Link to home
Start Free TrialLog in
Avatar of mgump9
mgump9Flag for United States of America

asked on

Block spam email from zombie senders with graphic image as only content in message

Hello,

I have been getting emails in Outlook 2003 from senders who appear to be zombie senders.  The emails have varied subject lines and of course varied email addresses in the senders field so there is no way to identify them as spam using domain, email address or subject line content.  All of these spam emails have an embedded image in the message area.  This image is all that is in the message.  The image contains text (touting various stock picks for little known stocks) that at first glance appears to be just regular text but in fact is just part of an image.  Does anybody know of a method or software that works with Outlook to be able to identify spam of this variety and block it?

I am running Outlook 2003 on a Windows XP Home SP2 fully patched system.

Thanks for your suggestions.

Mark
ASKER CERTIFIED SOLUTION
Avatar of war1
war1
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi mgump9,

It might be possible to handle this with an Outlook macro.  Is that an option?

Cheers!
Avatar of mgump9

ASKER

BlueDevilFan,

What sort of an Outlook macro would you propose could be used to block these emails?

Mark
mgump9,

It wouldn't block them so much as dispose of them for you.  My thought is to check and see if the textual body of the message is empty.  If it is, then it's probably one of these messages and we could dump it straight to Deleted Items.  Or if you're nervous about that process deleting a message you might really want, then we could send it Junk E-mail.  I'm not 100% sure this is even possible.  I'd need to create the macro and then test it on a couple of messages with nothing but a graphic in the body.
Avatar of mgump9

ASKER

BlueDevilFan,

Hmmm..., that sounds like an interesting possibility.  If you can generate a macro to test for a "blank" message, I would be willing to give it a test on some of the spam I am talking about.  Do you know if something like this could be done with Outlook's Rules and Alerts or would it require a Macro?

Mark
Mark,

I think it'll require a macro.  I took a look at the list of things that can trigger a rule and there's just nothing there that looks to me like it'd catch a message with no text.  I'll put together a test macro and see if it works.  
Avatar of mgump9

ASKER

BlueDevilFan,

GREAT!  Do you want me to forward you an email or two to test it with?

Mark
Avatar of mgump9

ASKER

War1,

Sorry to have not responded to your suggestion yet.  I was trying to get a handle on the SpamCop site you mentioned.  It looks like there is some potential downside to reporting spam to this site.  Can you give your opinion about using the SpamCop.net site in this regard?

Thanks.

Mark
Mark,

Not sure what you mean by downside.  I have used Spamcop.net for reporting spam for years with little trouble.
> Do you want me to forward you an email or two to test it with?
EE's rules don't allow us to use email to work on problems.  If you can save a couple of these messages as Outlook .msg files and then place them on a web site I can get to, then I can download them and so can anyone else who wants to work on the problem.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of mgump9

ASKER

BlueDevilFan,

I tried the macro and it seemed to work.  Interestingly, I thought it was not working at first.  My Outlook Rules normally move the email sent to my email address to a named subfolder, so to test it I forwarded one of the suspect emails to myself and the macro did NOT move that forwarded email to the junk folder so I thought it was not working.  But then, I moved one of the suspect emails to the Inbox from the sub-folder and, voila, it was immediately detected by your macro and moved the spam email to the Junk folder.  Outstanding!  I am at a bit of a loss to explain why the forwarded email was not caught but I don't plan on forwarding too many spam emails to myself. :-)

So..., I think you have come up with a good answer.  The only somewhat disturbing thing is that it appears I have to respond to the Enable Macros prompt every time I start Outlook.  Is there a way to allow this macro to run but still keep other unsigned macros from running without my OK?

Thank you very much for the elegant solution!

Mark
Avatar of mgump9

ASKER

War1,

In looking at the Spamcop.net site I saw where it had a "Mole" mode and the explanation about using this mode sounded like there was a possibility of causing oneself to be the target of spammers somehow.  I frankly didn't study the explanation enough to fully understand what exactly could happen but it sounded like by reporting spam to Smapcop.net under certain conditions you could cause yourself more trouble than it might be worth.  I am all for reporting malicious activities but not at the cost of messing up my email account.

Do you understand what they were saying and can you explain what trouble their explanation might be talking about?

Thanks.

Mark
Mark, not sure what you are refering to.  Do you mean this page?

http://www.spamcop.net/reported.shtml

This is for those who have been reported for spamming.
Avatar of mgump9

ASKER

War1,

Here is the page I am referring to in the Spamcop.net web site:

http://www.spamcop.net/fom-serve/cache/373.html  (Sorry, I don't remember how to add the URL as a clickable link)

This is displayed by clicking on the "What's this" link towards the bottom of the Sign Up page:

http://www.spamcop.net/anonsignup.shtml 

Here is the contents of that page:

Beginning of text: ---------------------------------------------------------------------------------

What is "mole" reporting?
As spam defenses and spammers become more sophisticated, many smart spammers have developed very sophisticated defenses against being detected. One of the spammer's strategies is to quickly and effectively remove anyone from their mailing lists who files a spam complaint (until they want to get revenge, and then the use these "remove lists" differently). This is generally (although not always) good for the person filing the complaint, but it is bad for spam defense in general, since these activists are the only ones identifying the problem. By removing the "trouble makers", spammers too often slip "under the radar" and appear to be legitimate senders, even though the majority (or entirety) of the victims don't want the mail (they are just the ones who don't bother to make waves).

In the past, SpamCop has attempted to clean outgoing complaints of any identifying information (codes which spammers use to figure out who is reporting them). However, it has become plain that the only way to really sanitize the reports is to not send them at all. So that is exactly what we're going to do. SpamCop now offers new and existing users an option to withhold almost all data - registering reports in SpamCop's database, but never sending reports to the "ISP" (all too often, the spammer, or a spam-friendly host).

Some users may wish to file reports, and get themselves removed from any spammer's list who is sophisticated enough to remove them (and take the risk of retaliation). Others may wish to take advantage of this new SpamCop feature and become a "mole." SpamCop will then only give information about these "mole" reports as aggregate and unspecific totals. Truly consciencious ISPs will still find some value in these aggregate numbers, while the less ethical won't be able to "work the system."

It is recommended that users pick one mode or the other and use that exclusively. Otherwise, you are likely to get the worst of both worlds. For existing users who wish to become a "mole", either consult your preferences (for paying users) or re-register (for free users).

End of text: ---------------------------------------------------------------------------------

It sounds like using the "Mole" mode would be safest but I'm not sure even that is without risk after reading the above explanation.  What do you think War1?

Mark

Mark, sneeky spammers.  Yes, you cloud use the "mole" mode and not send out reports to spammer friendly ISP.
mgump9,

> I forwarded one of the suspect emails to myself and the macro did NOT
> move that forwarded email
No, it would.  The reason for that is simple.  When you forward a message it adds the To, From, Date, and Subject of the original message to the message body.  The macro only catches empty message bodies and the forwarded message body would no longer be empty.

> Is there a way to allow this macro to run but still keep other unsigned macros from running without my OK?
Yes, there is.  Self-sign the macro.  There are instructions for doing that here.  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnoxpta/html/odc_dsvba.asp  Don't be put off by the fact that this article is for XP.  It works equally well in 2003.
Avatar of mgump9

ASKER

BlueDevilFan and War1,

OK.  I got the macro self-signed per the Microsoft Knowledgebase article BlueDevilFan referenced.  Everything seems to be working fine now.

Thanks so much for your Expert help.  You did a great job of answering my every question.

I am splitting the points giving War1 50 points because of the Spamcop.net suggestion and BlueDevilFan 450 because you really gave me the answer I was after.

Thanks to both of you.

Mark
You're welcome, Mark.  Glad to be able to help.