Don't want to exlcude "high" or "higher" etc.

It's jsut that the number of Posts yelling "hi" is ridiculous.

Thanks

In the filter creation box just choose the field The 'Subject' field and then in the next field make sure contains is chosen, then in the next field type in hi.

As far as I know that should do it but the above I think would hit on any instance of Hi in the subject line. Now if you want to filter on just when Hi is the only word in the subject line then someone around here who is good with regular expressions will have to help you out.

-- To weed out emails with a subject of just "hi" --

filter the subject field, containing RegExp, as follows:

^hi$

because
^ = beginning of line
$ = end of line

-or variations like the one below to handle trailing junk or spaces:
^hi([\s\W]*)$

I have noticed something about most SPAM that I receive that starts out with 'Hi' in the Subject.

That is the fact that most of them use ISO charator encoding.

If you look at the 'RAW TEXT' of these messages so that you can see the header, you might notice as I did that the SUBJECT line will begin:

Ghol,

I am always willing to listen to objections and concerns raised by others.

When you get those messages with non-standard text (German umlauts)...does the RAW Subject line in the header begin with     =?ISO-8859-    ....or do they use individual charactor codes such as     ä     ( & #228; - without the space between the & #)???

That would make a big difference...

Send yourself a test message using the umlauts and see what the RAW header looks like on the 'Subject;' line of the header....then post your findings here..

OK. This was the mail (header excerpt) that arrived from a customer called Jürgen, the other word is "Änderungen":

Date: Tue, 16 Dec 2003 18:25:06 +0100
Subject: 2 people... kleine =?ISO-8859-1?B?xA==?=nderungen
From: J=?ISO-8859-1?B?/A==?=rgen Sxxxxxxxxxx <mail@domain.de>


After working on the file, I "replied", and this was the subject in the header (I sent myself a copy to test).

To: <ghol@mycooldomain.de>
Subject: =?iso-8859-1?Q?WG:_2_people..._kleine_=C4nderungen?=
Date: Tue, 16 Dec 2003 18:53:42 +0100

What I found interesting was that the position of the _ISO_ had changed automatically. By the way,
"WG:" is German for "FW:" and the word again is an "Änderungen".

And the code for the umlaut changes.

I just wrote myself a mail. With a new mail the ISO bit is obviously at the beginning of the line. Even in German mails it only appears in the subject if there is an ISO character in the line. Thought I would show you the body too:

From: "ghol" <ghol@mydomain.de>
To: <ghol@samedomain.de>
Subject: =?iso-8859-1?Q?=D6ffnen_des_angeh=E4ngten_Dokumentes?=...
...
...
...

This is a multi-part message in MIME format.

------=_NextPart_000_008B_01C3C411. ...
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Sehr geehrter Herr M=FCller,=20
=20
Mit freundlichen Gr=FC=DFen
=20
Ihr Herr M=F6ller=20

------=_NextPart_000_008B_01C3C411. ......
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE>Nachricht</TITLE>

<META content=3D"MSHTML 6.00.2800.1276" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D078580819-16122003><FONT size=3D2>Sehr geehrter Herr =
M=FCller,=20
</FONT></SPAN></DIV>
<DIV><SPAN class=3D078580819-16122003><FONT =
size=3D2></FONT></SPAN>&</DIV>
<DIV><SPAN class=3D078580819-16122003><FONT size=3D2>Mit freundlichen=20
Gr=FC=DFen</FONT></SPAN></DIV>
<DIV><SPAN class=3D078580819-16122003><FONT =
size=3D2></FONT></SPAN>&</DIV>
<DIV><SPAN class=3D078580819-16122003><FONT size=3D2>Ihr Herr=20
M=F6ller</FONT>&</SPAN></DIV></BODY></HTML>
[/quote]

Ghol,

I can see where you might have a problem with the SUBJECT ISO filter that I had posted.

There is an easy solution though.

You want to modify the rule that I had previously posted to:

That would be the NEW first rule for the filter.

Based on what you have posted, the first rule needs to be modified to cover any use of ISO encoding in the Subject line.


The second rule would be:

Code:

The 'Subject' field...does not contain RegExpr... [\x80-\xFF]

All of the rules would need to be satisfied ( AND ) for the filter to fire.


The second rule then looks at the translated Subject to see if any of the ASCII charactors 128-255 are present (Hex 80 to Hex FF) as follows:
<tt><blockquote>€  ‚ ƒ „ … † ‡ ˆ ‰ Š ‹ Œ  Ž   ‘ ’ “ ” • – — ˜ ™ š › œ  ž Ÿ   ¡ ¢ £ ¤ ¥ ¦ § ¨ © ª « ¬ ­ ® ¯ ° ± ² ³ ´ µ ¶ · ¸ ¹ º » ¼ ½ ¾ ¿ À Á Â Ã Ä Å Æ Ç È É Ê Ë Ì Í Î Ï Ð Ñ Ò Ó Ô Õ Ö × Ø Ù Ú Û Ü Ý Þ ß à á â ã ä å æ ç è é ê ë ì í î ï ð ñ ò ó ô õ ö ÷ ø ù ú û ü ý þ ÿ</blockquote></tt>


If the translated Subject line contains any of the above charactors...the filter will NOT fire.

You might want to look at the charactor codes at this link to narrow the list of charactors to exclude on in the second rule.

Hopefully...all the charactors that you want to make sure can be contained without triggering the filter are included in the above list. If not, you can use UNICODE charactors in the Expression also.

Let me know if this helps....

What would be the solution to exclude a vaid Unicode-encoded Subject?

@Denn998: yes, it works (so far). Thank you for that addition. And the link is useful. So now I could even specify exactly which German characters I accept, but that's hardly necessary, and there are more pressing filters to sort out.

Ikeb,

I was nice to you once and posted a few colors for you. Please don't think that because I did that, that I am going to create a post that contains all 65536 possible charactors available with UNICODE.

If you want to see what the charactors might consist of, please follow the links on this page.