Email filter rules to block spam for counterfeit Pfizer products
March 12, 2014
Almost everybody who has used an email account to send or receive email has received 'tons' of spam messages promoting the illicit sale of counterfeit male performance drugs, such as Viagra.
These spam email messages often have the words "Viagra" or "Pfizer" in the From (Sender) field, to try to catch the attention of gullible people, imploring them to click on the enclosed links, leading to fake online pharmacies, selling counterfeit drugs, for which the spammers act as paid affiliates.
The folks that do knowingly click on links to buy Viagra (or Cialis, or Levitra) from these fake pharmacies are bypassing the only protection their country's medical system offers: the requirement to consult your physician and be tested to see if you are able to safely use that drug without the risk of serious consequences, and if so, at what dosage. They are placing themselves at serious medical risk by purchasing unregulated drugs that are produced by counterfeiters in Asia.
Most of the fake Viagra pharmacies dispensing Asian drugs are hosted on Russian domains, owned by Russian and Ukrainian drug spam syndicates using payment portals friendly to cybercriminals.
Last, but not least, Americans who purchase prescription drugs from foreign online pharmacies that ship the drugs to the USA, are violating Federal laws that forbid the personal importing of prescription drugs from abroad. Penalties start with seizure of the packages and may go up to fines and imprisonment for repeat offenders or distributors.
If you are not one of the gullible people who click on links in spam messages and are not interested in even seeing this kind of garbage in your email client's inbox, read on.
As a long-time spam fighter, I have been writing anti-spam filters for use in MailWasher Pro, which is made by Firetrust Ltd, based in New Zealand. I publish my own MailWasher spam filters for others to use, at no charge (other than the occasional donation). Note that these filters are specific to MailWasher Pro.
Lately, I have received a few requests from non-MailWasher users to show how them my spam filters can be "ported" for use in certain desktop email clients, like the long-deprecated Outlook Express or Windows Live Mail and even to Mac Mail. While I cannot "port" my entire filter set to another program, I can explain how particular filters can be composed in say Windows Live Mail, to do basically the same thing. I'll even go one step further and show how Webmasters and domain owners who have websites hosted on servers running cPanel can create custom spam filters to block email for counterfeit Pfizer drugs, or anything else that is known spam.
The following conditions and actions can be combined in Windows Live Mail (and also Outlook Express), to auto-delete spam that spoofs Pfizer, or Viagra (and a few misspellings), in the From (Sender) field.
To create or edit filter rules in Windows Live Mail, open the email interface, click on the "Folders" tab, then click on "Message rules," then on "Email rules," then click on "New." An editable box opens titled "New Mail Rule." Working from the top down, proceed as follows.
- Under "Select one or more conditions," place a checkmark in: Where the From line contains people
- This puts the words "Where the From line contains people inside the large text box. Click on the underlined "contains people" link to open an edit box where you can type or paste in words and phrases.
- Type or paste in the first word you want to block - in the top input field, then click the "Add" button. In this case it can be: Pfizer
- Your word appears in the "People" box, surrounded by single quotes. 'Pfizer'
- As soon as you add the first word, a button labeled "Options" becomes active. Click on Options.
- Choose these two options from the two groups: 1: "Message contains the people below" and 2: "Message matches any one of the people below"
- Continue adding words and phrases, one at a time, until all of these and any additional ones you find in spam messages hve been added to the list: 'Pfizer' or 'Viagra' or 'Viiagra' or 'Vigara' or 'Cialis' or 'C1alis' or 'Canadian-Pharmacy' or 'Canadian Pharmacy' or 'Canad1an Pharmacy' or 'sex remedy'
- Under "Select one or more actions" - choose: "Delete it from server"
- In the bottom input field, name your new rule something like: "Viagra, Cialis, Pfizer, Canadian Pharmacy"
- Click the "Save rule" button
- Click OK when you are done creating or editing filter rules.
Once you save this rule and click OK, any POP3 email messages that meet the any of conditions you added to the list will be automatically deleted from the email server. They will not re-appear, or be recoverable. This is what I call a "Judge Dredd" filter (Murder, Death, Kill).
Below, are similar rules for cPanel users (Webmasters, domain owners), to delete the same type of spam on all the domains hosted under one master account. This is private domain-based email, not public email systems.
- Log into your website's cPanel, where various categories can be managed.
- Under the section labeled "Mail" click on "Account Filtering." The page that loads should say something to the effect: "Edit Filters for All Mail On Your Account"
- Click the button labeled "Create A New Filter."
- Name your filter. In this case, use: Pfizer
- Under "Rules" click to select the options "From" and then "contains"
- In the first input field, type or paste: Pfizer
- Click the button with the + sign on the right to add another input field. Set the options to "From" - "contains"
- Type or paste in the next word or phrase to be blocked. Continue adding input fields until you are done.
- Under the "Actions" area at the bottom, select "Discard Message" from the flyout options.
- Click Save and you are done!
From that point on, whether you use the Webmail interface or a desktop email client, no message claiming to be sent from any of those block words will exist on the mail server. There won't be any bounces either. They simply go to the bit bucket in the sky!
