My mailwasher filter list

My mailwasher filter list

I've tried to make this easier to set up now, and you can find my filter list ready to download or copy and paste here filters.txt but it might be worth you opening it in a seperate window to make it easier to follow my descriptions :-}

I've revamped my filters quite considerably lately, and will omit some of the more personalised ones I had set up for myself (such as names in the "To:" field that are not me, but appeared regularly). They might not be as intuitive to look at initially, but stick with it - you'll get the idea !

Note that if you have people in your friends list from anything that would otherwise be marked as spam by my filters, they will still get through - I never overrule friends !

Regular Expressions (RegExp) feature heavily now - its a powerful way to look for specific features in plain text - my main use is in capturing IP ranges to mark as spam by default. I'll try to explain how they work a little later on :-}

SUBSCRIPTIONS TO MAILING LISTS
If you have any subscriptions to mailing lists add them at the top of the list - you can make sure they're at the top using the +/- sign in the mailwasher filter config to move it up and down through the list

MORE THAN 6 RECIPIENTS = SPAM *NEW*
This will trap multiple TO: or CC: addresses - 6 or more email addresses in either field will mark it for deletion using a RegExp (thanks for this go to someone on TheBat! mailing list - its a great email program)

An example of a regexp follows on the next line
(\(|\[)86\.((12[8-9])|(1[3-8][0-9])|(19[0-1]))\.

It looks messy at first, but if you break it down (and I try to give hints in my filters as to what they do) they can be followed fairly easily - the above example will "trap" anything in the IP range from 86.128.0.0 to 86.191.255.255

Starting off, the \ character tells it to match the next character exactly, and the | character is an "or" function - I check for a ( or [ character initially, and have this comparison in brackets to seperate it from the rest of the search criteria.

Then it checks for 86 followed by a "." - in this example, I then have a "multiple choice" as I did for the opening bracket, but compare three patterns of data. The three choices are contained within an outer set of brackets, but each "pattern" is within its own individual set of brackets. Square brackets [] can be used to look for a range of letters or numbers, so (12[8-9]) will look for 128 or 129 - and you can use more than one set of ranges in a "statement" - so the next part with (1[3-8][0-9]) will match for any number between 130 and 189

I'm no expert on regular expressions unfortunately, and I still need assistance from time to time myself - fortunately, there are lots of free guides available online !

AfriNIC, APNIC 1, APNIC 2, APNIC regexp, LACNIC
This will match known IP ranges from Africa and the Asia Pacific regions, as well as Latin America

ROLEX
These have featured heavily in spam, so I decided to throw a filter of its own in !

(UNKNOWN [
Many spam mails will have "(unknown [" in the header - whereas legitimate emails from a normal ISP will have that ISPs' identity shown.

SPAMMING ISP BLOCKS
This takes care of some domains that have sent me garbage in the past - these could be adjusted to suit if you notice the same domains appearing regularly
You can probably leave this section in as-is for now but you might want to tweak it if you know someone from the ISPs involved and they aren't on your friends list yet.

ISP REGEXP BLOCKS *NEW*
As i've come across spam from some of the larger ISPs (particulary american ones !) i've marked them for deletion by default.

COUNTRY REGEXP BLOCKS *NEW*
As above, but for specific countries where the size of the IP range was worth the effort to block.

GENERAL REGEXPR 1
Targetted mainly at fairly common subject lines

BANK PHISH REGEXP
Depending on how you have your email account(s) set up, and which bank you happen to be with - you might want to edit this to suit or remove it entirely. I get lots of phishing attempts to email addresses I don't use on banking sites, so if particular bank names appear addressed to an account I don't use for those banks, it has to be spam.

EBAY PHISH 1
This will look for a common attempt held in the body of the email where it will display an image and redirect to a fake site using the MAP NAME feature in html

WEIRD CHARACTERS
I don't speak chinese or korean, or whatever the hell these characters are, so its no use to me !

WEIRD FONTS
As above, if an email tries to force an unusual character set, I kill it.

BODY TEXT & WWW BLOCKS
These look for specific words, phrases or website addresses in the body of the email, and flags for deletion if found

MY DOMAINS
If you own your own domain name, and all your other filters have still left mail not flagged something addressed to it for deletion, mark it as legitimate.

UNDISCLOSED RECIPIENTS
If someone hides the fact they're sending you email, the odds are its spam.

MAIL NOT TO ME
Edit this to suit your own needs - enter all your email addresses in this filter, because if after everything else, it hasn't got a legitimate email address for you in the header, its spam.