Filed under: Software, Tips and tricks, Internet Tools
A Mail.app rule for catching image spam

It seems that I'm not the only one being inflicted with a new wave of image spam, as Bill Benson, a MacInTouch reader, has posted his rule solution for this junk that seems to so easily elude Mail.app's filters. Tim Gaden at Hawk Wings, also a victim, elaborates on how to set up this rule, as a trick is involved. To summarize:
- for the first condition, select 'Edit Header List...'
- in its accompanying option, chose 'Content-Type' (or create it if you have to)
- The Content-Type option will then take first place in the rule (or you might have to select it from the criteria list), allowing you to finish building the rule as pictured
Since I have been receiving around a dozen of these messages on a daily basis, I think I can say that, so far, this rule has been a success. Three cheers for the power of community -based spam filtering. If you aren't using Mail.app, however, I would imagine this trick can be adapted for other email apps. Anyone else try it outside of Mail.app?

![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)


Reader Comments (Page 1 of 2)
Whit Downer said 4:19PM on 8-04-2006
Most of this type of spam (image rather than text) that I have received has been pushing junk stock of one sort or another.
This is against federal law.
I am forwarding all such spam to , with long headers. In response, I have also received an SEC Division of Enforcement Confirmation Reply Form letter.
See:
http://www.sec.gov/complaint.shtml
for additional details.
I recognize I am not perfectly on point, but it seemed close enough, and on the one chance it might shut these scumbags down if the Feds get involved...
Thanks, and Good Luck!
Reply
Automatt said 4:35PM on 8-04-2006
It's tips like this that I keep reading this site for
Reply
Antony Wedgbury said 4:55PM on 8-04-2006
Is this those emails about investing and buying shares that come about twice a day from a different email account ? that come with that stupid image, and mail can't seem to send it to the junk the image say's ***ATTENTION ALL DAY TRADERSAND INVESTORS***
Reply
dk said 7:15PM on 8-04-2006
Long-time reader, first-time commenter - this tip is fantastic and thanks for posting :-)
Reply
Earl Stutes said 7:25PM on 8-04-2006
You should be aware that you will also get false positives with this rule. But I personally would rather look at my junk folder and save the ones I want rather than have them clutter up my inbox.
Reply
john McIntosh said 7:32PM on 8-04-2006
While I like Mail's Spam capabilities, I am amazed that everyone isn't using SpamSieve. I may see one or two new spam messages a month. The accuracy is also top-notch.
Reply
Robert said 8:21PM on 8-04-2006
Or you can just stop fiddling with spam filters and use Yahoo (or similar) mail instead.
Reply
Derek said 8:27PM on 8-04-2006
I am using the default spam filter, and have no spam in my Inbox :)
Reply
andrew harrison said 8:44PM on 8-04-2006
I use Mail.app's default filter. After receiving one of these the first time and marking it as spam, i don't get any of them in my inbox anymore.
Reply
Daveed V. said 9:23PM on 8-04-2006
I second the SpamSieve recommendation. I get a little over a thousand spam messages a day. On a good day, Apple's Junk filter will catch 97% of that, but on a not-so-good day it's more like 90% (which means around 100 spam messages come into my inbox).
I've been using SpamSieve for about a week, and it seems to let about 1-5 spam messages through (per day).
Reply
GadgetGav said 9:30PM on 8-04-2006
I was about to try Spam Sieve just to get around these junk mails. I think I got infected by emailing someone I sold something too on ebay (forgot to use an alias email and infect my main one). Glad to see someone figure out how to trap them as I couldn't see how to make mail filter something that was just an image to the trash. Anyone I know who sends me real images would attach at least a little text too.
Reply
icerabbit said 10:27PM on 8-04-2006
I have been spam free with .mac since iTools was incepted.
Many people, me included, who heavily guarded their address have since about 3-4 weeks been included in a new spam wave. Either somebody got to a certain database or put 1 and 1 together and now spams using a library of countless name options matched to @mac.com.
Most frustrating that Apple does not weed these out at the server level, as they are very distinguishable to the user. Multiple recipients. Certain type of content. Forged header info.
Reply
icerabbit said 10:32PM on 8-04-2006
PS: Forgot the most important part. Thanks for sharing this hint!
Reply
Adam Betts said 12:02AM on 8-05-2006
Unfortunately this tip gave me too many false positives :(
Reply
adrian said 5:51AM on 8-05-2006
Um... what version of Mail is this supposed to work with? I don't see "content-type" on the list.
Reply
Andy Miller said 6:26AM on 8-05-2006
Adrian - you need to add content-type as an option. Scroll down the menu to 'Edit Header list' then add Content-type in the pop-up box.
I found that this rule picks up quite a lot of false positives - but Junkmatcher seems to be doing a pretty good job with a bit of training. I agree with the point from icerabbit why isn't .mac filtering these.?
Reply
Andy Miller said 7:08AM on 8-05-2006
The rule even caught the email from TUAW inviting me to confirm my post!
Reply
Lars said 7:11AM on 8-05-2006
#12: you need to select "Edit Header List..." in the Rules-prefs and add that type by hand.
Reply
Xslf said 8:40AM on 8-05-2006
Going over the legitimate mail in my inbox, it seems that this rule will produce too many false positives. As I do user email support, so I get many users I have not emailed in the past sending me support requests- many of those emails are multipart/related.
Oh well. I guess I'll have to look for another solution.
Reply
Whit Downer said 9:27AM on 8-05-2006
I gotta tell ya', I installed the 30-day demo of SpamSieve after I got sick and tired of these investment-image-spam POS over several months time that the junk mail filter in the Mail app coudn't pick up. SpamSeive was easy to install and set-up, and has worked very very well for me. Very few false anythings. Between SpamSieve catching the investment-image-spam POS, and forwarding all the investment-image-spam POS to the SEC (see http://www.sec.gov/complaint.shtml for details), I actually feel like I've got my e-mail account back! Why, I'd rather spend time with the dentist, or wander around dealing with the salespeople on some used-car lot, than have to sit down with these spammer POS. IMO
Reply