cancel
Showing results for 
Search instead for 
Did you mean: 

Something's not right - Why not allow "To" address filtering

tris
Grafter
Posts: 32
Registered: 13-12-2008

Something's not right - Why not allow "To" address filtering

Having just tried IronPort for a few days I can say it's been a terrible failure for me. From getting about 2,000 spams a day to none is great but then again I'm getting less legitimate emails and I've no real way of reviewing what was filtered out as I'm getting variable results from Quarantine and even then only a few of the 2,000 are showing up there. Yes, I did have Edge turned on at first but I turned that off and then redirected the spam to me so I could review it for false positives, but still only a few emails coming through.
I gave up on Postini a long while ago as it was just too difficult to review  the six domains I have including the PlusNet one. Postini allowed reviewing spam using the "To" field which was great for me but I see IronPort does not. The IronPort email notifications are basic and would mean I have to log on to each domain which confusingly seems to be with my PlusNet's part of the domain before the @ symbol even though I do not use that for my other 5 domains. Even when I do log on to IronPort I see just about 20 filtered spams for the last few days when normally that might have been about 2,000 per domain! This might be something to do with Edge Protection which I turned off with no noticeable difference but I might not have given things long enough to see the change?
I have now completely turned off the new system as I do not trust it and I'm certainly losing emails with no way of checking what's happened. I'm going back to my trusted way of downloading everything at great download expense (100's of MB's worth per week) and having Thunderbird just filter everything based on a "blacklist" I have been able to create by the simple fact that most junk comes "To" the same old email addresses in my catch-all's for each domain.
It's not rocket science what I need to filter my spam, in fact most of the junk I get is not "to" any of my legitimate email addresses. The spam is mostly to addresses that have been made-up by the spammers (approx 130 in all) based on my domain names that got released when PlusNet got hacked all that time ago and I get junk from variations of all the email address across each of my 6 domains. Since the hacking of PNet I changed my email addresses and it's easy to filter those addresses by the simple "To" field or the occasional "Envelope to" field. This would account for over 90% of all spam I have received over many years!
What I don't understand is, that on all your set-ups of white/black lists, spam setting this & that, etc., why is it always "From" fields that I would have to enter? As everyone knows, the spam's "From" addresses change all the time, whereas it's the "To" fields I'd like to tell Plusnet to reject! - This would remove over 90% of my spam and I dare say the same for many others.
It wouldn't work for me to simply allow just a few certain defined email names through as that's not how I use some of my domains. e.g. I have one that I use for all contacts with businesses and mailing lists etc. that has a constant first part, say "xyz" then a second part based on that company's name, eg xyzplusnet@mydomain.com. So over the years I have many variations on those email names for each different company and it would be impossible for me to list or even remember them all for a white list. If ever one of the companies passes on that email address or has it hacked from their systems then I just blacklist that company. In fact I've only had this happen with one company in years of using this method. A simple wildcard filtering system would be very useful in this respect, then I could simply filter out anything that doesn't have the "xyz" prefix
Likewise It would be an administrative nightmare to provide a list of all allowed "from" people. All that's really needed to combat spam is a simple way for me to tell PlusNet "To Whom" I definitely do not want emails in all my catch-alls and then most of my junk email problems would be gone!
Any chance of something so simple as "To" filtering, rather than all these complicated other systems that just seem to be the reverse of what I need and don't seem to work properly? - Hope I've not missed the obvious in terms of what's available vis PN's settings but I can't find it
Many thanks
Tris
 
5 REPLIES
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Something's not right - Why not allow "To" address filtering

[Sarcasm mode on]
I was one of the first to migrate and the powers that be who did a superb test of the system before we got it cant understand why I dont know what mail I have lost from big companies at irregular intervals, I to have tried looking in my spam folders for false positive and cant find any, - the answer has been, they might be bouncing back to the sender - Ha Ha as if the sender cares
I currently have Edge off, that supposedly cures the probem
I am not a Quarantine user, but from other threads it doesnt  seem to be working 
I did have black and white lists, now the info is that they dont work either

from one of my suppliers - who has been a false positive in the past
Quote
Support and assistance
In every Newsletter for many many months we used to have a big red banner at the top asking our readers NOT to reply to the Newsletter email address and every Newsletter we would get a few dozen emails! Please don't!

The Newsletter email address is not routinely monitored. On publication day and for a few days after it is bombarded by Out of office replies (a Microsoft idea which is pointless and just clogs up mail systems with 'I'm not here' Messages or "I've received your message but am not here"!!) This means we get 20,000+ emails all saying 'I'm out of the office" and so any genuine email asking for help that is sent to this address is easily lost in the quagmire. We publish a support address below, please use that if you need help that cannot be provided in the forums.

Our forums are the very best place to get assistance with any GPS problems you may have, read by 200,000+ members you are assured of a quick reply and expert assistance from those best able to help, real users who have been there! We also maintain a permanent presence in the forums and assist wherever we can. For subscription issues there is also a dedicated forum but if you have lost your login details or have payment problems then we're also only an email away at

[/sarcasm mode off]
Community Veteran
Posts: 26,357
Thanks: 607
Fixes: 8
Registered: 10-04-2007

Re: Something's not right - Why not allow "To" address filtering

Can't you get rid of a lot of the spam by creating a redirect to the blackhole on the redirects tab of MMM?
The other alternative is to redirect to an invalid email address which will then get bounced.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
tris
Grafter
Posts: 32
Registered: 13-12-2008

Re: Something's not right - Why not allow "To" address filtering

Thanks for the suggestion Jelv,
On more than one occasion I have rung PN to ask if I can filter the "To" addresses and I've been told it's not possible. Your simple suggestion has occurred to me before although I'd forgotten about it for various reasons as listed below. I should at least use it for some of the obscure "To" addresses being used and it will certainly help remove a lot of the junk although it's a rather laborious process to do. It could certainly be made simpler particularly with the amount of copy and pasting I'll have to do from my blacklisted items as they occur through to entering the spam store address I like to redirect junk to on google-mail.
However, redirection seems to have one basic limitation in that it it works across all my domains rather than on a per domain basis, therefore if I filter/redirect "webmaster", "help", "mail" or "whatever" then all of them for any domain will get blackholed whereas I may want and indeed do have at least one domain that will need some of those not to be redirected. Also since the leak of names from PN a while ago I get a certain amount of "cross-contamination" of names the spammers picked up on so whilst "Dave" might be okay on one domain, I see "Dave" being used on the other domains so a "global" redirect doesn't work as well as a "local" one might. 
Also the is no way to wildcard filter all those emails that don't start with my "xyz" prefix that I mentioned earlier. On top of that, there seems to be no way to filter those spam emails that have the "Envelope To" field set differently that otherwise get through my normal Thunderbird filters.
Is it just me, or would others find these basic methods for filtering useful? All these glorified Postini, IronPort, Edge, White/Black list "From" settings seem pointless unless there is a basic set of initial presorting options before I can begin to let the the more sophisticated methods loose on my email and even then, I don't trust them at all to not filter out stuff that I do want! - If I could have my basic filter idea then, as I say, 90% of my junk would disappear without any automated systems making decisions for me and not telling me what they've done!
Thanks
Tris
Community Veteran
Posts: 26,357
Thanks: 607
Fixes: 8
Registered: 10-04-2007

Re: Something's not right - Why not allow "To" address filtering

You have the same problems as me (although I only have two additional domains). There are a couple of prefixes I have that are valid on one domain but only get spam on another. Sad
All of the redirects/aliases/mailboxes work on the envelope to as this is the only thing available when you receive an email via BCC. You should code your Thunderbird filters based on that field (you have to pick customise where you normally select Subject, To etc and add the new header to be checked).
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
tris
Grafter
Posts: 32
Registered: 13-12-2008

Re: Something's not right - Why not allow "To" address filtering

Oh, right. -  I'd just been setting the qualifying fields in TB filters as "To", "is" & the full email address, then I found a few that had different envelopes for the ones that come in as recipient "names" and no visible email address. - So you're saying just change them all the "to's" to "envelope to"?
I found that for some weird reason Thunderbird was filtering legitimate emails sent to multiple recipients when I used the "contains" and just an element from the email prefix rather than the full name and domain.  This was even though I could find no common thing in the emails matching the filters so now I just always use the full email address.