web analytics

More effective spam hunting

The last year or so, spam on my main account has been driving me crazy. Gmail is good about filtering, but my regular account that lives locally is not. On average, I’d get 60 to 100 spams a day, and if I didn’t bother to log in to my main machine for a few days…what a mess!

I discovered Outlook has advanced manual filtering, but I flailed around for a while trying to work out how to craft a filter that would catch the bastards.

At first, I tried filtering based on subject words, like Costco or Southwest or rewards, but that meant multiple, multiple filters that changed over time and the risk of stopping a legit email that contained a stop word.

Then I tried based on certain words in the sender’s address, which ultimately worked but had a learning curve. The filter completely ignores the informal part of the address (Costco Smart Shopper or Southwest Rewards). It has to be something in the @ itself, and those were always different.

Or were they? I noticed the name@name.name was different every time, but the top level domain – .boats – was always the same. Poor old .boats is a legitimate TLD for, like, boat people. So I set all .boats email to go into quarantine, and viola.

How the spammer latched on to it and what the advantage is to do it this way, I can’t figure out, but my filter worked like a charm. Until today, when a flood was back in my inbox. I checked and there was not a single .boats address among ’em – it’s now all .lat. Poor old Latin America, but easy fix.

That suggests to me the majority of my spam is coming from a single source. Oh, and the nrsc – for god’s sake filter out .nrsc for the next year.

Now that legit filters out all of my spam, except this guy:

ypyz2015@163.com is the spammer. He’s an oriental gentleman trying to sell me engineering. His address is always the same, but the sender’s address is always different. Outlook seems blind to the second address on send on behalf, even though it’s an Outlook thing.

Why, yes…I do talk like this at parties.

November 8, 2023 — 7:08 pm
Comments: 3