Spam I Want an Email Client-program that filters by 'first' 'Received-from' IP address

(2008 Feb blog post --- preliminary ;
I will probably update the IP address info and add links)

Home page > Blog menu > This page on need for an email client with a filter on IP address ranges

My (spam) Battle I get a lot of spam. Some is from China and Korea, the Asia-Pacific area. Some is from other places like Chile and Romania --- and some is from the United States. In 2008, I am/was receiving mostly ads for meds. In 2007, I was also getting lots of mortgage re-financing spam and Rolex watch spam --- and the usual offers to enlarge that certain male member. My ISP provider (cox.net) filters out a lot of spam. But I still get about 20 spam emails per week (two to four per day). It's a real nuisance --- especially because I do not check my email sometimes for over a week, so I end up having to deal with about 20 spam messages. I can usually tell from the gobbledy-gook 'Subject' text --- and from the unfamiliar 'From' name --- which emails are spam. (I have to wonder who would respond to emails with such meaningless subject lines --- and gobbledy-gook in the message body to throw off mail filters that try to learn what to filter according to the message content.) Although most spam is recognizable from the Subject text, it would be a real time-saver to have a means to automatically direct such mail to a 'suspected-spam' mail folder. Some of the mail is particularly annoying because it is sent over and over and over again --- day after day --- even several times a day. I don't even want to see it. A SIDE NOTE: Unfortunately, I chose an email address of the form first-name-initial and last-name ... like sjones for Steve Jones. It seems spammers send out huge amounts of spam by attaching a single letter to a last name, from a huge list of last names. Hence I often see a spam email addressed not just to my email address but to several with the same first initial. Example: sjohnson, sjohnston, sjones, sjorgenson Lesson to you: Do not pick an email address of that form.

What I'd Like I would like to have an email client that filters out email by IP addresses --- in ranges --- such as all addresses in the range with 200.61.0.0 through 200.62.128.255, instead of by individual specific addresses like 200.61.23.42, or by individual mail sender addresses like sjones@att.net). I have described how a 'Received from' line in email 'header lines' can be used to determine a source IP address of an email. That description is in one of my external-web-links pages --- on the subject of computer-spam. Unfortunately, there are not many email clients that can filter on email header info --- specifically the 'bottom-most' 'Received from' IP-address in the headers of an email. The Microsoft mail clients (Outlook Express and Outlook) allow for filtering on keywords in the 'Subject' and 'From' and 'Body' fields. But spammers have pretty much made that kind of basic filtering useless. Most spammers use misspelled words for 'Subject' --- and, often, graphics images instead of text in the 'Body' --- and faked email addresses in 'From'. There is a web page at vdomainhosting.com that describes how one can set up Thunderbird to direct suspected spam to a probable-spam folder. In that description, one uses the Tools > Message Filters > New > Customize > Customize Headers path --- to specify a message header keyword to look for ... 'X-vDomHost-Relay'. That works if you use their vDomainHosting services. But for email from any ISP, ???

The following two images indicate the panels within Thunderbird where one would specify the filtering on individual IP addresses. If it turns out that Thunderbird will not do filtering on IP address ranges, using the IP address in the 'bottom-most' 'Received-from' header (and I don't think it does), I will have to look for another email-reader client --- or a helper application for an email-reader client.

Groundwork -- IP address ranges by country To start determining some IP address ranges to filter out, I have started a large list of IP-address ranges (along with some specific addresses). This file, on this site, shows ranges of IP addresses assigned to countries --- along with notes on some specific addresses and ranges that seem to be sources of spam and other undesirable net behavior (personal data gathering, spyware, viruses/trojan-horses/worms, adware, popups, etc.). My plan is to filter out email (and, also, eventually, block packets trying to enter the network card of my computer) that apparently comes from countries like China, Korea, Taiwan, Romania, Chile, etc. --- in fact, almost any country other than the U.S. About the only email I get is from friends using ISPs in the U.S. --- like cox, gmail, AOL, roadrunner, etc. Or I get email from businesses in the U.S. --- like travel agencies, my web host provider, etc. (Actually, I may want to filter out the mail from specific companies --- if they do not honor a request to stop further infomercial emails.) Many web pages indicate how difficult this IP-filtering approach is (namely, constantly finding new address ranges to filter out --- and then finding that some ranges may be too aggressive and need to be broken up). Example web pages are here (Bob's Block List = BBL) and here (a manager of a hiking supplies web site in Canada who is trying to allow only people in Canada and the U.S. to post comments on his web site). If you do web searches on this topic (keywords: spam filter "IP address" "block list" "black list" "white list" email ...), you will find many people that say filtering on IP addresses is not appropriate. Most of these people are system administrators who are filtering at routers or proxy servers or mail servers on a company network, and their company has a need to accept mail from many parts of the world. For example, my ISP (Internet Service Provider), cox.net, cannot filter out mail from China and Korea, because many of their customers may need to be able to receive mail from there. HOWEVER, I, as an individual, have no need for mail from China and Korea. I have no relatives or friends there. And even if I did have a relative or friend who was visiting foreign countries and sending emails to me --- I could simply check the 'From' column in my 'probable-spam' folder (where I would dump all spam-filtered email) to see if I got emails from friends. If I expected to receive more mail from them, I could add their email address or hostname (or an IP address) to a 'white-list' of addresses from which to always accept mail.

I intend to add IP addresses/ranges to an IP list (like at the list-link above) --- as I check spam (and legitimate) email that I receive --- in order to prepare for the possibility of using an email client, like Thunderbird, to filter email by IP address ranges. Actually, it may be better to specify IP-address ranges from which to ACCEPT mail, rather than ranges from which to REJECT mail. If an email client would allow for that kind of filtering (via a "white-list" rather than a "black-list" --- i.e. via a list of addresses/ranges to ACCEPT rather than a list of addresses/ranges to REJECT), that would probably be the less maintenance-intensive way to go. Then I could simply specify U.S. IP address ranges that would accomodate senders of emails from my usual sources --- ISPs of relatives and friends (cox, gmail, yahoo, rocketmail, AOL, etc.), travle sites, investment sites, web hosting sites, and the like.

In any case, I need some sites that provide information on ranges of addresses for countries (and companies). Here are some such sites. dnsstuff.org (a site that allows for looking up info on specific IP addresses) samspade.org (offers some info like dnsstuff.org) iana.org (IANA = the main internet IP-address-and-domain-name assignment organization. This site offers links to the several organizations that handle IP-addresses and domain-names for NorthAmerica, Asia-Pacific, Europe, etc.) ip2location.com (offers statistics on ranges of IP addresses associated with countries) ("[In early 2008]... the United States tops the allocation list by holding 37.73% of the IP addresses worldwide. It is followed by United Kingdom (12.83%), Japan (7.64%), China (5.74%), Germany (3.81%), France (3.65%), Canada (2.81%), Korea (2.74%), Netherlands (2.00%) and Italy (1.67%). These Top 11 countries in the list occupied more than 80% of total allocated IP address ranges in the world in 2007. The other 227 countries are sharing less than 20% of allocated IP address spaces.") ipmaster.org (gives number of IP addresses assigned to each country ; click on a number to see the address ranges assigned to the country --- many hundreds of 'slices' for countries like the U.S. and China.) proxysecurity.com (also offers info on ranges of IP addresses) proxyserverprivacy.com (also offers info on ranges of IP addresses) tracetheip.com (offers info on the route to a specified IP address --- the routers and servers that forward packets)

A First-Octet IP-to-Country list (256 lines long) For the first octet for an IP address (0 to 255), here is an overview of the countries (their country codes) that use IP addresses in each of those ranges of 256*256*256 = 16,777,216 addresses per each first-octet. Unfortunately, there was no apparent attempt, by the agencies that administer IP addresses and hostnames, to allocate the addresses in large, continguous chunks to each country. This should be a requirement for IP address assignments in the future. They could go by country-populations to assign large blocks by country --- holding blocks in reserve for future adjustments. This should be a requirement for the new ipV6 address structure. (NOTE: I am in the process of indicating how the countries are scattered over these "1st-octet addresses". So far, I have done US, GB, JP, CN, DE, FR, CA, KR --- accounting for over 75% of the addresses. This information is assembled from the many 'slices' of IP addresses shown, by country/code, at ipmaster.org.) 000 - 001 - 002 - GB, 003 - US, 004 - US, 005 - 006 - US, 007 - US, 008 - US, 009 - US,GB, 010 - "PRIVATE" (see below) 011 - US, 012 - US,CA, 013 - US, 014 - 015 - GB,DE,FR, 016 - US, 017 - US, 018 - US, 019 - US,FR, 020 - US, 021 - US, 022 - US, 023 - GB, 024 - US,CA, 025 - GB,

026 - US, 027 - 028 - US, 029 - US, 030 - US, 031 - 032 - GB,DE,FR, 033 - US, 034 - US, 035 - US, 036 - 037 - 038 - US, 039 - 040 - US, 041 - CA, 042 - 043 - 044 - US, 045 - US, 046 - 047 - CA, 048 - US, 049 - 050 - 051 - GB, 052 - US, 053 - DE, 054 - US, 055 - US, 056 - US, 057 - FR, 058 - JP,CN,KR, 059 - JP,CN,KR, 060 - US,JP,CN,KR, 061 - JP,CN,FR,KR, 062 - US,GB,CN,DE,FR,CA, 063 - US,CA,KR, 064 - US,GB,JP,CA, 065 - US,CA, 066 - US,CA, 067 - US,GB,CA, 068 - US,CA, 069 - US,CA, 070 - US,CA,

071 - US,CA, 072 - US,CA, 073 - US, 074 - US,CA, 075 - US,CA, 076 - US,CA, 077 - US,GB,DE,FR, 078 - US,GB,DE,FR, 079 - US,GB,DE,FR, 080 - US,GB,CN,DE,FR,CA,KR, 081 - US,GB,JP,DE,FR, 082 - US,GB,JP,DE,FR,CA, 083 - US,GB,DE,FR, 084 - US,GB,DE,FR,CA, 085 - US,GB,CN,DE,FR, 086 - GB,DE,FR, 087 - US,GB,JP,DE,FR,KR, 088 - US,GB,DE,FR, 089 - US,GB,DE,FR, 090 - GB,DE,FR, 091 - US,GB,JP,CN,DE,FR,KR, 092 - GB,DE,FR, 093 - FR, 094 - FR, 095 - DE, 096 - US,CA, 097 - US, 098 - US, 099 - US,CA, 100 - 101 - 102 - 103 - 104 - 105 - 106 - 107 - 108 - 109 - 110 - 111 - 112 - FR, 113 - 114 - 115 -

116 - JP,CN,KR, 117 - JP,CN,KR, 118 - JP,CN,KR, 119 - JP,CN,KR, 120 - 121 - JP,CN,DE,FR,KR, 122 - JP,CN,KR, 123 - JP,CN,KR, 124 - JP,CN,FR,KR, 125 - JP,CN,KR, 126 - JP, 127 - 128 - US,GB,DE,FR,CA,KR, 129 - US,GB,JP,DE,FR,CA,KR, 130 - US,GB,JP,DE,FR,CA, 131 - US,GB,JP,DE,FR,CA, 132 - US,GB,JP,DE,FR,CA, 133 - JP, 134 - US,GB,JP,CN,DE,FR,CA,KR, 135 - US,GB,DE,CA, 136 - US,GB,JP,DE,CA, 137 - US,GB,JP,DE,FR,CA,KR, 138 - US,GB,JP,DE,FR,CA, 139 - US,GB,JP,DE,FR,CA, 140 - US,GB,JP,DE,FR,CA, 141 - US,GB,JP,DE,FR,CA,KR, 142 - US,CA, 143 - US,GB,JP,DE,FR,KR, 144 - US,GB,JP,DE,FR,CA, 145 - US,GB,DE,FR, 146 - US,GB,JP,DE,FR,CA, 147 - US,GB,JP,CN,DE,FR,KR, 148 - US,GB,JP,DE,FR,CA, 149 - US,GB,DE,FR,CA, 150 - US,GB,JP,DE,FR,KR, 151 - US,GB,JP,DE, 152 - US,GB,DE,FR,KR, 153 - US,DE, 154 - US,GB,JP,CA,KR, 155 - US,GB,JP,DE,FR,CA,KR, 156 - US,GB,DE,FR,CA,KR, 157 - US,GB,JP,DE,FR,CA,KR, 158 - US,GB,JP,DE,FR,CA,KR, 159 - US,GB,JP,CN,DE,FR,CA, 160 - US,GB,JP,DE,FR,CA,

161 - US,GB,JP,CN,DE,FR,CA,KR, 162 - US,GB,JP,CN,FR,CA, 163 - US,GB,JP,DE,FR,CA,KR, 164 - US,GB,JP,DE,FR,CA,KR, 165 - US,JP,CA,KR, 166 - US,GB,JP,CN,KR, 167 - US,GB,JP,CN,CA, 168 - US,JP,CN,CA,KR, 169 - US,GB,KR, 170 - US,CA, 171 - US,GB,DE,FR, 172 - US, (172.16.*.* - 172.31.*.* is 'private'. See below.) 173 - 174 - 175 - 176 - 177 - 178 - 179 - 180 - 181 - 182 - 183 - 184 - 185 - 186 - 187 - 188 - DE, 189 - 190 - 191 - 192 - US,GB,JP,CN,DE,FR,CA,KR, (192.168.*.* is 'private'. See below.) 193 - US,GB,CN,DE,FR,CA, 194 - US,GB,JP,CN,DE,FR,CA,KR, 195 - US,GB,CN,DE,FR,CA, 196 - US,DE, 197 - 198 - US,GB,JP,CN,DE,CA, 199 - US,GB,JP,DE,FR,CA, 200 - US,

201 - 202 - US,JP,CN,KR, 203 - US,GB,JP,CN,KR, 204 - US,GB,JP,DE,FR,CA, 205 - US,GB,CA, 206 - US,JP,CA,KR, 207 - US,GB,CA, 208 - US,GB,CA, 209 - US,CA, 210 - US,JP,CN,KR, 211 - JP,CN,DE,KR, 212 - US,GB,JP,CN,DE,FR,CA,KR, 213 - US,GB,DE,FR,CA, 214 - US, 215 - US, 216 - US,JP,CA, 217 - US,GB,JP,CN,DE,FR,CA, 218 - JP,CN,KR, 219 - JP,CN,KR, 220 - JP,CN,KR, 221 - JP,CN,KR, 222 - JP,CN,KR, 223 - 224 - 225 - 226 - 227 - 228 - 229 - 230 - 231 - 232 - 233 - 234 - 235 - 236 - 237 - 238 - 239 - 240 -

241 - 242 - 243 - 244 - 245 - 246 - 247 - 248 - 249 - 250 - 251 - 252 - 253 - 254 - 255 -

White-list or Black-list ? (or both ? ) The list above is oriented toward specifying IP address ranges from which I expect to DENY mail. According to the ipmaster.org data, I would have to 'refine' the denial-ranges into many thousands (tens of thousands?) of tiny slices, to avoid squelching mail from desired sites/countries. So ... I plan to also collect ranges of addresses to accomodate various ISPs and companies from which I would expect to ALLOW mail. ??? to ??? - gmail ??? to ??? - cox ??? to ??? - road-runner ??? to ??? - AOL ??? to ??? - Schwab ??? to ??? - Amazon.com ??? to ??? - eBay ??? to ??? - ??? to ??? - No doubt I would have to 'widen' or 'add to' these allowance-ranges to avoid squelching mail from desired sites --- especially whenever they added an outgoing mail server whose IP address lay outside the ranges from which I was accepting mail. It is beginning to look like the best way to go would be to consider mail 'guilty until proven innocent' --- that is, to send mail to a 'suspected-spam' folder, UNLESS the 'first' 'Receive from' IP address (usually the 'bottom-most' IP address in the list of mail header lines) is in a "white-list" of addresses/ranges. I.e. it may be better to use a "white-list" than a "black-list", for my purposes. In any case, I would NOT use filters based on the IP-addresses/ranges to IMMEDIATELY DELETE incoming emails. I would automatically route mail from certain ranges of IP addresses to a probable-spam folder, which I would scan occasionally to see if any desirable mail was directed there.

'PRIVATE' IP address ranges 10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 are defined by RFC 1918. (RFC is an Internet organization Request For Comment --- which often becomes a rule or protocol.) As explained at this FAQ (at tech-faq.com), 'private' IP addresses are special, because they can be utilized over and over again on different networks. For example, two different companies can have 192.168.*.* networks at the same time. All home networks, 'behind' a router, use IP addresses in this range --- 192.168-prefixed addresses. The home router is typically 198.168.0.1, with addresses of the form 198.168.0.* for the PC(s) in the home. Private IP address ranges are considered non-routable. That is to say, private IP addresses cannot communicate on the Internet. Those addresses are used on company 'intranets' --- and Network Address Translation (NAT) is used to handle external connections, like routing of email.

Bottom of page on blog topic Spam -- Looking for an Email Client capable of Filtering on 'first' 'Received from' IP Address. To return to a previously visited web page location, click on the Back button of your web browser, a sufficient number of times. OR, use the History-list option of your web browser. OR ... < Go to Top of Page, above. > < Go to Blog menu. > < Go to Home page. > Or you can scroll up, to the top of this page. This page was created 2008 Feb 24. Text added 2009 Aug 07. Added page-breaks for better printing 2009 Aug 11. Minor format changes 2013 Apr 18.