Pwning Spam in Entourage

Beating spam with Entourage

Over the years, I've put together a very concise, tuned list of critera to go from seeing 100% of my spam in my inbox to seeing about 5% of it or less (usually much less). It consists of three rules: one to save the stuff you want from Deleted Items, and one to lay burnination to the bad stuff you don't want, and one to defeat a nasty trick a lot of spammers use.

The order of these rules is very important. Set them up in this order or they won't work.

The first rule:

First, we need to make an exception for ourselves, since Entourage requires us to be in our address books. An authentication of sorts.

Why?

Lots of e-mail spam gets to me with my own e-mail address in the FROM field. Spammers think they're smart, that they can get through filtering with this. They're wrong.

This is the most complex step, so pay attention.

1. Under the "Tools" menu, click "Accounts".

2. Open/edit the account for which you want to make the authentication exception.

3. In the window that appears, click the "Options" tab.

4. Add a custom header under "Additional headers". Make it anything you want it, but make it unique. Examples:

banana
randomheadername
unixownsyou

Anything you want. You can set a value if you like, but you won't need to.

From now on, all messages you send with that account will have that information buried in the headers.

Save your changes and go back to the Rules window. Add a new rule:

Execute if all critera are met:

IF:

If from contains: (* your e-mail address here *)
Specific header (* your new header here *) does not exist

THEN:

Move message: (* destination like Deleted Items, etc.)
Set category: (* optional ... use this to change its color *)
Do not notify
[X] Do not apply other rules to messages that meet these criteria

Below this rule, create a new one:

Execute if any critera are met:

IF:

If from is in address book
(Is) is in reply to a message I've sent

THEN:

(no actions)

[X] Do not apply other rules to messages that meet these criteria

Below this rule, create one more:

Execute if any critera are met:

IF:

If subject contains: (* three contiguous spaces *)
If subject contains: mortgage
If subject contains: financ
If subject contains: credit
If subject contains: free
If subject contains: !!!
If subject contains: debt
If subject contains: bankrupt
If subject contains: lender
If subject contains: penis
If subject contains: guarantee
If subject contains: bills
If subject contains: loan
If subject contains: rate
If subject contains: rebate
If subject contains: homeowner
If subject contains: boost
If (message) is HTML mail
If subject contains: LUEN FAT
If subject contains: HGH
If subject contains: MLM
If subject contains: À
If from ends with: .ru
If from contains: .hk
If subject contains: work from home
If from contains aol.com
If from contains: yahoo.com
If from contains: hotmail.com
If from contains: .nl
If subject contains: prescription
If subject contains: teen
If subject contains: urgent
If subject contains: adv:
If from contains: msn.com
If subject contains: (* your e-mail account username here *)
If date sent is greater than 3 days (ago)
If subject contains: confidential
If from contains: .jp
If subject contains: fwd:
If subject contains: fw:
If subject contains: home owner
If attachment exists
If subject contains: enlarge
If subject contains: growth
If subject contains: re:
If subject contains: cd
If subject contains: dvd
If subject contains: identity
If specific header [charset] contains: gb2312
If from contains: lycos.com
If subject contains: inkjet
If subject contains: amateur
If subject contains: invitation
If subject contains: viagra

THEN:

Move message: (* destination like Deleted Items, etc.)
Set category: (* optional ... use this to change its color *)
Do not notify
[X] Do not apply other rules to messages that meet these criteria

---

It's a good starting point for getting the spam out of your field of vision. It takes about fifteen minutes or so to set this up, but it's worth it. I see maybe 5% of all spam sent to me, with an error margin of about 0.1%. You'll also notice that I flag things with "re:" in the subject line. That might scare you, but I never get replies that aren't real replies to messages I've sent and still have somewhere, so since I have an exception for that in rule #2, marking "re:" works for me. Either way, all it does is mark and reroute messages, so you can still review them when it's all done. (And remember, you don't have to use all of these. I'm just making my methods public for those interested.)

My rules are pretty strict, so you might not want to use them all. Remember, it's just a starting point! ;-) If you have any ideas to improve upon this, shoot 'em my way.

-/-
Mikey-San
org dot bungie at mikey-san

Last updated: 09 Aug 2003