security told me that the link was unsafe. Regex syntax was very confusing to me.

Any help would be appreciated. Thank you, and have a great day.

Regards,
Phil

https://www.sendspace.com/file/fa6ck6

Mailwasher filters cannot be used to bounce email. They can only delete, or mark for deletion. So, if you wish to bounce an email, you must do so manually. When it comes to actual spam and scams, bouncing is ineffective. The spammers and scammers will probably not get that bounced message. This is because they are hiding behind VPNs and other systems that mask their actual location. The bounced messages will go to innocent users whose email addresses have been "borrowed" by spam operations for use in scams. Thus, I don't recommend bouncing emails unless you are certain that the Return Address actually goes to the alleged sender.

If you need help creating a filter that deletes, or marks for deletion, what are the conditions that must be met? I may be able to create a filter that covers those items. But, the longer the RegEx, the longer it takes to run.

Digerati,

I have the new update (7.12.188), and it is working perfectly. I wasn't having problems with RegEx filters caused by the bug. I was seeking assistance to properly code RegEx filters to reduce the amount of spam coming into my Mailbox (23 yesterday). Wiz has kindly offered to assist me in that regard. Thank you for your assistance as well.

Have a great day.

Regards,
Phil

Good. I am glad MW is working and you are getting your RegEx issues sorted. Thanks for posting your follow-up.

And thanks to Wiz for stepping in.