Spam
I Want an Email Client
|
|
(2008 Feb blog post)
! Note !
More info, images, and/or links may be added,
if/when I re-visit this page.
|
INTRODUCTION - I get a lot of email spam (in the years around 2008). Some is from China and Korea, the Asia-Pacific area. Some is from other places like Chile and Romania --- and some is from the United States. In 2008, I am/was receiving mostly ads for meds. In 2007, I was also getting lots of mortgage re-financing spam and Rolex watch spam --- and the usual offers to enlarge that certain male member. My Internet Service Provider (ISP) --- cox.net --- filters out a lot of spam --- by anti-spam techniques unknown to me. But I still get about 20 spam emails per week (two to four per day). It's a real nuisance --- especially because I do not check my email sometimes for over a week, so I end up having to deal with about 20 spam messages. I can usually tell from the gobbledy-gook 'Subject' text --- and from the unfamiliar 'From' name --- which emails are spam. (I have to wonder who would respond to emails with such meaningless subject lines --- and gobbledy-gook in the message body to throw off mail filters that try to learn what to filter according to the message content.) Although most spam is recognizable from the 'Subject' text, it would be a real time-saver to have a means to automatically direct such mail to a 'suspected-spam' mail folder (or a 'Trash' folder). Some of the mail is particularly annoying because it is sent over and over and over again --- day after day --- even several times a day. I don't even want to see it. A SIDE NOTE: Unfortunately, I chose an email address of the form first-name-initial and last-name ... like sjones for Steve Jones. It seems spammers send out huge amounts of spam by attaching a single letter to a last name, from a huge list of last names. Hence I often see a spam email addressed not just to my email address but to several with the same first initial.
Example: sjohnson, sjohnston, sjones, sjorgenson
Lesson to you: What I'd Like (filter by IP address range)
I would like to have an email client that
filters out email
by IP addresses --- in ranges --- such as all addresses in the range
200.61.0.0 through 200.62.128.255 (for example, all the addresses
assigned to a particular mail server) I have described how a 'Received: from' line in email 'header lines' can be used to determine a source IP address of an email. That description is in one of my external-web-LINKS pages --- on the subject of SPAM-FIGHTING-INFO. Here is an example 'Received from' header record: Received: from bb0ea012.schwab.com ([162.93.212.202]) by fed1rmimpi03.cox.net with IMP id YJ2S1X02f4NaEDu0000000; Sun, 05 Aug 2007 14:02:27 -0400 Note that it is of the form 'Received: from . . . by . . . date-time'. The IP address after 'from' is a candidate for determining the email-sender's location. Note this quote from the Wikipedia email spam page: "Senders cannot completely spoof email delivery chains (the 'Received' header), since the receiving mailserver records the actual connection from the last mailserver's IP address. To counter this, some spammers forge additional delivery headers to make it appear as if the email had previously traversed many legitimate servers." This implies that there is at least one 'valid' received-from IP address among the 'Received' headers. Unfortunately, there are not many email clients that can filter on email header info --- specifically the 'bottom-most' received-from IP-address in the headers of an email. The 'bottom-most' received-from IP-address is what may be a 'KEY' received-from address --- one that would help determine the sender of the email. (Unfortunately, the 'bottom-most' received-from line may not reveal that address --- in all cases --- but it is a good candidate. I think I could work with that.) The Microsoft mail clients (Outlook Express and Outlook) allow for filtering on keywords in the 'Subject' and 'From' and 'Body' fields. But spammers have pretty much made that kind of basic filtering useless. Most spammers use misspelled words for 'Subject' --- and, often, graphics images instead of text in the 'Body' --- and faked email addresses in 'From'. You could do a WEB SEARCH to see if there is a way to to direct suspected spam to a 'trash' folder --- for your particular email receiving-and-reading program --- such as the Mozilla Thunderbird email 'client' program. In particular, it would be nice to find an email 'client' program that can 'filter' incoming mail according a 'KEY' received-from IP-address compared against ranges of IP-addresses. I have tried WEB SEARCHES on keywords like the following --- with no success to date. Unfortunately, I have not found an email 'client' that 'filters out' incoming mail according to user-specified IP address ranges. Thunderbird filtering : The following two images indicate the panels within Thunderbird where one would specify the filtering on individual IP addresses (or on mail-server-inserted message headers). IF it turns out that Thunderbird will NOT do filtering on IP address ranges (and I don't think it does), I may have to look for another email-reader client --- or a helper application for an email-reader client. |
It is too tedious and ineffective to filter by
individual IP addresses. We need the ability
to specify wide ranges of IP addresses.
|
Groundwork -- IP address ranges by country To start determining some IP address ranges to filter out, I have started a large list of IP-address ranges (along with some specific addresses). This text file, on this site, shows ranges of IP addresses assigned to countries --- along with notes on some specific addresses and ranges that seem to be sources of spam and other undesirable net behavior (personal/identity data gathering, spyware, viruses/trojan-horses/worms, adware, popups, etc.). For more such IP-address info, some 'block list' sites may be seen at this curlie.org spam blacklisting page. My desire is to filter out emails (and, also, eventually, block packets trying to enter the network card of my computer) that apparently come from countries like China, Korea, Taiwan, Romania, Chile, etc. --- and certain IP-address ranges in the U.S. About the only email I get is from friends using ISPs in the U.S. --- like cox, gmail, AOL, roadrunner, etc. --- OR, I get email from businesses in the U.S. --- like airlines, railroads, hotels, my web host provider, etc. (I may want to filter out the mail from specific companies --- if they do not honor a request to stop further infomercial emails.) Some web pages indicate how difficult this IP-filtering approach is (namely, constantly finding new address ranges to filter out --- and then finding that some ranges may be too aggressive and need to be broken up). These kinds of web pages are at sites where administrators of web sites are describing how they attempt to block 'trolls' from posting comments on web sites that they manage. Those sites typically go dead after a few years, but you could try WEB SEARCHES on keywords --- such as: If you do web searches like these, you will probably find some people that say filtering on IP addresses is not appropriate. Most of these people are system administrators who are filtering at routers or proxy servers or mail servers on a company network, and their company has a need to accept mail from many parts of the world. For example, my ISP (Internet Service Provider), cox.net, cannot filter out mail from China and Korea, because many of their customers may need to be able to receive mail from there. HOWEVER, I, as an individual, have no need for mail from China and Korea. I have no relatives or friends there. And even if I did have a relative or friend who was visiting foreign countries and sending emails to me --- I could simply check the 'From' column in my 'probable-spam' folder (where I would dump all spam-filtered email) to see if I got emails from friends. If I expected to receive more mail from them, I could add their email address or hostname (or an IP address) to a 'white-list' of addresses from which to always accept mail. Black-list or White-list Ideally, I intend to add IP addresses/ranges to an IP list (like at the IP-address-ranges-list-link above) --- as I check spam (and legitimate) email that I receive --- in order to prepare for the possibility of using an email client, like Thunderbird, to filter email by IP address ranges. Actually, it may be better to specify IP-address ranges from which to ACCEPT mail, rather than ranges from which to REJECT mail. If an email client would allow for that kind of filtering (via a "white-list" rather than a "black-list" --- i.e. via a list of addresses/ranges to ACCEPT rather than a list of addresses/ranges to REJECT), that would probably be the less maintenance-intensive way to go. Then I could simply specify U.S. IP address ranges that would accomodate senders of emails from my usual sources --- ISPs of relatives and friends (cox, gmail, yahoo, rocketmail, AOL, etc.), travel-related sites, investment sites, web hosting sites, and the like. Sources of IP Address Ranges In any case, I need some sites that provide information on ranges of addresses for countries (and companies). Here are some such sites.
Sites that give information on IP address ranges assigned within countries typically go dead after a few years, but you could try WEB SEARCHES on keywords --- such as: In 2008, the web site 'ip2location.com' offered statistics on ranges of IP addresses associated with countries: "[In early 2008]... the United States tops the allocation list by holding 37.73% of the IP addresses worldwide. It is followed by United Kingdom (12.83%), Japan (7.64%), China (5.74%), Germany (3.81%), France (3.65%), Canada (2.81%), Korea (2.74%), Netherlands (2.00%) and Italy (1.67%). These Top 11 countries in the list occupied more than 80% of total allocated IP address ranges in the world in 2007. The other 227 countries are sharing less than 20% of allocated IP address spaces." A more current list may be available at this Wikipedia page, 'List of countries by IPv4 address allocation'.
A First-Octet IP-to-Country list For the first octet for an IP address (0 to 255), here is an overview of the countries (their country codes) that use IP addresses in each of those ranges of 256*256*256 = 16,777,216 addresses per each first-octet. Unfortunately, there was no apparent attempt, by the agencies that administer IP addresses and hostnames, to allocate the addresses in large, contiguous chunks to each country. This should be a requirement for IP address assignments in the future. IP address assignments could go by country-populations to assign large blocks by country --- holding blocks in reserve for future adjustments. This should be a requirement for the new ipV6 address structure.
(NOTE: I did the countries US, GB, JP, CN, DE, FR, CA, KR --- accounting for more than 75% of the IPv4 addresses. This information was assembled from the many 'slices' of IP addresses shown, by country/code, at an old website 'ipmaster.org' (at 67.227.226.240 in 2018) that is no longer trustworthy. In 2018, that link redirects to another site that tries to control your browser. Do not go there. Use other sites that give IP address ranges for each country. See the 'Sources of IP Address Ranges' section above for some sources.)
White-list or Black-list ? (or both ? ) The list above is oriented toward specifying IP address ranges from which I expect to DENY mail. According to the 'ip-address-slices' data, I would have to 'refine' the denial-ranges into many thousands (tens of thousands?) of tiny slices, to avoid squelching mail from desired sites/countries. So ... I ALSO want to collect ranges of addresses to accomodate various ISPs and companies from which I would expect to ALLOW mail (a 'white-list').
No doubt I would have to 'widen' or 'add to' these allowance-ranges to avoid squelching mail from desired sites --- especially whenever they added an outgoing mail server whose IP address lay outside the ranges from which I was accepting mail. It is beginning to look like the best way to go would be to consider mail 'guilty until proven innocent' --- that is, to send mail to a 'suspected-spam' folder, UNLESS the 'first' 'Receive from' IP address (usually the 'bottom-most' IP address in the list of mail header lines) is in a "white-list" of addresses/ranges. In brief, it may be better to use a "white-list" than a "black-list", for my purposes. IN ANY CASE, I would NOT use filters based on the IP-addresses/ranges to IMMEDIATELY DELETE incoming emails. I would automatically route mail from certain ranges of IP addresses to a probable-spam folder, which I would scan occasionally to see if any desirable mail was directed there. 'PRIVATE' IP address ranges 'Reserved' IP address ranges
As explained at this FAQ (at tech-faq.com), 'private' IP addresses are special, because they can be utilized over and over again on different networks. For example, two different companies can have 192.168.*.* networks at the same time. All home networks, 'behind' a router, use IP addresses in this range --- 192.168-prefixed addresses. The home router is typically 198.168.0.1, with addresses of the form 198.168.0.* for the PC(s) in the home. Private IP address ranges are considered non-routable. That is to say, private IP addresses cannot communicate on the Internet. Those addresses are used on company 'intranets' --- and Network Address Translation (NAT) is used to handle external connections, like routing of email. |
|
Bottom of this blog page on
To return to a previously visited web page location, click on the
Back button of your web browser, a sufficient number of times.
OR, use the History-list option of your web browser.
< Go to Top of Page, above. >Or you can scroll up, to the top of this page. Page history:
Page was created 2008 Feb 24.
|