Skip to Content

A Mail.app rule for catching image spam


It seems that I'm not the only one being inflicted with a new wave of image spam, as Bill Benson, a MacInTouch reader, has posted his rule solution for this junk that seems to so easily elude Mail.app's filters. Tim Gaden at Hawk Wings, also a victim, elaborates on how to set up this rule, as a trick is involved. To summarize:
  • for the first condition, select 'Edit Header List...'
  • in its accompanying option, chose 'Content-Type' (or create it if you have to)
  • The Content-Type option will then take first place in the rule (or you might have to select it from the criteria list), allowing you to finish building the rule as pictured
The rule is based off of Bill's observation that these spam emails always come from a different address, and the content type header (as you might now assume) begins with multipart/related'.

Since I have been receiving around a dozen of these messages on a daily basis, I think I can say that, so far, this rule has been a success. Three cheers for the power of community -based spam filtering. If you aren't using Mail.app, however, I would imagine this trick can be adapted for other email apps. Anyone else try it outside of Mail.app?

It seems that I'm not the only one being inflicted with a new wave of image spam, as Bill Benson, a MacInTouch reader, has posted his rule...
 

Add a Comment

*0 / 3000 Character Maximum

35 Comments

Filter by:
Jeremiah

Thanks for the tip.

Another tip from me is to use larger calibers than 9mm on spammers...aim for their feet...

November 25 2007 at 11:33 AM Report abuse rate up rate down Reply
Jan

For the people using SpamSieve, there is a good and free alternative: JunkMatcher. It also uses Bayesian filtering plus a set of other rules that are regularly updated.

October 25 2006 at 6:22 AM Report abuse rate up rate down Reply
Misha

hmm doesn't seem to work. Must not be a header, but some other heading.

September 05 2006 at 10:34 PM Report abuse rate up rate down Reply
Misha

I do have one out of thousands of emails that use that kind of content type in my current saved emails, so I suppose it's not too bad at false positives. However I wonder if there is a way to simply filter out messages that contain base 64 stuff?

Would

Content-Transfer-Encoding (is equal to) base64

work?

Is this less of a false positive risk?

September 05 2006 at 9:55 PM Report abuse rate up rate down Reply
Jeff

This is a great tip... I've set it up in Thunderbird as a separate rule also matching people who are not in my personal address book and so far it has worked a treat. I've been getting those stupid mails daily for months and I'd love some hacker to track them down and burn them good. I never knew about being able to create the Content-Type option before. I'm rapt!

August 21 2006 at 6:46 AM Report abuse rate up rate down Reply
adrian

Aha! Thanks, Andy - I should have read the Hawk Wings post properly ;-)

[Later...]

Well, it's just caught all of those annoying spam mails that always land in my inbox when I fire up Mail each morning, so that's a plus. No false positives yet, so fingers crossed...

August 07 2006 at 3:48 AM Report abuse rate up rate down Reply
Bill Benson

It's true you do need to check for false positives, but simply drag these back to the inbox to accept them as "previous recipients", so that future messages from this sender will be accepted as well.

August 06 2006 at 10:33 PM Report abuse rate up rate down Reply
JJ (DJBennetts) Mini Ture_MacJournal

Thanks for this rule hint as I get some of this mail and it is time consuming deleting it, this may help
Thanks greatly
JJ

August 06 2006 at 7:27 PM Report abuse rate up rate down Reply
Neil T.

I've posted a guide for doing this in Mozilla Thunderbird here:
http://www.neilturner.me.uk/2006/Aug/06/stopping_image_spam_in_th.html

It's actually pretty much the same. Can't be done in Outlook Express though.

August 06 2006 at 2:25 PM Report abuse rate up rate down Reply
Clark Goble

It is typically wise if you unfortunately get a lot of spam (I get about 1000 messages a day now due to having some public email addresses of necessity) to direct the results of this rule not to your general junk directory but to a secondary junk directory. I call mine A-Spam.

The reason is that it makes it much easier to look for false positives.

August 06 2006 at 12:26 AM Report abuse rate up rate down Reply
Buy an ad here

Hot Apps on TUAW

Tweets

© 2012 AOL Inc. All Rights Reserved.