Tips for sorting your MailWasher Pro spam filters
March 9, 2019
If, like me, you use Firetrust's MailWasher Pro to screen your incoming email for spam, scams and malware, you may have discovered that it allows users to create custom spam filters. This article will give you some tips to get the most out of your custom spam filters.
The program, currently at version 7.12.1, ships with 4 default spam filters that one can customize, add to, enable, or disable. The most important of them is the first one: "Restored Email" - which comes into play after an email has been deleted to the MailWasher Recycle Bin and you later decide that you want it delivered to the Inbox. The filter description says: "Will ensure any email you restore from Recycle Bin will come through marked as good and not marked for delete." You should keep this filter enabled.
The Restored Email filter stops all further filter processing, allowing that restored email to appear and stay in the Inbox and not be automatically deleted by another filter. This is because MailWasher filters are processed from the top on down.
The second default filter is named: "Language Filter" and it is used to block non-English language character sets. The description says: "Currently set for many non Latin languages. You can edit this filter to your own preference." The single rule has a drop down arrow on the right side that opens a menu of languages to block, each prefaced with a checkbox. Select all those you want deleted and press Save.
The third default filter is labeled: "Not to me." The description is: "Looks for messages that are not addressed to you on either the To or CC lines. You need to edit this to include all your own email addresses in use." There are three sample email addresses that need to be changed or deleted. Add as many of your email addresses that you want this filter to inspect. I would use this filter with caution because a lot of professional email lists may not show individual email accounts in the To field. If you enable it, don't set it to auto-delete or you may end up restoring legitimate emails from the Recycle Bin.
The last and newest default filter is called: "Hide & Delete." You have to edit the rules to include sender email addresses, subjects, domains, and/or TLDs that you want hidden and/or auto-deleted upon arrival. These actions are chosen by clicking on the "Actions" tab on top of the filter.
Those are the default filters that come with MailWasher Pro. The rest of this article delves into custom, user created filters.
I recommend keeping the default filters at the top of your custom filters list. Begin adding new filters after them. You can get a good insight into custom filters by examining my own Wizcrafts' MailWasher Pro Email Spam Filters. The page has a good description of the rationale behind my spam filters and has a download link for Filters.xml as well as an iframe containing the full set for you to read through. You can copy and paste right out of the iframe.
Some of the higher up filters deal with the most current types of spam, scams and malware attacks. They include the ongoing hacker extortion scams. Others block Russian dating scams, some block Chinese senders while others detect malicious attachments or links to dangerous domains. A little further down are groups of filters that detect Nigerian 419 scams, weight loss scams and Pyramid stock schemes.
The fastest filters search the email headers, not the body. Whenever possible, create or borrow filters from me that examine the headers before adding body text filters. The headers contain From, To, Reply-to, Subject, Date and Received from fields that can expose unwanted sources, spam domains, failures to validate and other details that can be used to filter out unwanted or dangerous email. MailWasher Pro makes it easy to read the email headers by simply previewing incoming or deleted messages, then clicking on the "Source" tab. The source begins with the headers, followed by one or more blank lines, then the body text, or base64 text, or an image.
The filters use individual lines of rules that are added in sequence from the top down. The rules can be processed as either ALL or ANY to be matched. Once matched, the Action you choose in the Action Tab takes effect. Each rule has three sections, from left to right. The first choice has a large group of drop down options for various headers or the body, or even the entire message to be evaluated. The second group is: "Contains," "Doesn't contain" and "Is." The third group offers two choices: "Plain text" or RegEx."
For instance, to block a known, current phishing scam, you can have a rule that says "From" > "Contains" > "plain text" - followed by an input line containing: "F-acebook" and the Action could be set to: Auto-Delete. The next time a phishing scam arrives with that misspelling of Facebook in the From field, it will go straight to the MailWasher Recycle Bin. If for some strange reason you decide you want to have that obviously deceptive email back, click on the Recycle Bin tab, highlight that message, then click the big Restore button*. MailWasher will attempt to send the message back using the same credentials you inputted when you set up your email accounts in MailWasher's initial setup.
That's all I have time for right now. I will continue these spam filter tips in a follow-up article on my blog.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.