Outlook 2010. Creating a rule for specific spam.

K

kuhla

Limp Gawd
Joined
Nov 21, 2005
Messages
472
Trying to make a rule for a user who is getting some persistent spam but is not being caught by the spam filter.

Email address format: [email protected]

Spam originating from emails with format: [email protected]

I would like to make some kind of rule that follows this logic:

Code: 
if 

sender = my.name@* 
and sender != [email protected]

then

block sender

(or move to junk folder is fine too since I know the move to folder is a common rule in outlook)

Any ideas on how to do this in outlook? ....or am I asking for too much here since Outlook doesn't seem capable of more complex rules?
 
kuhla said:
Any ideas on how to do this in outlook? ....or am I asking for too much here since Outlook doesn't seem capable of more complex rules?
Click to expand...
Actually, Outlook rules could accommodate this need. You could implement a rule using the following conditions:
- Where my name is in the To or Cc box **
- Move it to the (junk_folder) folder
- Except with (specific_words) in the sender's address (i.e. the user's full email address)

** Optionally swap the first condition with the "With (specific_words) in the sender's address", and use a partial email address of the user.

Understand that such a rule could affect legitimate emails that the user forwarded to their work company address. For example, the individual forwards an email from "[email protected]" to "[email protected]".


However, the bigger picture is that you wouldn't want this kind of spam going to any user... correct?

If so, try looking at the actual SMTP message details of the different spam messages. Are they coming from a common list of IP addresses or domain names? Flag them within the spam filter, optionally allowing the user to follow-up and decide on the emails. (Assuming your spam filter software supports such a feature, of course.) Also, what options does your spam filter have? Have you spoken with the vendor/developer of the spam filter about possible rules or "heuristic learning" through flagging specific emails as spam?
 
After more googling I have found that this might be possible by making a rule that runs a script on all incoming mail. I've just started messing with some VBA code I found online and here is what I have so far....

Code: 
Sub MoveMail(Item As Outlook.MailItem)
    Dim strID As String
    Dim objMail As Outlook.MailItem
     
    strID = Item.EntryID
    Set objMail = Application.Session.GetItemFromID(strID)
 
   If objMail.To = "my.name@" And Not "[email protected]" Then
         objMail.Move Session.GetDefaultFolder(olFolderInbox).Folders("subfolder-name")
   End If
 
Set objMail = Nothing
 
End Sub

I'm sure it doesn't work and I would still appreciate any input... I'll keep tinkering with it.... this is a proactive solution to the problem. The client is fine for the most part right now.

NOTE: I just noticed as I was typing this reply that there was a reply to the thread... I'll read that and reply to that in a sec....
 
PTNL said:
Actually, Outlook rules could accommodate this need. You could implement a rule using the following conditions:
- Where my name is in the To or Cc box **
- Move it to the (junk_folder) folder
- Except with (specific_words) in the sender's address (i.e. the user's full email address)

** Optionally swap the first condition with the "With (specific_words) in the sender's address", and use a partial email address of the user.

Understand that such a rule could affect legitimate emails that the user forwarded to their work company address. For example, the individual forwards an email from "[email protected]" to "[email protected]".
Click to expand...

Nice. Using what you typed, I think this will do the trick...

Code: 
Apply this rule after the message arrives
with 'my.name' in the sender's address
move it to the Junk E-Mail folder
except with '[email protected]' or '[email protected]' in the sender's address

....now I just have to find a way to test it. Thank you.

However, the bigger picture is that you wouldn't want this kind of spam going to any user... correct?

If so, try looking at the actual SMTP message details of the different spam messages. Are they coming from a common list of IP addresses or domain names? Flag them within the spam filter, optionally allowing the user to follow-up and decide on the emails. (Assuming your spam filter software supports such a feature, of course.) Also, what options does your spam filter have? Have you spoken with the vendor/developer of the spam filter about possible rules or "heuristic learning" through flagging specific emails as spam?
Click to expand...

I'm a lowly desktop tech, no access to the exchange server, and I've talked to the email tech a handful of times about this, that there is a group of people with this problem, and he claims he doesn't have time for any of this other stuff and that I should just direct the users to block individual senders. Of course new spam address are made all the time. I've brought this up to management too but they have dismissed my concerns and told me the email tech is just too busy to spend time on those kinds of issues. I'm not OK with that so I'm trying to implement some kind of solution on my own. I'm in a unique position where I'm left on my own to solve a lot of problems despite escalating issues to the "proper" people and the client is very grateful for it and has gone to bat for me because they see the good work I do.
 
So the Exchange admin is also in charge of the firewall and/or spam filter devices?
- If not, escalate to those teams instead; basically stop the spam before it reaches the realm/responsibility of the Exchange server admin.
- If so, then you may be in a position of having to settle for the best you can deliver immediately, at least in the short run. Implement the rules on a per-user basis. Exactly how you deploy the rules may be affected by infrastructure and permissions -- either software-enforced, or company policy-enforced. Get a short-term win.

Don't be afraid to go for the short-term win in these situations. A positive follow-up to any praise or enhancement suggestions would be that:
1) You did what you could in the allotted time and with the allowed permissions/capabilities, and
2) You could do something even better for the users if you had ______ and could work with ______ on solving the problem.

Short-term wins sometimes serve as catalysts for bigger changes, which could get better traction than going for the big change in the first step. Put the decision with the stakeholders to grant you what you need to do an even better job -- if they so choose.
 
Last edited:
PTNL said:
So the Exchange admin is also in charge of the firewall and/or spam filter devices?
- If not, escalate to those teams instead; basically stop the spam before it reaches the realm/responsibility of the Exchange server admin.
- If so, then you may be in a position of having to settle for the best you can deliver immediately, at least in the short run. Implement the rules on a per-user basis. Exactly how you deploy the rules may be affected by infrastructure and permissions -- either software-enforced, or company policy-enforced. Get a short-term win.
Click to expand...

Exchange admin also handles the spam filter. Firewall is handled by network team but they sit very close by. Both are at company hq. I spend 24/7 at the client's location so I cannot face-to-face push the issue. This makes it almost impossible to follow up on some issues.

Luckily this issue is affecting a minority of users so it shouldn't be too much leg work to implement for those users.

Don't be afraid to go for the short-term win in these situations. A positive follow-up to any praise or enhancement suggestions would be that:
1) You did what you could in the allotted time and with the allowed permissions/capabilities, and
2) You could do something even better for the users if you had ______ and could work with ______ on solving the problem.

Short-term wins sometimes serve as catalysts for bigger changes, which could get better traction than going for the big change in the first step. Put the decision with the stakeholders to grant you what you need to do an even better job -- if they so choose.
Click to expand...

Now if only I could convince my company that we should get tough and not allow every user to have full local admin rights combined with a very limited group policy (as it currently is per client's request) than I would be a much happier man.....
 
You must log in or register to reply here.
Back
Top