Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Delete spam by IP address in Mail.app Apps
Here's an easy method to remove email based on the IP address of the sender in Mail.app.

Every time I receive a spam email I add its email address to a list of rules in Mail to move it directly to trash. The length of this list has grown over time and I now have more than one ever-growing list. After a while I noticed that, although the sender addresses were different, the IP address in a lot of cases stayed the same. I looked at the rules in the Mail prefs, but there is no obvious rule for filtering by IP address.

However, it can be achieved using the rules, with a little tweak.

Firstly, it might be a good idea to create a new Mailbox and call it something like 'Review Spam.'

Next, identify the sender's IP address from the spam messages. If you don't know how to do this, here's a rough guide:

Select a spam message and select View » Message » Long Headers -- the header section in the message will expand. In the header you should see several 'Received' headings with aome text next to them and an IP address.

The text and IP in the first 'Received' heading is likely your own Mail server -- you don't want to add this to the rule otherwise the rule will act on all your incoming mail from that server. This can be a bit tricky if you don't know what you're looking for, but if you analyse the spam messages against legitimate messages you should be able to find the offending IP address, eventually.

To create the rule that does the filtering:
  • Select the 'Rules' tab in the preferences for the Mail.app.
  • Create a new rule by clicking 'Add Rule.'
  • Make sure 'Any' is selected in the conditions list, then in the 'Recipient' list, scroll down and select 'Edit Header List.'In the resulting window, click the button with the + symbol to create a new list item and type 'Received' in the field.
  • Close the window and select the 'Recipient' list again; you should see a new item near the top of the list called 'Received.'
  • Select that item and make sure 'Contains' is selected the corresponding list. Enter the sender's IP address into the text field next to the 'Contains' list.
  • In the actions section, select 'Move Message' and then select the 'Review Spam' mailbox (Or trash, if you're feeling brave and trusting) in the mailbox list.
  • Click 'Ok' and then 'Apply.'

[crarko adds: I haven't tested this one. You can check some non-spam messages for the IP address in the header and the one they all have in common should be the address of your mail server for the given account, so you know not to filter it.]
    •    
  • Currently 3.29 / 5
  You rated: 4 / 5 (7 votes cast)
 
[12,751 views]  

Delete spam by IP address in Mail.app | 12 comments | Create New Account
Click here to return to the 'Delete spam by IP address in Mail.app' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Delete spam by IP address in Mail.app
Authored by: hamarkus on Mar 04, '11 07:47:45AM

I already did this in Mail five years ago. It definitely works against some kind of spam (those who are too stupid to change their IP address).



[ Reply to This | # ]
Delete spam by IP address in Mail.app
Authored by: afingal on Mar 04, '11 12:02:16PM

In theory, the spam filter in Mail should take this into account. If you teach it by marking enough messages correctly as "Junk" or "Not Junk," it should catch on that certain IP addresses are a factor in identifying spam. This seems a lot easier than looking through all the headers yourself.



[ Reply to This | # ]
Delete spam by IP address in Mail.app
Authored by: david-bo on Mar 05, '11 08:19:08AM

Useless hint. There are billions (and with IPv6 more or less an infinite number) of ip addresses. The fact that you received repeated spam from the same address is just coincidence. As soon as that computer is removed/blocked from the net (or fixed), your filter won't work.

---
link



[ Reply to This | # ]
Delete spam by IP address in Mail.app
Authored by: stewarsh on Mar 05, '11 08:52:40AM

If you use MobleMe mail I'd also recommend taht you send the SPAM to Apple so it can be incorporated into their own filtering. Simply select one or more messages and goto Message -> Forward as Attachment and send them all to spam@me.com from your MobileMe account.



[ Reply to This | # ]
Delete spam by IP address in Mail.app
Authored by: soundsgoodtome on Mar 05, '11 07:32:59PM

tedious. or, you could install spamsieve and call it a day. (I'm not affiliated.)



[ Reply to This | # ]
Delete spam by IP address in Mail.app
Authored by: pderby on Mar 08, '11 05:04:56AM

I've found the best way for me to deal with spam is to have the spam emails captured before they are sent from my mail server to my computer.

Similar to the me.com mail suggestion made above, if you use Google Mail, all your email is filtered through their "Postini" spam service. So if you put Google Mail in the middle, postini will filter out most of the spam. One way to do this is to have your "regular" email server forward all your email to a Google email account. Then set up your mac to retrieve your email from that account. Set your email address in MAIL to your "regular" email address so that is what people see for the reply-to when you send email.

If you have control of your own email server, then subscribe to Postini's services and make Postini your MX record. All your email will go to Postini and what isn't Spam will then be sent to your "regular" email server for you to look at and deal with. That's what I do. The basic postini subscription is cheap.

These suggestions are for those that care to go a little deeper and are able to control their email.

I would LOVE to see people start using x.509 certificates to sign their emails. MAIL, Thunderbird and Outlook all support x.509 certificates. Comodo offers a free certificate that you can get in just a few minutes. Just search for "comodo free email certificate" and read about how this improves authentication of email.

Thinking to the future, if everyone used an email certificate, then it would be easy to have either a computer or an email server refuse all unsigned emails. That would sure stop a LOT of SPAM! If someone signs their email, you have the option to send them encrypted replies. There is even an iPhone app, SMIMEReader, that allows you to read and reply to encrypted email....





[ Reply to This | # ]
Delete spam by IP address in Mail.app
Authored by: feold3 on Mar 08, '11 05:19:55AM

A new "Received" header is added by each mail server that handles the message on its way from sender to recipient, with each new on inserted above the previous one. Therefore the bottom-most Received header shows what IP address the first mail server in the chain received the message from. Normally that IP address is the one on which you want to filter. Unfortunately, "Received" headers can be and often are spoofed in spam e-mail. Also unfortunately, most spam these days is distribute from botnets typically comprised of thousands of hijacked PCs all over the world, so you can receive the exact same message from any one of thousands of IP addresses. Trying to block spam by filtering on the originating IP address is as futile as trying to block it by filtering on the sender's e-mail address, which is always spoofed in spam. It might make you feel like you're doing something about the problem, but making you feel good is all it accomplishes.



[ Reply to This | # ]
Delete spam by IP address in Mail.app
Authored by: KenS on Mar 08, '11 07:18:50AM

While it's true that many spammers will spoof or forge IP addresses, I have found that many-- especially in foreign countries, and some domestic-- will originate spam from the same range of IP addresses.

An easy way to check is to open the Terminal, enter the command whois followed by a space and the IP address in question. Often this will reveal the originating IP provider along with the block of IP addresses assigned to that provider, and the country of origin. Since I know no one in Belarus, I simply ban the entire block of addresses.



[ Reply to This | # ]
SpamCop & MobileMe
Authored by: derekcurrie on Mar 09, '11 11:37:16AM

I very rarely get spam. Here is how:

1) I submit all my spam to SpamCop at:
http://www.spamcop.net/

It is a free service, but I have been a financial supporter since it started in 1998. The paid version is extremely inexpensive, particularly when considering the results. I receive so little spam that I am convinced that my consistent contributions to SpamCop have put me on a circulated 'Do Not Spam' list among the spamrats. The more spam submitted to SpamCop, IMHO, the less spam all of us would receive. This is thanks to them providing a carefully verified FREE blacklist of known spammers to the world.

There have been criticisms in the past of false positives due to SpamCop, but I seriously doubt this is possible at this point of time after their implementation of stringent verification. Meanwhile, I have repeatedly heard from the spamrat underground their contempt for SpamCop due to its effectiveness.

2) I use MobileMe's email. This is the specific email address where I rarely receive email. Whereas, I receive a lot of spam via my GMail address, one that I very rarely use and never publish anywhere. I have to applaud Apple's spam filtering.



[ Reply to This | # ]
SpamCop & MobileMe
Authored by: asmeurer on Mar 17, '11 09:03:43PM

In my experience, Gmail has an excellent spam filter. It catches about 99.9% of my spam. Mail catches about half of what gets through, and the rest gets through and I have to mark it as spam manually. And false positives virtually never happen.



[ Reply to This | # ]
Delete spam by IP address in Mail.app
Authored by: fferitt25 on Mar 12, '11 05:38:08PM

Seems like a lot of exrtra work to filter out a new message every time.

I agree if you use the junk / not junk toggles - Mail learns over time.

Also - it's much easier to click a button to remove the offending eMail than to manually create a new filter every time.

Unless you set up a Script to do it - which in turn simply seems like overkill.

Finally - why are you bothering to pour through your Spam List anyway ?

I've had my current computer for 5 years now - set up Mail and left it alone except for a few tweaks over the years for different OSes or Address updates.

I've never bothered to look at my Spam / Block List.

Maybe if I ever accidentally blocked a friend or something - but if someone I know sends a message and it is detected as Spam by Mail - it typically is flagged as such - the text is colored some funky light brown - and it either lands in the Inbox or the Spam Folder and there is an indicator of new mail either way.

If I realize the error I click on it and mark it as not spam - done.



[ Reply to This | # ]
Delete spam by IP address in Mail.app
Authored by: mvmaastricht on Jul 04, '11 04:53:43AM

Thanks to this tip I was able to make a rule to filter and trash received mail using the "Delivered-to" label, because this was the only field that distinguished some emails with similar emails that I do want to keep.



[ Reply to This | # ]