Blank Sender Filtering

 CastleCops -> Mailwasher - Troubleshooting / General
Author: ppeier PostPosted: Sun May 25, 2003 5:48 pm    Post subject: Blank Sender Filtering
Rolling Eyes I am getting some Spam with a blank from Address
and MailWasher of course allows Delete but not Bounce since there is no return address.

I there a way to track these guys down and then flood them with their E-mail or is this something that the ISP has to take care of and block anonymous E-Mail at the Server?

Thanks
Author: Ikeb PostPosted: Sun May 25, 2003 7:16 pm    Post subject:
Yes, and I wish they would do so. These sorts of things need to be recognized as responsibitities inherent in the provision of ISP services. To make such responsibilities mandatory, legal penalties need to be put in place and enforced for ISPs which don't fullfill those obligations.
Author: IP: 24.69.*.* PostPosted: Sat May 31, 2003 1:50 am    Post subject: Re: Blank Sender Filtering
ppeier wrote:
Rolling Eyes I am getting some Spam with a blank from Address
and MailWasher of course allows Delete but not Bounce since there is no return address.



Yes and you cannot auto-delete it either. Is there a way to auto delete any address from a blank return address as it is almost certainly spam. Question
Author: stan_qaz PostPosted: Sat May 31, 2003 2:18 am    Post subject:
You could view full headers, copy the message to the clipboard and then go to spamcop.net and then paste into their reporting tool to ferret out the spammers.

I'd watch the flooding though, your ISP might get all soggy and hard to light if they report you back...
Author: sighthound PostPosted: Sat May 31, 2003 3:00 am    Post subject:
No way to auto delete these emails, but you can set up a filter for them - you can then choose to "not display in list " if you want.
Filter for empty from field is:
You would use: The 'From field' does not contain RegExpr, and then place a full stop . in the next box.
Remember, the full stop . means any character, so we are making a rule that "from" line does not contain any character, meaning a blank "from" line.
Author: garyLocation: Dallas/Ft. Worth, USA PostPosted: Sat May 31, 2003 5:51 am    Post subject:
You can also use the following expression in the same manner as explained above:

[\w.-]+@([\w-]+\.)+[A-Z]{2,4}

It does a little more complete check, so that guys with badly formed addresses like "9@9.9" don't get through either (<- actual example from my blacklist.) You could probably write one with a tighter check for top-level domains, but I got lazy.
Author: csalsaLocation: Australia PostPosted: Tue Jun 03, 2003 3:10 am    Post subject:
You to filter using the regular expression on the 'The From Field'.

What about applying it to 'The return path' as well and apply when the regular expression matches either field?
Author: garyLocation: Dallas/Ft. Worth, USA PostPosted: Tue Jun 03, 2003 3:26 am    Post subject:
You can certainly do that, if it works for you. According to RFC 1123, mailers are supposed to record the Return-Path. However, I've found that in practice, it is often not provided, even in legitimate e-mails. Instead, it has to be assumed from the From field. As a result, I got way too many false positives.
Author: IP: 24.69.*.* PostPosted: Thu Jun 05, 2003 7:05 pm    Post subject:
Thanks gary and sighthound for good advice. As long as these mails are marked as spam, it is just like auto deleting I suppose. Very Happy
CastleCops -> Mailwasher - Troubleshooting / General

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group