blocking sender options?
Alsenor
any effect in my WLM client.
I have repeatedly chosen to block junk mailers addresses and/or domains, but
they keep arriving.
Why is that?
Tester
If you are talking about blocking in your ELM 2009 or 2011 then the
answer is "you can't" because all you can do is to filter them out into
your trash or somewhere else.
If you want to delete them completely before reaching your mail box then
you need to go your webmail account and then do it from there. For
example in hotmail you can block the entire domain like @mydomain.info.
So if someone called john....@mydomain.info send you a mail then his
mail won't reach your mail box.
hth
Bruce Hagen
send to Deleted Items, or Delete it and you will never see it at all.
To block a domain, create a Message Rule:
Where the from line contains people
Delete it and Stop processing more rules (or Delete it from the server)
Click on Contains People and Add the domain. Ex: @yahoo.com.
--
Bruce Hagen
MS-MVP Oct. 1, 2004 ~ Sept. 30, 2010
Imperial Beach, CA
"Alsenor" <als...@ggholiday.com> wrote in message
news:eNnkp.278$zn....@newsfe19.iad...
...winston
Signing on with a Live ID in WLM ?
--
...winston
msft mvp mail
"Alsenor" wrote in message news:eNnkp.278$zn....@newsfe19.iad...
Alsenor
clients, like OE.
However, what the heck are the junk mail icon options ( "add sender to
blocked sender list", and "add sender's domain to...:") good for?
Would one not have reason to believe that this actually works?
"Bruce Hagen" wrote in message news:imt3r5$8m3$1...@dont-email.me...
...winston
with a Hotmail account setup using the DeltaSync protocol (http) when that
same Hotmail account Live ID is signed on to Windows Live in WLM. Doing so
yields the best performance by ensuring that the safe and block senders
list are common between the local client and the web UI (+ changes made in
either are sync'ed to ensure commonality).
I.e. It's 'Live' mail. The ability to setup pop3 and IMAP accounts are
secondary as well as the performance/settings found on the Safety Options.
Also related, unlike Outlook, there are no updates to the WLM Junk Filter.
If using Pop3 or IMAP and not Hotmail...for best results configure your
junk settings in your account providers web interface to ensure junk is not
delivered to your web Inbox and downloaded to the account in WLM.
--
...winston
msft mvp mail
"Alsenor" wrote in message news:1nrkp.3239$sS4...@newsfe11.iad...
VanguardLH
http://groups.google.com/group/microsoft.public.internet.mail/msg/38cee84457b22350?dmode=source
> Why is that?
Oh, you thought spammers were good netizens in always using their same
true e-mail address. Uh huh. How can you block on an ever changing
value? Blocking on an e-mail address won't work against spam.
Alsenor
I can easily see what the address or domain of a sender is.
I also know that I can block anyone at my own domain mailbox.
But WLM promises a simpler, quicker method by offering the junk mail icon.
"VanguardLH" wrote in message news:imtq62$t19$1...@news.albasani.net...
Alsenor
of blocked senders there is a check boxes under "When I click 'Delete and
block':" offering "Bounce the blocked messages back to sender". However, I
can't find anywhere to click "Delete and block" in WLM!
"Alsenor" wrote in message news:VEukp.3335$sS4...@newsfe11.iad...
VanguardLH
> Furthermore, in >junk icon>safety options>blocked senders, below the window
> of blocked senders there is a check boxes under "When I click 'Delete and
> block':" offering "Bounce the blocked messages back to sender". However, I
> can't find anywhere to click "Delete and block" in WLM!
The bounce feature in any e-mail client is very stupid and irresponsible
primarily because ignorant users will actually believe the software
author is providing an appropriate feature and that it will somehow it
will avoid further spam. Spammers do not use their own e-mail address.
Instead they use a bogus one (which may be a valid e-mail address for
some user) or they use one that they've already stolen and is often
included in the recipient list of e-mail addresses. Spammers change
their e-mails every time they spew so blocking on the one they used last
time won't eliminate getting their crap when they next spew. Spammers
rely on the ignorance of e-mail users that believe using blacklists
and/or bouncing by the sender's claimed e-mail address has any effect on
reducing received spam.
- Blocking by the sender's e-mail will NOT eliminate spam in your
mailbox. The spammer's e-mail address changes at their will.
- Bouncing based on the return-path headers in an e-mail will NEVER hit
the spammer. Only boobs think the spammer will identify themself.
YOU are not connected during the mail session between the sending and
receiving mail servers so you have absolutely no means to guarantee of
knowing from the return-path headers (e.g., From or Reply-To) as to who
sent you. The sender can put anything they want in there. Even mail
servers that first accept a message, end the mail session with the
sending mail host, and then check afterward if the e-mail address is
valid or not and then try to send a *new* message back to the sender
will get it wrong. If a valid IP address of the sender is included in a
Received header, that does NOT provide you with an e-mail address to
which you can bounce back their spam. You cannot rely on the
return-path headers to guarantee identifying the true sender. These
bounces are sent blind!
The spammer isn't going to identify themself to receive that bounce. Now
consider that only aren't you the receiving mail server but you are even
further removed from the mail session between the sending and receiving
mail hosts. There is nothing in your e-mail client that can absolutely
guarantee who is the sender of the spam you got in your Inbox, so
bouncing it anywhere means wasting bandwidth for you to send the bounce,
disk space and bandwidtch by your mail server to attempt to deliver your
bounce, disk space and CPU cycles for the receiving mail host to accept
your bogus bounce mail, and some innocent getting slapped with your
misdirected bounce (which, by the way, can be reported to blacklists as
backscatter and get you blacklisted).
Think about it for all of 10 seconds, if even that long. Would you like
to be the victim of a "mail bombing" because some spammer usurped your
e-mail address, sends out a million copies of their crap with you
identified as the sender, and then all those boobs using e-mail clients
with a bounce option end up filling your mailbox with all their
misdirected bounces?
Any e-mail client that provides a bounce option are irresponsible
software authors. Ignorant users sending misdirected bounces are
irresponsible e-mail users. Have a read at:
http://spamlinks.net/prevent-secure-backscatter-fake.htm
http://spamlinks.net/prevent-secure-backscatter.htm
Warning: If you send me backscatter, like misdirected bounces which to
me are unsolicited and hence spam, I will report you to blacklists, like
at SpamCop, for your irresponsible and ignorant use of flawed anti-spam
schemes. If you punish me with your backscatter, I will punish you! I'm
not the only one with this attitude. There are plenty of spam reporters
out there and they will report you, too. It is not up to the rest of us
to placate your sensitivity for your spam problem by being your victim.
Get a responsible anti-spam solution.
VanguardLH
> Don't assume that I am a naďve newcomer to this stuff.
> I can easily see what the address or domain of a sender is.
> I also know that I can block anyone at my own domain mailbox.
You are naive. Why? Because you insist on adding e-mail addresses of
spammers to your blacklist but which is NOT their e-mail address nor the
same one everytime they choose to spew their spam. How much spam have
you ever received that uses the SAME e-mail address each time? Only a
neophyte spammer would use the same e-mail address everytime they spewed
but they learn quickly to correct that mistake. Marketers or business
"with which you have an established business relationship" which
disqualifies their e-mails as spam will use a constant e-mail address.
You may see them as spam but they aren't legally spam but instead just
unwanted e-mails.
The domain is part of the e-mail address. Spam can say its sender is
from Hotmail, Gmail, Earthlink, Comcast, Verizon, AT&T, Yahoo, or
whatever the spammer wants to claim is the domain. You go adding
domains used by the spammer which blocks e-mails from everyone else at
those domains - and are not the domains from where the spam was sourced.
If you really weren't naive then explain from which header you get the
sender's e-mail address? It may be in the Received headers. The From
and Reply-To headers are *data* added by the spammer's e-mail client and
can be whatever the spammer wants it to be. SMTP was designed under a
trust model. There is no guarantee that any header in a received e-mail
will accurately identify the source of an e-mail. Even the Received
header may only trace back to an open proxy, hijacked account, or
temporary/disposable account but often the DNS blocklists (Spamhaus,
Spamcop) will list those as spam sources (but spam sources are listed by
IP address, not by a bogus and non-guaranteed e-mail address).
Personally I've never put much faith on Microsoft's client-side
anti-spam schemes. They're are insufficient to catch a lot of spam.
They are sometimes overly aggressive to produce lots of false positives.
Best is server-side spam filtering (i.e., spam filtering done up on the
mail server by whomever is your e-mail provider). If they are too
"loose" on their filtering (because they don't want to be accused of
blocking your good e-mails - users are more sensitive to lost good
e-mails than of getting a few false negatives [spam] that leak through
in a week) then you need to employ a 3rd party anti-spam solution. If
you rely on Microsoft's client-side anti-spam solutions, you may be
disappointed with the results.
If you're still intent on blocking all e-mails from a domain (i.e., you
want to throw the baby out with the bathwater) then define a rule as
Alsenor mentioned. I haven't bothered trying to block domains (for
bogus e-mail addresses) in spam because, one, it's likely the spam
didn't originate from that domain and, two, you block e-mails from all
good senders from that domain. Just what are you going to do when you
want to block spam that *says* it originated from Hotmail and your
family has Hotmail accounts from which they want to send you e-mails?
Yes, you can whitelist all your known good senders but you won't know
now from where all your good senders will be in the future.
Spammers laugh at anyone using a blacklist of their bogus e-mail
addresses in trying to block their spam. It isn't their e-mail address.
It's probably not even their domain from where they sent their spam.
Meanwhile, in trying to "hurt" the spammer by blocking the bogus domain
ends up hurting you by blocking good senders from those same domains.
> But WLM promises a simpler, quicker method by offering the junk mail icon.
Do you know how Microsoft's junk filtering works? I have yet to find an
authoritative delineation of all algorithms used by Smartscreen to
detect spam.
Part of it (on the client side) appears to be a simplified Bayesian
filter where your voting (to establish word weighting) is by selecting
Junk or Not Junk. This is the vaguely described "Microsoft Research's
patented machine-learning technology". They also described it as a
"probability-based algorithm". They use a lot of words to hide its a
modified Bayes filter (http://en.wikipedia.org/wiki/Bayesian_filter).
They used a simplified Bayes filter and added more to Smartscreen to
"patent" its behavior. They took something that had been well-proven in
the past (by SpamAssassin, SpamBayes, SpamPal, etc) and added to it.
Yet there is no floor function (to expire ancient or out-dated
weightings for words that haven't appeared in your e-mails for a long
time), there's no user-configurable spam/ham thresholds, a blacklist and
whitelist of words you want to add to the spam and ham weightings,or any
other settings for Microsoft's Bayes filter, er, "machine-learning
technology". I visited http://www.uspto.gov/patents/process/search/ to
see if I could see how Microsoft tried to define their Smartscreen
technology to qualify it as unique enough to warrant a patent but a
search there failed. I have yet to see Microsoft actually note a patent
*number* (meaning they actually got one). Patent "pending" means there
is yet no patent. Selecting an item as Junk to add it to the database
(as spam) may help identify future spams but only if those future spams
occur in high enough frequency to up the weighting to exceed the spam
threashold in the Bayes filter. That means you have to get a lot of the
same spam before the Bayes filter will start recognizing it. It takes
time for the Bayes filter to learn but often by the time it learns
(weights) the bad words is too late since the spammers have already
changed their content. While there is more than just a Bayes filter in
Smartscreen, Bayes filtering should be the LAST in a chain of spam
countermeasures. It isn't that reliable. It is still a statistically
based guessing scheme. DNS blocklists are more accurate and up to date.
What is discussed at http://mail.live.com/mail/junkemail.aspx applies
only to server-side filtering deployed for the Hotmail *service* except
[a portion of] Smartscreen is included in their e-mail clients (see
http://www.microsoft.com/security/online-privacy/spam-prevent.aspx).
Part of this are embedded anti-spam rules but which sometimes cause
problems as users note e-mails recieved okay before are later getting
detected as spam after an update. They can hope some future Smartscreen
update removes the antispam rule that generated the false positives or
they have to whitelist those senders.
The SenderID feature mentioned is only usable at the e-mail server (it's
not part of a Microsoft e-mail client). Sender ID has to be validated
DURING the mail session between SMTP servers, not afterward when you
yank a copy out of your account and long after the mail session has
ended with the sending mail server. (BTW, in petitions to get Microsoft
to remove Smartscreen from their Hotmail service and e-mail clients,
they note that OpenSPF states Microsoft's implementation of Sender ID is
broken and not compliant to common standards.) Mail providers can buy
an expensive Sender Score Certificate to get past Smartscreen (to
whitelist their domain) but many webmasters, server admins, and
organizations cannot afford them, plus it's somewhat blackmail
(protection money racket) to make anyone pay to get past your filter for
their non-spam e-mails.
There is a domain reputation ranking included in Smartscreen but I don't
know if their e-mail clients use this (it is used by IE7+ and its
Smartscreen filter). I suppose a domain that operates a phishing web
site might also not be from somewhere you want to get an e-mail.
Alsenor
on the subject.
Let me expand as well...
Although I don't consider naďveté a character weakness and cause for
defensiveness, I will concede that the only thing I may have been naďve
about is to expect a software company like MS to provide a product that
actually works the way it promises to work.
There are millions of computer challenged, and even E-mail challenged, new
users out there who are still bringing in big profits for the suppliers.
These are supposed to be the professionals, and the user should not be
expected to have to learn about data packets and such, let alone study how
hackers and/or spammers operate.
"VanguardLH" wrote in message news:imuor8$7qg$1...@news.albasani.net...
Magnus
work". I'm not sure where you believe that promise came from, it's
surely not in my software license agreement.
As VanguardLH clearly articulated, it is all but useless to attempt to
block spam filtering a "from" email address. And bouncing spam is bad
form. I know... been there, done that, got blocked.
If you require sophisticated antispam tools, you're probably going to
pay someone for their efforts to develop and maintain a tool, or you're
going to join a community that collectively fights spam. In the meantime
use the "white list" approach Microsoft makes available with the mail app.
Alsenor
the bundled apps that come with it. I would expect a guy with all the
wisdom you profess to have would know that.
The promise does not have to come in the fine print that nobody reads, but
is implied.
And as far as "bad form" is concerned, I suppose you consider unsolicited
mail good form?
End of this discussion for me.
Thanks for all the *smart* responses.
"Magnus" wrote in message news:bePkp.4515$sS4....@newsfe11.iad...
VanguardLH
> Although I don't consider naďveté a character weakness and cause for
> defensiveness, I will concede that the only thing I may have been naďve
> about is to expect a software company like MS to provide a product that
> actually works the way it promises to work.
> There are millions of computer challenged, and even E-mail challenged, new
> users out there who are still bringing in big profits for the suppliers.
> These are supposed to be the professionals, and the user should not be
> expected to have to learn about data packets and such, let alone study how
> hackers and/or spammers operate.
There are actually petitions around trying to get Microsoft to remove
their Smartscreen filter from both their e-mail and web browser
products. Sender ID is appearently incorrectly implemented by
Microsoft. The antispam rules embedded in the updates change the
behavior of Smartscreen which can cause good e-mails to get tagged as
spam and the user has no means of adjusting these algorithms. Senders
(e-mail providers) having to buy a special certificate to make sure good
e-mails get past Smartscreen (or show a trust relationship) smacks of
the old protection racket.
In every Microsoft e-mail client, I've always ended up disabling their
spam filtering. If my e-mail provider's server-side spam filtering
wasn't sufficient (and I couldn't tweak it) then I'd get a 3rd party
anti-spam solution many of which are free. 3rd party anti-spam products
can afford to be "tighter" (more robust) in catching spam while
generating more false positives because its users are expected to learn
how to use that product. E-mail providers often have to be "loose"
(less robust) in their filtering because users are far more sensitive to
losing good e-mails than getting nuisanced with a couple spams per week.
They need to blast away the meteors heading towards your account, not
sifting the beach sand looking for minutia of suspect content. They
probably don't include domain blocking for the very reason that users
don't understand that they aren't just getting rid of spam (which
probably came from a different domain, anyway) but putting on blinders
on everyone else that's a good sender from that domain. You can,
however, define your own rules. Hotmail, for example, will let you
define a server-side filter rule in account that looks for the domain in
the sender's address. Microsoft lets you load the bullets in the gun so
you can shoot yourself in your own foot. That way, it's not their fault
you lose wanted e-mails from good senders at that domain.
By the way, just where would the "big profits for the [email [client]]
suppliers" come from for a free e-mail server and free e-mail clients?
If you don't want to be a soldier educated in combatting your enemy then
you relegate that responsibility to someone else so you can remain a
passive civilian. When your defending army fails, you are at the mercy
of the enemy. You can relegate all anti-spam protection to someone else
and then complain when they don't work, or you can shore up your own
defenses but that typically means you have to know against what you are
fighting. You can be lazy or you can be secure.