Mark Cherry
September 30th 03, 01:34 PM
To all,
You're probably well aware that spammers and trolls employ frequent address
changes or completely
false email IDs and you may have given up all attempts to add them to your
personal blocked senders
list. Here's some tips which I hope prove to be of use in finding where it's
coming from and how
to stop it, with a minimum of effort.
1. Examining junkmail message headers without opening the email.
Some spam email comes in HTML form and may contain executable applets. These
range from irritating,
but harmless, time-wasters, like fake virus alerts or 'launch IE over and over'
infinite loops,
which force a reboot and could cause you to lose any unsaved work. These scripts
often attempt to
exploit the user's Outlook Express 'preview pane' but most users are already
well aware of the
dangers and have deactivated that feature. Nevertheless, the applets will
execute if sheer curiosity
causes you to open the post conventionally.
To get around this problem, in Outlook Express, RIGHT-click on a suspect email
and, on the drop-down
menu, select 'Properties'. You will first get a small dialog displaying the
message headers.
The From: line will show you what domain it originated on and whether or not the
sender's name has
been anonymized (eg ). I they're not willing to make
themselves known
then you're not going to be interested in what they have to say/sell.
2. If you're still convinced the email is benign and you REALLY want to see what
you would be
missing by deleting it....
Whilst in the Message Properties box, click the 'Message Source' button to see
the email in
text-only form. You can view any HTML codes within the message without risk of
any applets being
executed. You may also see long, meaningless blocks of seemingly random
characters at the end of
the source, particularly where there is an attachment. Whilst this may be
benign, like embedded
font information, it could equally be harmful executable code, such as a virus,
trojan, or worm.
Exit the views and delete the message.
You may also wish to:-
a) Exit Outlook Express and run your virus checker on your system.
b) Download the FREEWARE "Stinger.EXE" from http://vil.nai.com/vil/stinger/ to
detect and remove some
of the recent headline-hitting nasties and their variants.
c) Check Windows Update for your Operating System, Iinternet Explorer and
Outlook Express versions for any emerging
vulnerabilities in the 'message properties' dialog and fixes on offer.
3. Blocking the domain.
Although the spammer may have successfully substituted some random characters
for their username,
you will note that the domain name is not similarly scrambled. The sender's ISP
would not accept the
message without this being valid. Sometimes a particular domain, or country of
origin suffix is
seen time and again. If none of your regular email contacts use these domains
then you'll not be
missing anything by blocking all output from it. Make a written note of it, or
highlight everything
after the '@' symbol, using the cursor and press CTRL-C, to copy it.
Then, under [Tools Menu][Message Rules][Blocked Senders List][Add] type the
domain name (no need
to use the @ character) or CTRL-V to paste what you copied. Choose to block
mail, news, or both and
press OK. You can add more entries at this point, or click OK again, to back out
of the Tools-Rules
menu.
4. Trolls.
This technique is also effective against newsgroup trolls, provided that all
their multiple
handles/email IDs all stem from the same domain, perhaps because they only have
the one ISP
account but adding more is no problem.
5. The recent email 'flood'
The following email rules are currentlly routing virtually all the phoney
"Microsoft Security pack" emails to my deleted items folder.
'Where the message has an attachment' Delete it
'Where the message size is over 80kb' Delete it
To make sure that things like attached photos from your family or friends don't
get zapped by
these, create additional rules which select on the basis of their email IDs (you
can specify
multiple names per rule) and use the 'move the message to the <specified>
folder' option
(create one or more extra local folders to move them to first).
Add the 'and stop processing more rules' option, save the rule, then move it up
the rules list
so that it is processed before the 'delete-anything-with-attachment' rule.
(In case you were wondering, 'stop processing more rules' means 'don't apply
further conditional tests to *this* message' or 'goto next incoming message
and restart from Rule #1').
If in doubt, uncheck the tickboxes against the blanket-deletion rules and use
the 'Apply Now'
button in the rules menu (browse to and select Inbox to apply them to) after
you've received
mail, logged off, looked through your Inbox contents for attachments you were
expecting and moved
them to another folder.
6. The more joy of bulk-deletion.
That's all there is to it. Only a few mouse-clicks difference between automatic
and manual rule application. All that remains is to empty the deleted items
folder
and you're done. No more hitting the delete key hundreds of times over....
regards,
Mark
You're probably well aware that spammers and trolls employ frequent address
changes or completely
false email IDs and you may have given up all attempts to add them to your
personal blocked senders
list. Here's some tips which I hope prove to be of use in finding where it's
coming from and how
to stop it, with a minimum of effort.
1. Examining junkmail message headers without opening the email.
Some spam email comes in HTML form and may contain executable applets. These
range from irritating,
but harmless, time-wasters, like fake virus alerts or 'launch IE over and over'
infinite loops,
which force a reboot and could cause you to lose any unsaved work. These scripts
often attempt to
exploit the user's Outlook Express 'preview pane' but most users are already
well aware of the
dangers and have deactivated that feature. Nevertheless, the applets will
execute if sheer curiosity
causes you to open the post conventionally.
To get around this problem, in Outlook Express, RIGHT-click on a suspect email
and, on the drop-down
menu, select 'Properties'. You will first get a small dialog displaying the
message headers.
The From: line will show you what domain it originated on and whether or not the
sender's name has
been anonymized (eg ). I they're not willing to make
themselves known
then you're not going to be interested in what they have to say/sell.
2. If you're still convinced the email is benign and you REALLY want to see what
you would be
missing by deleting it....
Whilst in the Message Properties box, click the 'Message Source' button to see
the email in
text-only form. You can view any HTML codes within the message without risk of
any applets being
executed. You may also see long, meaningless blocks of seemingly random
characters at the end of
the source, particularly where there is an attachment. Whilst this may be
benign, like embedded
font information, it could equally be harmful executable code, such as a virus,
trojan, or worm.
Exit the views and delete the message.
You may also wish to:-
a) Exit Outlook Express and run your virus checker on your system.
b) Download the FREEWARE "Stinger.EXE" from http://vil.nai.com/vil/stinger/ to
detect and remove some
of the recent headline-hitting nasties and their variants.
c) Check Windows Update for your Operating System, Iinternet Explorer and
Outlook Express versions for any emerging
vulnerabilities in the 'message properties' dialog and fixes on offer.
3. Blocking the domain.
Although the spammer may have successfully substituted some random characters
for their username,
you will note that the domain name is not similarly scrambled. The sender's ISP
would not accept the
message without this being valid. Sometimes a particular domain, or country of
origin suffix is
seen time and again. If none of your regular email contacts use these domains
then you'll not be
missing anything by blocking all output from it. Make a written note of it, or
highlight everything
after the '@' symbol, using the cursor and press CTRL-C, to copy it.
Then, under [Tools Menu][Message Rules][Blocked Senders List][Add] type the
domain name (no need
to use the @ character) or CTRL-V to paste what you copied. Choose to block
mail, news, or both and
press OK. You can add more entries at this point, or click OK again, to back out
of the Tools-Rules
menu.
4. Trolls.
This technique is also effective against newsgroup trolls, provided that all
their multiple
handles/email IDs all stem from the same domain, perhaps because they only have
the one ISP
account but adding more is no problem.
5. The recent email 'flood'
The following email rules are currentlly routing virtually all the phoney
"Microsoft Security pack" emails to my deleted items folder.
'Where the message has an attachment' Delete it
'Where the message size is over 80kb' Delete it
To make sure that things like attached photos from your family or friends don't
get zapped by
these, create additional rules which select on the basis of their email IDs (you
can specify
multiple names per rule) and use the 'move the message to the <specified>
folder' option
(create one or more extra local folders to move them to first).
Add the 'and stop processing more rules' option, save the rule, then move it up
the rules list
so that it is processed before the 'delete-anything-with-attachment' rule.
(In case you were wondering, 'stop processing more rules' means 'don't apply
further conditional tests to *this* message' or 'goto next incoming message
and restart from Rule #1').
If in doubt, uncheck the tickboxes against the blanket-deletion rules and use
the 'Apply Now'
button in the rules menu (browse to and select Inbox to apply them to) after
you've received
mail, logged off, looked through your Inbox contents for attachments you were
expecting and moved
them to another folder.
6. The more joy of bulk-deletion.
That's all there is to it. Only a few mouse-clicks difference between automatic
and manual rule application. All that remains is to empty the deleted items
folder
and you're done. No more hitting the delete key hundreds of times over....
regards,
Mark