If at all possible, can you add a column checkbox to blacklist domain?

Currently, there is a column with a check box to blacklist the sender; in order to blacklist the domain of the sender, we need to right click on the user and select blacklist domain from the dropdown selection. It would be much easier and faster if a column with 'blacklist domain' were available.

thanks!

Paul

It would also be nice to have a keystroke to blacklist a domain. Something like Ctrl+- (that's "control minus") or Alt+-

And similarly Ctrl++ (that's "control plus") or Alt++ to add entire domain to the friend list.

Why not just allow the user to map their own keyboard shortcuts?


As to blacklisting domains....perhaps that should not be any easier. It might do some good to allow the user the chance to think about it for an extra second before they blacklist an entire domain.

Most of the SPAM is using random faked addresses anyway and blacklisting an entire domain based on what one spammer sends to you is the equivalent of driving a 5/8" nail into a board using a 5# sledgehammer. If you do that, you can pretty much kiss that board goodbye.

pilaar39,

Here are several filters that you can cut and paste into your 'filters.txt' file that might help you.

They are based on IP addresses rather than "faked" e-mail addresses and will do a much better job of trapping mail originating from outside ARIN.

The first three will look for IP address in the 'Received from:' lines in the header that originated from RIPE (Europe), APNIC (Asia-Pacific), and LACNIC (Latin America).


[enabled],"RIPE (Europe)",RIPE,16711808,AND,Delete,EntireHeader,containsRE,"(?# list of IP blocks assigned to RIPE - must be updated as required )^Received: from [^[]*?\[(62|8[0-2]|19[345]|21[237])(\.[1-2]?\d?\d?){3}\]"

[enabled],"APNIC (Asia-Pacific)",APNIC,16711808,AND,Delete,EntireHeader,containsRE,"(?# list of IP blocks assigned to APNIC - must be updated as required )^Received: from [^[]*?\[(6[01]|20[23]|21[01]|21[89]|22[0-2])(\.[1-2]?\d?\d?){3}\]"

[enabled],"LACNIC (Latin America)",LACNIC,16711808,AND,Delete,EntireHeader,containsRE,"(?# list of IP blocks assigned to LACNIC - must be updated as required )^Received: from [^[]*?\[20[01](\.[1-2]?\d?\d?){3}\]"



The next filter will identify most IP addresses that are designated as IANA - Reserved. These IP addresses should NEVER appear in an e-mail header, unless the line they appear in was forged.


[enabled],"IANA RESERVED","IANA RESERVED",180,AND,Delete,EntireHeader,containsRE,"(?# list of IP blocks reserved by IANA - must be updated as required )^Received: from [^[]*?\[([1257]|2[37]|3[1679]|4[129]|5[089]|7\d|8[3-9]|9\d|1[01]\d|12[0-6]|17[3-9]|18[0-79]|19[07]|22[3-9]|2[34]\d|25[0-5])(\.[1-2]?\d?\d?){3}\]"

If you need to know where to find the block assignment (for periodic updates) follow this link for the file location at IANA (Internet Assigned Numbers Authority)

Notes:

When you paste these into your filters.txt file, do NOT allow any extra carriage returns between filters. In other words, each of these filters should be on the line immediately following the last filter.


These filters are set up to flag and mark for deletion any messages that they find. They will not blacklist or bounce any message as set up. You have the option of changing that through the filter edit dialog box.

I would recommend that you don't bounce or blacklist based on any automated function.

Also, these filters are set up to NOT take precedence over the freinds list. I suggest you leave them that way....and at the least add "*@firetrust.com" to your friends list (as well as anyone from those areas that you want to receive mail from). Some of their mail originates from RIPE, some from APNIC and some from ARIN, so you don't wan't them flagged.

denn988, I added these three and they are working for me, all three are getting hits.

denn988, what priority should your IP Address filters take in the filters.txt file?

I have read the suggestions for filter enhancement, and will, with trepidation, try them out. (I have lots of international valid contacts & don't want to risk losing mail from them.)
However, getting back to the original request, I too use the 'add entire domain to the blacklist' which has shortened my blacklist substantially, and would like the option to be more visible.

The regexp filters are fine and nice, but did anyone ever debug them? Also, are there updates of these filters? As a matter of fact I do receive valid mail from all over the world and it can be very relevant. Filtering all mail from China is not an option for me since I have friends there that send me e-mail. And the same will be true for the rest of the world. So I designed an easier way out to at least to be able to detect whether I got a valid reply at my e-mail. All my outgoing e-mail contains the text

PGPkey: 0x0EDD917F (Please keep this line in replies)

where the PGPkey belong to me. There is very little change that anyone
got that same key. The filter simply looks for the presence of that line in my incoming e-mails. Later in outlook this mail is directed to a reply directory.

geo_splash_12, several folks have made suggestions like this but you are the first I've seen to suggest the idea of using the PGP key, not a bad idea.