Blocking Russian language spam with junk filter rules
I don't know if a Botnet has been mis-programmed, or if some Russian spammers have mistaken my domain for a Russian speaking domain, but I am seeing huge amounts of unreadable Russian language spam over the past month. However, I doubt that I am the only totally English speaking person in the USA who is getting this unintelligible Cyrillic spam.
The why's are unimportant to me, or to you, if you are also getting foreign language spam. A few years ago I was getting Chinese language spam, which is totally weird to look at. Both the Russian and Chinese alphabets look like something out of Star Trek to me. Most people are annoyed when they get any spam at all. But, getting spam you can't even read is worse. Since I can't read the content I have no use in looking at this crap, so I have created spam filters to automatically delete it off my email servers, and I will share them with you.
I have certain systems in place to filter out spam before I download it, but you all might have altogether different measures in place. I will outline my countermeasures, then suggest others that you may be able to use.
My primary tool in the war to secure my inbox is an anti-spam program called MailWasher Pro (MWP). It is a desktop application that intercepts all incoming POP3 email, from all of the various email servers that I use to get and send email. In my extended comments I will reveal two powerful filters that I have created, which combined will automatically delete 100% of the Cyrillic coded spam sent to my various POP3 accounts.
My second tool is my desktop email client; Windows Live Mail (WLM). This is the most recent child of the no longer supported Outlook Express email client, from Microsoft. Outlook Express died when Windows Vista was released. At the same time, Windows Mail was included with Vista. With the advent of Windows 7, Windows Live Mail is the only email client available from Microsoft, as an optional download. Unlike Outlook Express, Windows Live Mail includes a junk filter module, which receives updates from time to time. You can also block incoming messages from your inbox by applying the new "International" filter, which reads the sender's From address or language encoding. If the domain listed in the From field, or the text coding matches one on the blocked countries list, it automatically goes to the Junk Mail folder, or is automatically deleted, according to your choices.
The previous anti spam countermeasures are for people using a POP3 or IMAP desktop email client to download, read, compose and send email. But, many people are still using browser based email systems, like Hotmail, Yahoo, AOL, Comcast, Charter, and other proprietary mail systems from free mail providers, or from their web hosting companies. You folks must search out and apply any junk mail rules available from your email service. I will show you how to apply junk filters to Yahoo and Hotmail, using your web browsers.
Most web hosting accounts now come with the option to enable Spam Assassin. You can turn on Spam Assassin and add the regular expression to block any "From" address containing the domain .ru
Solutions for blocking Russian language spam
MailWasher Pro users
If you use MailWasher Pro to filter out spam before it is downloaded to your desktop email client, the following rules can be applied to block 100% of Russian language spam.
Blacklist addition: +@+.ru
Set the Blacklist options to automatically delete blacklisted addresses, without notification.
Custom filter addition:
Create a new filter, titled: "Russian Sender" (use same Status description). Set the condition to "Any rule below is satisfied." Add these conditions, each on a separate code line:
- Entire Header, Contains: charset="koi8-r";
- Entire Header, Contains: Subject: =?koi8-r
- Entire Header, Contains: From: =?koi8-r
- Entire Header, Contains Regular Expression: HELO\s.+\.ru
- Entire Header, Contains Regular Expression: \(envelope-from\ <.+@.+\.ru>\)
- Entire Header, Contains Regular Expression: Message-ID:\s<.+@.+\.ru>
- Body, Contains: charset=3Dkoi8-r
- Takes precedence over the friend's list
- Delete the mail
- Automatically without notification
Windows Live Mail and Outlook Express Message Rule
- Create a "new mail rule" (Tools > Message Rules > Mail)
- Check the condition "Where the FROM line contains people"
- Click on the blue underlined words in the edit description box below the conditions lists
- Type .ru into the input field
- Click "Add"
- Give a name to the rule, like "Russian Sender" - in the bottom input field
- Click OK to save the message rule
With WLM open click on the menu item "Tools" > "Safety Options" and set these options:
- Options Tab: Choose Low or High detection level (Low is safer)
- If, after a while, you find that there are no false positive classifications of Junk, check the option to "permanently delete junk rather than moving it to the Junk folder."
- International Tab: Click on the "Blocked Top-Level Domain List" button
- Select all undesirable country domain suffixes, especially .ru (Russia) and .ua (Ukraine)
- Click OK
- Click on the "Blocked Encoding List" button
- Check unwanted language encoding types, especially "Cyrillic"
- Click OK
- Click OK again to close the Safety Options
If you have not opted to permanently delete suspected Junk mail, be sure to check all messages that appear in the Junk folder, whenever you check for new mail. If a legitimate message ends up in the Junk folder, right click on it in the list and choose the option "Mark as not junk." If the email is already open, click on the button labeled Not Junk, on top of that email message, The message will instantly be moved to your Inbox. Find the email in the Inbox and right click on it and select: "Add sender to safe senders list."
Microsoft MSN Hotmail
Sign into your Hotmail account. Click on the upper right side link labeled Options, then on the drop down link: More Options. Click on Filters and Reporting. Select the "Low" level of detection option (only Obvious junk e-mail is sent to the junk e-mail folder), then go to the next section, "Select when junk mail is deleted," and if you are confident in the Hotmail junk filter accuracy, select "Immediately." Select Report Junk to help others, then click Save, in the lower right.
Yahoo! Mail
Login to your Yahoo! Mail account and click on the upper right side link: "Options," then on "More Options," from the flyout list. Click on the "Spam" link in the left sidebar. Make sure you have a check mark to "Automatically send suspected spam to my Spam folder." Choose a time interval to "Empty Spam folder" (choose Once a week or Immediately).
Next, click on the sidebar link for "Filters." Click to "Add A Filter" and name it "Russian Sender." In the first input field select "Sender" with the action: "Contains" and the variable entry: .ru. Choose the folder where you want Russian senders to be routed. I selected Trash, but you may prefer the Spam folder. Now click on the upper left button labeled: "Save Changes."
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.