In an effort to create filters that will auto-delete spam meeting very specific criteria based on specific text strings that I see repeatedly occurring in spams that I seem to repeatedly get in any given period, I have tried to select key text from the Preview (trying Normal, Raw, and Full display) of a given spam message and insert a certain portion of that text into a Filter that will auto-delete any matching messages. I've even set the filter to respond whether the text string appears in the Body or the Header.

But for some reason, only sometimes does this seem to work. All too often, spam that most definitely appears to match the filter is still getting through without being auto-deleted. I'm quite sure I'm doing everything right, and am wondering if the nature of spam (and their techniques) and the nature of MWP are such that, in fact, what "I think" I'm seeing in the Preview body isn't what the filter is actually seeing.

Even when they try to mix text with code as they sometimes do, and the Preview display shows that they did so, and I select and specify in the filter, say, "VIA>jdaig<GRA" as a full text string, the filter doesn't get triggered even when the same message with the identical string shows up. But I also have the problem when there's no apparent mixing with code. In some cases, they link to a web site, and I put that in the filter, but subsequent spam that also has a link to the same URL gets past the filter.

I really think it's safe to assume I'm doing things correctly.

Is this just how it is or is there something I'm missing?

Thanks.

Post the filter and the string of text (RAW SOURCE VIEW) that you beleive should be trapped by the filter.

When you post...be sure to send it within <blockquote>[code] 'Raw Text' or 'filter code' [/code] </blockquote>format so that it will not be translated on this forum. Also...do NOT disable BBCode when you do that...I had to disable it in this post so the the "[code]...[/code]" prtion did not get translated in this post.

Once we can see what your filter is doing....and the text that you think it should be trapping, we can give you advice. Until then, we are as blind as my wife regarding this.

One thing the html trash is usually randomly generated and will not be the same from one spam to the next in most cases.

Thanks so much for the help.

I haven't tested this with TestRExp and have no idea where to even find it.

Here's the Raw Source text from a new spam that isn't being filtered (I removed my email address and host name. etc, from the header):

[quote="IkebAhah! The text in your filter is different than what is in the message. [/quote]
Okay, that one slipped past me. I'll have to dig through to show the data on others but I'm sure the same thing has happened where there were no special characters at all. At least now I know to watch out for such things.

If I understand this correctly, the text I should work from to create a trigger phrase in a filter is the text I see in the "Raw source" preview, is that correct? (Sometimes the body text it shows is very differentthan what I see in the "Normal" preview.)

And whether I specify "Header" or "Body" depends on whether it's above or below the line of demarcation pointed out by Ikeb, correct?

As to the html gibberish being randomly generated and changing often, any idea of it's in random places or if the little pieces of text between > and < symbols tend to stay the same?

Thanks again!

Whisperer,

I noticed something in the header that may be of interest to you.

Thanks so much, folks.

In giving me advice, please keep in mind some important factors: I'm venturing into new waters by creating filters that will "hide and delete" what they catch. Normally, I visually scan everything before deleting since I'm adamant about never risking false positives as I have a small business with high stakes. Therefore, I need to stay only with what is POSITIVE to ONLY catch actual spam in doing what we're discussing here.

I just found another instance where a newly created filter doesn't seem to be doing the trick.

Body in Raw source view:

As a follow-up to my previous message, for those who would like to see a graphic of the filter that's described that isn't catching the message, here it is (except the full text string is longer than what it shows, as illustrated in the previous post).

Ikeb, I don't understand what you mean, but I'm sure I must be missing something which explains why my filters don't seem to always be working, especially newly created ones.

I thought that when I close MWP it starts a fresh check and download of the server when I reopen it and do a Check, and since I have View set to not show hidden emails, as with other types of messages that I have filters set to leave hidden on the server (but not to delete or blacklist), I assume what I'm after is having it stay on the server... I assumed the filter wasn't working AT ALL since it didn't even treat the message as hidden.

But what am I missing here? What do you mean when you say I didn't "process" it? Oh, wait... Process... as in hit the huge Process icon. Okay... but isn't that just to actually delete things that are checks for deletion, and to put things in the approprate lists (blacklist, friends) for the future? If it's got a filter set to keep it hidden, to mark it for delete and for blacklist, and after closing and reopening MWP and checking mail it turns up in the list (it wasn't hidden as it should have been) and it isn't checked for delete or for blacklist, which it wasn't, that tells me the filter didn't get implemented at all.

Have you tried deleting the seenemail.txt file to get mailwashder to process your new filters on old e-mail?

I thought they would be run when you saved the filter but this is a sure way to get mailwasher to treat the mail as new.