Log In | Subscribe | | |

Blocking a spammer by IP address with Mailwasher Pro

Editorial Staff

The return of the high-volume spammer and spammers who use proxy servers while using many different domain names means that the more common "block sender" spam control is less effective against them than against the relatively ad hoc spammer. But there is something you can do.

When you receive spam, you can look at what's called "the header." This is found under "message source" or something similar in your e-mail client (e.g. Thunderbird) on your desktop. It's made up of lots of lines of techy stuff.

You are looking for a line that says something like: "received: from ..." and there you'll see a domain name followed by an IP address. An IP address is made up of four sets of numbers with dots between them e.g. aaa.bbb.ccc.ddd

If you are getting lots of spam from the same source, this number will be the same (or the first two or three groups will be the same) even if the domain name is different.

So, it's that address that you need to block or, at least, mark as spam so you know every time. Unfortunately, good as it is, the Thunderbird mail filter system doesn't have a way of searching through the headers and marking or deleting mail.

All of our Group e-mail is protected by Mailwasher Pro a clever bit of software that sits between our mail server and the mail client. It works like this: Mailwasher Pro intercepts mail on the way to Thunderbird (or whatever mail program you use) and displays only the headers. Mail is not downloaded until you, as user, have approved it. In this way, any malware with the mail is prevented from reaching you.

Importantly, Mailwasher Pro checks mail against both your own parameters and against information from external lists. Mail which is blacklisted is immediately quarantined and marked for deletion. You can blacklist mail which is listed either by address or domain.

But, where high-volume spammers keep changing their domain, that means that the spam still needs to be reviewed.

This is where Mailwasher Pro's filters come in and this is how to mark all mail from a specific IP address as spam.

Under, Spam Tools>>My Filters>>Add.
If the entire header contains "a.b.c.d" then mark the email as spam.

It is possible to set the filters to autodelete but that might run the risk of false positives being deleted if the mail server is also used by legitimate users (as it may be where a proxy is used by criminals).

Find out more about Mailwasher Pro,
. If a sale results from your visit, we will earn a small introductory commission and that's the kind of revenue that helps PleaseBeInformed.com keep our lights on.