web analytics

More effective spam hunting

The last year or so, spam on my main account has been driving me crazy. Gmail is good about filtering, but my regular account that lives locally is not. On average, I’d get 60 to 100 spams a day, and if I didn’t bother to log in to my main machine for a few days…what a mess!

I discovered Outlook has advanced manual filtering, but I flailed around for a while trying to work out how to craft a filter that would catch the bastards.

At first, I tried filtering based on subject words, like Costco or Southwest or rewards, but that meant multiple, multiple filters that changed over time and the risk of stopping a legit email that contained a stop word.

Then I tried based on certain words in the sender’s address, which ultimately worked but had a learning curve. The filter completely ignores the informal part of the address (Costco Smart Shopper or Southwest Rewards). It has to be something in the @ itself, and those were always different.

Or were they? I noticed the name@name.name was different every time, but the top level domain – .boats – was always the same. Poor old .boats is a legitimate TLD for, like, boat people. So I set all .boats email to go into quarantine, and viola.

How the spammer latched on to it and what the advantage is to do it this way, I can’t figure out, but my filter worked like a charm. Until today, when a flood was back in my inbox. I checked and there was not a single .boats address among ’em – it’s now all .lat. Poor old Latin America, but easy fix.

That suggests to me the majority of my spam is coming from a single source. Oh, and the nrsc – for god’s sake filter out .nrsc for the next year.

Now that legit filters out all of my spam, except this guy:

ypyz2015@163.com is the spammer. He’s an oriental gentleman trying to sell me engineering. His address is always the same, but the sender’s address is always different. Outlook seems blind to the second address on send on behalf, even though it’s an Outlook thing.

Why, yes…I do talk like this at parties.


Comment from S. Weasel
Time: November 8, 2023, 7:10 pm

This has also let me see how much of my inbox is stuff I’ve legitimately signed up for at one time or other. Newsletters, businesses I buy from.

Every once in a while, I go on an unsubscribing spree,but I always feel funny about it. Like it’s a snub.

Comment from Uncle Badger
Time: November 8, 2023, 9:03 pm

This all could have been stopped early on. Just a handful of 200 year jail sentences. Or impossible to pay fines. There are other ideas… not least making the corporations that stole the Internet from us being made responsible for more than creaming zillions off us.

Comment from Uncle Al
Time: November 9, 2023, 3:02 pm

Ironic, but I’m having the opposite problem: intermittently emails sent to me by friends and acquaintances (and whose addresses are in my address book) are getting their messages bounced back for having “SPAM-like characteristics”. My ISP account settings are for normal protection but what’s most curious is that sometimes this happens and sometimes it doesn’t. The bounced messages contain no links, heck they don’t even contain HTML, and most come from gmail or similar domains.

Go figure.

Write a comment

(as if I cared)

(yeah. I'm going to write)

(oooo! you have a website?)

Beware: more than one link in a comment is apt to earn you a trip to the spam filter, where you will remain -- cold, frightened and alone -- until I remember to clean the trap. But, hey, without Akismet, we'd be up to our asses in...well, ass porn, mostly.

<< carry me back to ol' virginny