Fighting spam with webmail filters

Everyone knows that spam email is a problem, but sometimes solutions are hard to find.  If your email provider offers a webmail portal then hopefully the tips on this page will help you block most of the spam before it reaches your devices.

If you are familiar with webmail then you know there is a settings button with lots of additional options.  Under Spam Settings, a list of Allowed and Blocked senders can be defined.  You can add the emails individually or use an asterisk such as *@gmail.com

Also under Settings is the Filters catagory.  I have found this to be the most helpful area in reducing my spam emails to nearly nothing.  Let's walk through some examples of creating some useful filters.

Inside Filters is the Actions button.  This is where you can download a completed set of filters or add a set a filters into you account, but you have to create them first.  So let's do that.

Click on the Create button.  Now give the filter a good name in case you end up with multiple filters.  In this example we'll block known spam words in the subject line so name it Subject1.  I like to set the scope to "match any of the following rules".  Now you are ready to create the first rule.  The first drop down menu lists the fields:  From, To, Subject, Size, and "...", more on "..." later.  Choose "Subject" and then in the next box choose "Contains".  Type in a word in the third box that you are pretty sure will be a spam email, like CBD.  Finally, choose what we want to happen when it sees an email with CBD in the subject.  Below your rule choose to move the email to a folder like Spam.  This will keep the email out of your inbox and thus it will not go to your computer email program or mobile device.  We can add multipe words to look for.  To the right of your rule with CBD click on the +.  Now choose Subject Contains and another word like REWARD.  Note, the default is for these searches to be case insensitive so don't worry about that.  You can override that by clicking the sprocket by the +, but I like the defaults.  Congratulations, you have your first spam rule.  You can add as many words as you like.  If you want it to search for multiple words in the subject then type the first word and press "enter" then type the second word.  Your rule may look something like this.

Add as many rules as you like

Scan for words in the fields:  Subject,  From, or To

SAVE!  be sure to click the Save button.  You have to fix any errors in the rules before it will save.

In the early days of fighting spam I had so many words to scan for that I had rules Subject1, Subject2, From1, From2, etc each with dozens of words.

You can also create a rule for emails that you know are good and look for words in the Subject or From and set the action to move the emails to your Inbox.

Let's talk about spam for a moment.  It is devious and always evolving.  Recently spammers have started spoofing or overriding the text you see in the From, To, Subject fields.  That means the information isn't really in those fields, it is being swapped in from fields in the email header.  If you don't know what an email header is you can do a quick internet search.  Basically it is a lot of technical stuff that you don't typically see inside the email.  It has information about who it was from, where it went, domains, spam scores, etc.  This is where the spam started defeating all of my rules.  While you might see CBD in the Subject line, it isn't in the real Subject field that gets scanned.

Remember that "..." in the field dropdown menu?  I never could find any detailed help on what that meant anywhere on the internet.  This is all I ever found from the standard webmail help: "Webmail can analyze the following fields in the message header: Subject, From, To, size, and a wildcard that you can define." Is that helpful?  Not really, but through much trial an error I discovered you can use the "..." to match to fields in the email header which gets us back on a level playing field with the spammers.  I highly recommend you do an internet search about email headers.  This is a nice page about them: https://www.mailercheck.com/articles/how-to-read-and-understand-email-headers

So let's create a rule using this mysterious field.  When I get a spam that breaks through my rules I right click it and select "view source".  This shows all the technical stuff.  It is easy to get lost but there are a few things that I have used which are currently doing a great job of stopping 99% of the spam.  There are a lot of fields/tags which are followed by a colon and then a lot of other stuff.  Look for the tag "authentication-results" in your header info.  I have found that when that contains the text "dkim=none" it is normally a spam email.  So create a rule and choose "..." as the field.  A new empty box will appear, type or paste in the text authentication-results.  Set the rule to Contains the text dkim=none.  Below is a picture of what I am currently looking for in the header fields.

These few rules have caught all the spam the other rules missed so far.  I admit this is still in the experimental stage and will evolve to match new spam.

The name inside double quotes is when they actually paste part of my email address without the domain yet surrounded by double quotes.  Dead giveaway for spam.

I always have the rules send the messages to the Spam folder.  Every few days I quickly browse that folder to make sure good emails aren't being caught by mistake.  When it happens I will add the sender to my whitelist or allowed senders.  Sometimes a rule might be too strict and I need to tweak it or disable it inside the rule itself.

Good luck in your own fight against spam.