cancel
Showing results for 
Search instead for 
Did you mean: 

User configurable server side mail filtering?

driveconsultant
Grafter
Posts: 164
Registered: 03-08-2007

User configurable server side mail filtering?

I hate to keep banging on about different aspects of spam (should we have a separate forum category) but...

I have been looking at the contents of some spam messages, and I am a little bit baffled. A lot of them have the "To:" field set to mail addresses that I no longer use, but the envelope field is set to my main personal mailbox name. This brings up a few questions in my mind:

Why is this happening? Is it some weird setting at PN that is causing mail to some old addresses to be forwarded to a real address? (my catchall is off). Or have the spammers somehow made an association between these addresses and used my real address in the BCC field? How could this happen, and if so, why would they do this rather that just sending the spam to the real address?

Is this happening to other people too?

I would dearly love to have the facility to filter these on the mail server before it even hits my mailbox. I would happily permanently delete all mail with certain addresses in the "To:" field, although I would not be happy to delete all spam unchecked (paranoid about false positives). Is this a feature that could be added at some point in the future?
4 REPLIES
Community Veteran
Posts: 1,264
Registered: 04-04-2007

Re: User configurable server side mail filtering?

Unfortunately, the way this is done is part of the SMTP mail protocol.

As part of the SMTP Transaction, you specify a number of items before the message:

mail from: me@mydomain.net

which shows the email address of the sender and

rcpt to: you@yourdomain.net

which is the email address you want the email to be delivered to. You can specify multiple numbers of these.

However, the To: Header and the From: Header that email clients use to display to you are set separately. When the mail client starts sending the email, it uses:


data
354 End data with <CR><LF>.<CR><LF>
To: jimmy@example.com
From: bill@example.com
Subject: Testing

Hello
.


In that example above, the email would be delivered to the you@yourdomain.net email address, but when the email arrives, it would be shown as sent to jimmy@example.com in mail clients - only if you viewed the source of the email would you (probably) be able to see where it was sent.

There isn't really a lot that can be done to stop this - and many websites make use of this to send bulk emails - the emails always show as being sent to something@domain but is actually delivered to the customer base.

You can, currently, blackhole the bit before the @ sign using the "Manage my Mail" tool, although this won't help if you are also receiving legitimate email to that address.

You can also set any mail tagged as [-SPAM-] by our Spam checking system to be delivered to the Spam folder of your email account, accessible using Webmail or IMAP in your local client.

Regards,
Colin
driveconsultant
Grafter
Posts: 164
Registered: 03-08-2007

User configurable server side mail filtering?

Thanks Colin for the dummies guide to SMTP.

Unfortunately I already know those details and it didn't really answer any of my questions. You can see from the terms I use in my posting that I understand about headers and envelopes. I have almost 20 years of Unix Sysadmin experience.

I can't blackhole the "bit before the @ sign" because it is my main real address that I give to real people. I was most upset when this started receiving spam because I managed to keep it spam free for years. Now it receives a huge amount of spam (not because of the PN webmail incident - probably just because it is my name and it got guessed). I also understand all about how PN's spam filtering system works, and am using it in the way that suits me best.

To reiterate, the gist of my questions was:

(1) Why are spammers falsifying the To: header to be one of MY defunct (old, previously used, now deleted) email addresses, then setting the envelope to another of MY email addresses, when they could just have sent the email to the address that works?

(2) Is there any chance of PlusNet providing server side filtering to allow me to delete messages based on headers such as the To: field (rather than who they were actually sent to).
Community Veteran
Posts: 1,264
Registered: 04-04-2007

User configurable server side mail filtering?

Quote
(1) Why are spammers falsifying the To: header to be one of MY defunct (old, previously used, now deleted) email addresses, then setting the envelope to another of MY email addresses, when they could just have sent the email to the address that works?


Not being a spammer, I have no idea :lol:

I can only assume that the reason for doing it is to try and still get the spam through?

If you have a collection of x addresses at a domain, I can see it being potentially worthwhile to go through and trying to use different Envelope Addresses that aren't in the To header since, I'd imagine, the majority of people don't know about Envelope headers etc. so just filter on the To: line in their mail client.

I do agree that it's very annoying, though!

Quote
(2) Is there any chance of PlusNet providing server side filtering to allow me to delete messages based on headers such as the To: field (rather than who they were actually sent to).


I can't answer that, and I'm not in the office at the moment so can't help I'm afraid.
Ianwild
Grafter
Posts: 3,835
Registered: 05-04-2007

User configurable server side mail filtering?

I can't be sure, but surely this is a case of spammers using one "To" address and potentially hundreds of BCC addresses all in the same mail. You are only seeing the BCC's that arrive in your mailbox because those copies of the mail have a valid envelope.

Would that explain better what is happening to you?

Ian