We help IT Professionals succeed at work.

Outlook rule for removing Spam

mihaisz
mihaisz asked
on
I am getting from time to time emails that have this kind of text in the From field: ViagraAuthorized-Store aecihogyh1599@btcentralplus.com

The header looks like this:

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
      linvps13.isomedia.com
X-Spam-Level: ***********
X-Spam-Status: Yes, score=11.7 required=5.0 tests=CMAE_1,HTML_MESSAGE,
      MIME_HTML_ONLY,MISSING_DATE,MISSING_MID autolearn=disabled version=3.2.5
X-Spam-Report:
      *  0.0 MISSING_MID Missing Message-Id: header
      *  0.0 MISSING_DATE Missing Date: header
      *  0.0 HTML_MESSAGE BODY: HTML included in message
      *  1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
      *   10 CMAE_1 Cloudmark CMAE detected spam
Received: (qmail 3615 invoked by uid 110); 11 Jun 2010 13:53:50 -0700
Delivered-To: 30-support@....com
Received: (qmail 3611 invoked from network); 11 Jun 2010 13:53:50 -0700
Received: from linhost03.isomedia.com (HELO btcentralplus.com) (207.115.64.106)
  by linhost03.isomedia.com with SMTP; 11 Jun 2010 13:53:49 -0700
Received: from btcentralplus.com (host86-129-187-251.range86-129.btcentralplus.com [86.129.187.251])
        by linvps13.isomedia.com (8.12.10/8.12.10) with ESMTP id j6OPGs0646279
        for <support@....com>; Fri, 11 Jun 2010 13:53:50 -0700
From: ViagraAuthorized-Store <aecihogyh1599@btcentralplus.com>
To: support@....com
Subject: Dear support! Discount marathon continues! 80% off. the in believers not
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"


I’d like to set up a rule that would delete any email that has ‘viagra’ in the From field or in the header in general.

For some reason this is not working.

I have Outlook 2010, but it was the same situation with Outlook 2007.
Comment
Watch Question

Steve AgnewSr. Systems Engineer

Commented:
Go to the New Rules, click on the advanced button see images below

rule.step1.jpg
Steve AgnewSr. Systems Engineer

Commented:
Step 2, below, and then you don't need any exceptions do you, if so fill them in, like maybe from your boss or best friend, spouse etc.. just in case they forward you something you may want... otherwise click finish and yer done.
rule.step2.jpg

Author

Commented:
It won't catch it...For some reason it does not look in the 'friendly name' before the email address:
From field: ViagraAuthorized-Store aecihogyh1599@btcentralplus.com

Maybe because the spammers succeded somehow to hide info from the header? (see email properties above with    *  0.0 MISSING_MID Missing Message-Id: header)
Steve AgnewSr. Systems Engineer
Commented:
That would be how outlook would do it, an Exchange 2007 or above server has better tools that can match a text pattern anywhere in the email, headers etc.. so you might want to get your System Administrator to add it for the entire Exchange server as I do for my clients:

Organization Configuration / Hub Transport / Transport Rules

ex2007.transportrule.jpg
Steve AgnewSr. Systems Engineer

Commented:
Also did you look closely at the rule, I did use Outlook 2010 .. it matches any 'word' in the senders address.. not sure if that's in your version of outlook or not.. but it should catch it.. the best way of course is to have your exchange server do it as I described in comment above.
Steve AgnewSr. Systems Engineer

Commented:
Oh there was an error in that rule to, it should be 2 rules, one for in the senders address, and then another one with the subject or body.. since it might not be in both, it would need to be to seperate rules I didn't notice it used 'AND' and not 'OR'

Author

Commented:
The outlook rule still din't work, but I've set up the Exchange rules and I'll watch it for a couple of days.
Maybe because the spam is comming on a POP3 email address and not the main Echange address.
Steve AgnewSr. Systems Engineer

Commented:
The rules generally only work for the primary account which is usually Exchange.  If you want outlook to process rules for POP3 I think you have to put the POP3 account in first when setting up your profile making it the primary.
Top Expert 2010

Commented:
Hi, mihaisz.

I use the script below to take care of this.  It moves messages that contain any of the kill words/phrases to the junk items folder.  It works well.  If you want to give it a try, then follow these instructions to add it to Outlook.

1.  Start Outlook
2.  Click Tools > Macro > Visual Basic Editor
3.  If not already expanded, expand Microsoft Office Outlook Objects and click on ThisOutlookSession
4.  Copy the code from the Code Snippet box and paste it into the right-hand pane of Outlook's VB Editor window
5.  Edit the code as needed.  I included comment lines wherever something needs to or can change
6.  Click the diskette icon on the toolbar to save the changes
7.  Close the VB Editor
8.  Click Tools > Trust Center
9.  Click Macro Security
10. Set Macro Security to "Warnings for all macros"
11. Click OK
12. Close Outlook
13. Start Outlook.  Outlook will display a dialog-box warning that ThisOutlookSession contains macros and asking if you want to allow them to run.  Say yes.

Dim WithEvents olkInbox As Outlook.Items

Private Sub Application_Quit()
    Set olkInbox = Nothing
End Sub

Private Sub Application_Startup()
    Set olkInbox = Session.GetDefaultFolder(olFolderInbox).Items
End Sub

Private Sub olkInbox_ItemAdd(ByVal Item As Object)
    'Edit the next line as desired.  You can add as many words/phrases as you want.'
    Const KILL_WORDS = "cialis,viagra,replica watch,shipped privately And discreetly"
    Dim olkMsg As Outlook.MailItem, arrWords As Variant, varWord As Variant
    If Item.Class = olMail Then
        Set olkMsg = Item
        arrWords = Split(KILL_WORDS, ",")
        For Each varWord In arrWords
            If InStr(1, olkMsg.Subject, varWord) Or InStr(1, olkMsg.SenderName, varWord) Or InStr(1, olkMsg.SentOnBehalfOfName, varWord) Then
                olkMsg.Move Session.GetDefaultFolder(olFolderJunk)
                Exit For
            End If
        Next
    End If
    Set olkMsg = Nothing
End Sub

Open in new window

Author

Commented:
I just got an email from "Really CheapViagra online <rysol5545@comcast.net>", so it looks like I didn't set it right..I attached a picture from my VB editior.

The Oulook is connected to an Exchange server, but the spam is coming from another POP3 mail that I have added to my Outlook.
Should the script work on all  emails that come to my inbox?
2010-06-14-102236.jpg
Top Expert 2010
Commented:
Yes, the script works on all messages that arrive in the inbox.  The account they come through is immaterial.  The code checks them when they are added to the inbox folder.  The problem may be because the test in the code I posted is case sensitive.  I just changed it to be case insensitive.  Replace the olkInbox_ItemAdd subroutine with the one below and let me know what happens.
Private Sub olkInbox_ItemAdd(ByVal Item As Object)
    'Edit the next line as desired.  You can add as many words/phrases as you want.'
    Const KILL_WORDS = "cialis,viagra,replica watch,shipped privately And discreetly"
    Dim olkMsg As Outlook.MailItem, arrWords As Variant, varWord As Variant
    If Item.Class = olMail Then
        Set olkMsg = Item
        arrWords = Split(KILL_WORDS, ",")
        For Each varWord In arrWords
            If InStr(1, LCase(olkMsg.Subject), varWord) Or InStr(1, LCase(olkMsg.SenderName), varWord) Or InStr(1, LCase(olkMsg.SentOnBehalfOfName), varWord) Then
                olkMsg.Move Session.GetDefaultFolder(olFolderJunk)
                Exit For
            End If
        Next
    End If
    Set olkMsg = Nothing
End Sub

Open in new window