Wildcard additions for your MailWasher Pro blacklist

MailWasher Pro is a commercial, anti-spam, email screening program for your POP3 desktop email client. The program uses a combination of techniques to intercept and remove spam, viruses, exploits and scams, from the email server, before they are downloaded to your regular email client. One of these detection techniques is user created blacklists. If you are already using MailWasher Pro to screen your incoming POP3 email, I have some additions for your blacklist, that may help reduce the amount of unclassified spam you have to sort through.

Many of you have been reading my weekly blog spam analysis reports, which are obtained from my MailWasher Pro Statistics. The statistics are categorized into the various types of spam that my custom filters match and delete. For the last few months I have been using custom filters to catch and categorize spam, exclusively, as opposed to creating a blacklist of spammers. This usually makes sense, because spam is always sent with a forged "From" address, often comprised of random characters, making it impractical to blacklist these fake and (usually) non-repetitive addresses (some are repeated).

However, during the last few months I have been able to find a filterable pattern in some of the spam messages, in their "From" field. I have created two new rules which you can add to your MailWasher Pro "Blacklist" to match and delete a large number of the current spam messages, in the wild at this time. Using these rules in addition to the learning filter and databases of known spam, and possibly my custom filters, will reduce the amount of spam you see to a dribble, instead of a waterfall.

With MailWasher Pro open, click on the "Spam Tools" button, then on "My Blacklist." Next, click the +ADD button and click the "radio" option for "Wildcard expression." Enter this expression:

dw+m@+.+

Click OK to save it. Now, create another new rule, with this expression:

lin+met@+.de

Click OK to save it. Look in the "Action" section of the Blacklist options and choose the action you are comfortable with. I would recommend selecting "Mark the mail for deletion" and 'On "Process Mail" (Recommended).' Before you leave this area, click on the "List Options" button, in the upper right. There are check-boxes and options for how long the blacklist will keep watching for these email addresses, before deleting them. Since it is rare to see the same forged email addresses persist over very long periods of time, you can set the times to expire unused addresses as follows:

Unused individual addresses: 7 to 10 days
Unused wildcard addresses: 90 to 180 days

Expiring useless addresses and wildcards will keep the blacklist to a smaller file size, which means it will load faster and be able to match incoming messages more quickly. When you have made your expiration selections click OK, to close the List Options, then OK, to close "My Blacklist" and the "Spam Tools."

Be sure you set your MailWasher Pro options (Tools > Options > Summary) to "Enable Message Logging" and to "Allow deleted email to be restored from the Summary Screen." Be sure you read your (MailWasher Pro Recycle Bin) statistics every day, as often as possible. If you see a legitimate email that was deleted by the blacklist, or any other filter, you can restore all, or at least part of it, from the Recycle Bin Statistics page. The amount of lines restored is determined by the option on the General tab, for "Spam Throttle - Download first (selected number) lines." I use 300 lines, which is not the fastest scanning, but is more accurate at catching spam that uses HTML tricks. If you want faster scanning, try reducing the number of lines to 200. This will get the scanning done faster, but if a legitimate HTML email was deleted only a percentage of it can be restored. If it was a newsletter you may only recover a small percentage, whereas a personal email may be fully recovered with only 200 lines saved. 300 lines seems to recover a fair amount of HTML content, but not everything, in newsletters.

How much spam those two wildcard filters will block is hard to say for certain, but it sure will make a dent in the level of messages that make it through your defenses. These particular filters match a technique used by certain spammers to identify their products as distinct from those of other spammers. They are sent from infected computers that are members of a spam Botnet. After a while the spammers using these identifying techniques may discard them for new ones, and I will post new details for blacklist rules, when that happens.

NOTE: Always whiltelist your contacts by adding them to your MailWasher Pro "Friends" list! The Friends list overrides the spam filters, unless you specify that the opposite should occur.

For information about the custom filters mentioned earlier, read my web page about MailWasher Pro Filters. To read about the program itself, and download a trial copy, go to my MailWasher Pro web page.