# Outlook 2007 not catching spam



## bauhsoj (Apr 20, 2005)

A ton of Viagra ads are flooding almost every mailbox we have in Outlook with the sender fudged as from our own domain. I tried adding a filter to delete all mail with the word "viagra" in it but once Outlook runs it on one email it seems to stop for every other account.

Is there any way to "train" Outlook to recognize these emails as spam? This is getting absurd. :upset:


----------



## tosh9i (Aug 3, 2006)

First, is Outlook updated to the latest version:

http://office.microsoft.com/en-us/d...osoft.com/en-us/downloads/FX101321101033.aspx


----------



## bauhsoj (Apr 20, 2005)

Yes, all the latest 2007 updates are installed, including spam definitions.


----------



## bauhsoj (Apr 20, 2005)

I will tell you, in the emails titled from Viagra, they include the entire Hotmail spam protection web page within the email and how I need to sign up and then they mention viagra down at the bottom.

Any ideas?


----------



## tosh9i (Aug 3, 2006)

Well, I'm assuming that you already have the Junk Email feature enabled, correct?


----------



## JustAnotherDude (Oct 31, 2007)

Can you post a header from the spam mail, and a header from a mail sent from one account on your domain to another account on your domain. Looking at the header data, there is possibly some tidbit in there that could be helpful information.

Also, do your Outlook clients simply hook into a POP3 account on your domain, or is there an actual mail server and/or a network appliance in the loop?

If the answer is "POP3" at your domain, does the domain hosting service offer any spam filtering of their own (most do), and if so how is it configured?

Also, again if your domain is hosted and your Outlook clients simply hook into a POP3 account, does the host offer a "catch-all" configuration? If so, then most of the spam should be able to be avoided, especially if it is not directly addressed to each "real" email account - meaning, it might be sent to [email protected] but is winding up in your inboxes anyway. That's a common trick the spammers use.

Lastly, a few words about prevention:

If your domain has a web page(s) posted that contain any "real" email addresses in text form, get rid of them! Spammers harvest those easily. In fact, they also harvest addresses from addresses that are put on images. But because their bots use OCR to read the images (Optical Character Recognition), you can fool them by obfuscating the image in a way that will not fool a human, but will fool the bot.
Some sites use obfuscated email addresses on images, and on the same image has clearly readable OCR-optimized text that reads [email protected], so the spambots harvest that address and start sending spam to the department of justice anti-spam division. Others include addresses of senators, the FBI and other organizations, in the hope that they will allocate resources to track down the spammers and/or force the ISPs to close their open-relay SMTP agents and install better anti-spam software.


----------



## bauhsoj (Apr 20, 2005)

tosh9i said:


> Well, I'm assuming that you already have the Junk Email feature enabled, correct?


Yes, of course.


----------



## bauhsoj (Apr 20, 2005)

JustAnotherDude said:


> Can you post a header from the spam mail, and a header from a mail sent from one account on your domain to another account on your domain. Looking at the header data, there is possibly some tidbit in there that could be helpful information.


I am not certain how this would help. I already set it to delete all emails with the word Viagra in it but it only deletes the first it runs into and then lets every other one after that through.



JustAnotherDude said:


> Also, do your Outlook clients simply hook into a POP3 account on your domain, or is there an actual mail server and/or a network appliance in the loop?


It hooks directly into our domain's POP server.



JustAnotherDude said:


> If the answer is "POP3" at your domain, does the domain hosting service offer any spam filtering of their own (most do), and if so how is it configured?


Yes, Spam Assassin and it catches more offenders. This one is taking common email templates from other sites and putting them in then crossing them with common spam names like Viagra, then putting their own links behind the Viagra name. The last one was really for HornyCamz.



JustAnotherDude said:


> Also, again if your domain is hosted and your Outlook clients simply hook into a POP3 account, does the host offer a "catch-all" configuration? If so, then most of the spam should be able to be avoided, especially if it is not directly addressed to each "real" email account - meaning, it might be sent to [email protected] but is winding up in your inboxes anyway. That's a common trick the spammers use.


The catch-all has already been locked down. It was much worse before that.



JustAnotherDude said:


> Lastly, a few words about prevention:
> 
> If your domain has a web page(s) posted that contain any "real" email addresses in text form, get rid of them! Spammers harvest those easily. In fact, they also harvest addresses from addresses that are put on images. But because their bots use OCR to read the images (Optical Character Recognition), you can fool them by obfuscating the image in a way that will not fool a human, but will fool the bot.
> Some sites use obfuscated email addresses on images, and on the same image has clearly readable OCR-optimized text that reads [email protected], so the spambots harvest that address and start sending spam to the department of justice anti-spam division. Others include addresses of senators, the FBI and other organizations, in the hope that they will allocate resources to track down the spammers and/or force the ISPs to close their open-relay SMTP agents and install better anti-spam software.


We send all the spam to SpamCop the [email protected] with full email headers. No email addresses show on the site, period. These emails are getting sent to common email addresses such as [email protected] and [email protected].


----------



## JustAnotherDude (Oct 31, 2007)

I'm surprised that Spam Assassin lets those slip through. I wonder if maybe it's not configured properly. You could forward some of the offending mails to the hosting service support staff for analysis, and they should be able to adjust Spam Assassin to block them.
Configuration is important. One place I helped out was using Message Labs as a spam solution. At first, no matter how hard we tried, we could not get system to block ANY mail - we forged the headers with fake non-valid IP addresses, fake return addresses, and added lots of spam-like content, like "Buy Viagra and other pharmaceuticals CHEAP, and invest in our penny stocks now, and sign up for our super Nigerian Lottery Special". We linked images to blacklisted sites, and basically tried everything that the anti-spam software claims to look at, and still all the messages got through. After complaining to Message Labs, they got it fixed (the filtering was all under their control), and told us "..it was a simple matter of configuration.."
So, maybe it's worth a shot.

Good luck with it.


----------



## bauhsoj (Apr 20, 2005)

Apparently Outlook is letting through all email where the sender is on our domain. In other words, if [email protected] is the senders address it gets right through no matter what. How can we stop this from happening and still get intradomain email without risk of blocking our own??


----------



## bauhsoj (Apr 20, 2005)

Any ideas? The volume of Viagra spam is growing daily and we are having to rely on the "delete" key for all of it since they are putting the sender's domain as our own.


----------

