Using a firewall rule to block email domains...
Does someone know if a ZASS - "Expert rule"
will block a specific email from downloading if I
define an expert rule to block an IP domain? Example: 22.214.171.124 - 126.96.36.199 (China).
There are hundreds of sub-domains from China being used to spam world wide... I use Outlook 2002. The closest I can get using any spam filter is the offending domain.(188.8.131.52 - 184.108.40.206) Example only! There are hundreds of these sub-domains and others from "Asia Pacific", Korea, Tehran, Netherlands etc. Getting these one Sub-domain at a time isn't cutting it... The latest filter buster scheme has dropped the disconnected words in the subject line and are now using "news clips". I get 98% of these but some using my exact email address and addressed specificaly to me alone get through. ( I use a spam filter and my own custom rules in outlook) I discovered 3 unique email signatures that are 100% linked to spam. The only exception is one email addressed only
to me specifically!
Blocking 1 email address is useless. Blocking an offending domain is only about 50% effective (they roll around to non US domains) I guess they don't like US Law...
Can "Expert rules" filter
the E-mail header of a downloading email stream in a client such as Outlook 2002?
Re: Using a firewall rule to block email domains...
Hi rs9,<BLOCKQUOTE><HR>rs9 wrote:
Does someone know if a ZASS - "Expert rule"will block a specific email from downloading if Idefine an expert rule to block an IP domain? Example: 220.127.116.11 - 18.104.22.168 (China).[...]Can "Expert rules" filterthe E-mail header of a downloading email stream in a client such as Outlook 2002?Thanks!<HR></BLOCKQUOTE>
No the Expert Rules do not work like that, they Allow/Block connections to computers on the Internet. You download your email from your ISP's mail server or from your email provider of choice, not directly from say your example China in the IP range of 22.214.171.124 - 126.96.36.199. Your ISP would have to block/filter the email to effectively prevent you from seeing it, and I have not read about any ISP's having a reliable filtering system that would filter 100% of the spam and not filter a legitimate email. You do sound as if you have researched your spam emails fairly thoroughly, I get the impression you don't quite fully understand all you have learned. Let me share with you what I have learned about this and my solution:
In Outlook take an email, good or spam it does not matter, and do what is necessary to view the raw message. By this I mean the message and all headers. Near the top of the headers there should be multiple lines starting with Received:, they indicate the path/mail servers that email has taken to reach you. Starting at the top with the first Received: line, this should be a mail server belonging to your email provider, and reading down the Received entries the last one being the computer that the email originated from. The only reliable Received headers are the one(s) that pertain to your ISP's mail servers, any others can be forged or open proxies. OE has very limited filtering capability, I am not sure about Outlook, which forces us to turn to 3rd party mail filters like what is offered in the ZA products, K9, Popfile and other Bayesian based filters.
Like you I was getting all the typical; cheap software, body part/sexual enhancement, stock alerts, ... emails. Also my email configuration does not work with the Mail Filter found in ZASS, it only filters on the Inbox and I have our email distributed to sub-folders and sub-sub-folders. The above mentioned filters do not work well for NNTP newsgroup filtering of trolls and unwanted messages. One newsgroup I read has fallen victim to a troll invasion, and some there just will not follow the advise of do not feed the trolls. My newsreader, 40tude Dialog,incorporates the use of regular expressions (regex), http://www.regular-expressions.info/php.html, which gives greater flexibility and filtering power. Once I experienced their power and usefulness I wanted the same for my email, unfortunately my wife does not want to learn a different email client. My solution to this was to install a mail/newsgroup server that uses regex filters, Hamster PlayGround, on one computer and let it pull our email and the newsgroups I read. This solution does take some work, learning to write regular expressions and maintaining the filters, but it is working very well. I now have67 regex filters based on 166 IP ranges for 37 countries, which filter any Received headers with an IP range contained in a filter. Theemails are not downloaded from my ISP's server, only the headers are downloaded and if they fail any mail filter they are deleted on the server after the headers and top 50 lines are pulled for a filter report. A side benefit to Hamster PG is it runs as a service and will pull mail and newsgroup posts 24/7 without your mail/news clients running.
I know this is long winded, but I hope it helps you and offers an alternative solution.
Message Edited by Disciple on 05-28-2006 08:09 PM
Re: Using a firewall rule to block email domains...
There is a slightly similar method to reduce much of the foreign generated spam. In ZA Mail Frontier and in Outlook 2003 you can block top domains directly.
ZA junk filter options > Messages > Foreign Language filters will stop messages from the languages you set. That is part of the equation.
In Outlook > Actions > Junk E-mail > Junk E-mail Options
Click on the International tab. There you can block e-mail from a particular top domain.
However, this does not stop the e-mail message from sitting in the post box at your e-mail service provider. It just tosses out the downloaded message. If you have your client set to delete the server message after receipt then this is not a problem. If you keep messages on the server as well as download then the server will continue to have the unwanted top domain messages.