SPAM filter prob

[^dAvEy^]

Greetings - some warez company keeps spamming me and I don't know how to filter it out other than by some hit and miss subject line key words, but I'd rather not go that route because I might inadvertently filter out non-spam mail as well.

Rather, I'd like to target my filtering elsewhere, but since the FROM line always changes, I'm looking at some of this header info for answers. Unfortunately, I don't know what if any of this info might help me create an effective filter.
Thanks in advance for suggestions:
-----------------------------------------------------------------------------------------
X-Auth-No:
Return-Path: <[email protected]>
Received: from 85-64-61-106.barak-online.net not authenticated [85.64.61.106]
by smtp-send.xxxxxxxxx.com with NetMail SMTP Agent $Revision: 1.5 $ on Linux;
Sat, 16 Jul 2005 07:38:08 -0600
Message-ID: <[email protected]>
From: Vanessa J. Smith <[email protected]>
To: [email protected]
Subject: =?iso-8859-1?B?QWRvYmUgUGhvdG9zaG9wIDguMCAtIDc1JSBPRkY=?=
Date: Sat, 16 Jul 2005 13:16:26 +0000
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_0000_A338BE57.FB607A04"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express V6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
-----------------------------------------------------------------------------------------

[SpywareDr]

Personally, I'd start by blocking everything containing "barak.net.il", "barak-online.net" and "absolutemotion.com".

The "abuse" email address for both of the above "barak" domains is "[email protected]".

[^dAvEy^]

Thanks for that, SpywareDr.
1 - I'll give those a go.
2 - As for contacting the "barak" domain abuse email, what might a typical message say, particularly? Something like this? And what would I substitute for the ???? below?:

I've been receiving unsolicited email from ???? and wish to stop doing so.


3 - Also, I have a new one this morning.
Here's the header info - see any consistencies with the first one?

-----------------------------------------------------------------------------------------
X-Auth-No:
Return-Path: <[email protected]>
Received: from armailhac.com not authenticated [200.191.137.77]
by smtp-send.xxxxxxxxx.com with NetMail SMTP Agent $Revision: 1.5 $ on Linux;
Sun, 17 Jul 2005 06:55:21 -0600
Received: from 209.145.89.18
(SquirrelMail authenticated user [email protected]);
by armailhac.com with HTTP id J87Gz039623238;
Sun, 17 Jul 2005 12:54:41 +0000
Message-Id: <[email protected]>
Date: Sun, 17 Jul 2005 12:54:41 +0000
Subject: Save your money buy getting this thing here
From: "Reggie Rosales" <[email protected]>
To: [email protected]
User-Agent: SquirrelMail/1.4.3a
X-Mailer: SquirrelMail/1.4.3a
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
-----------------------------------------------------------------------------------------
Thanks again!

[^dAvEy^]

crap!
Usually just one/day but just got another:
-----------------------------------------------------------------------------------------
X-Auth-No:
Return-Path: <[email protected]>
Received: from gobiernofederal.com not authenticated [211.244.240.29]
by smtp-send.xxxxxx.com with NetMail SMTP Agent $Revision: 1.5 $ on Linux;
Sun, 17 Jul 2005 09:44:30 -0600
Received: from pcmail.com.tw (pcmail-com-tw-bk.mr.outblaze.com [203.86.166.16])
by gobiernofederal.com (Postfix) with ESMTP id 8490B9A572
for <[email protected]>; Sun, 17 Jul 2005 05:42:20 -0500
From: "Ramada C. Derringer" <[email protected]>
To: xxxxxxx <[email protected]>
Subject: The Ultimate pharmacy
Date: Sun, 17 Jul 2005 05:42:20 -0500
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0024_E3387EEA.FE40C0CA"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4510
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2479.0006
X-AntiVirus: skaner antywirusowy poczty Wirtualnej Polski S. A.
-----------------------------------------------------------------------------------------

[SpywareDr]

Usually just one/day but just got another:

That's it, just one per day? Consider yourself lucky. I believe the average for SPAM is up to somewhere between 80 and 90 percent. (<grrr...>)

And, instead of trying to figure out exactly where it came from, what to block and then how to get it setup, it's much easier to simply delete it.

The only time I block something is if I happen to notice a recurring instance of something peculiar. For example, since I don't know anyone in Japan or Taiwan I block all email from ".jp" and ".tw". And if I notice that more than say 3 or 4 SPAM messages are coming in from a particular email address, I'll block it too.

Normally though, after the email comes in, I'll simply highlight all the ones I know I don't want to see and hit [Del]. (Then I temporarily go 'offline' to view the rest).

Now that I think about it, if I don't recognize something in the email address or subject, it simply gets deleted.

[^dAvEy^]

"That's it, just one per day? Consider yourself lucky."

haha...context is so important for communication!
Notice, however, I didn't ever say that I was swamped with SPAM...on the contrary, I have a list of filters that have kept most of my email addresses lean to nil for SPAM...so, from THAT context, you can see why this one little bugger <can you say bugger??> has my goat!
Indeed...I should maybe see someone about why it bugs me so much to delete 1 to 2 unsolicited emails/day, because ti REALLY BUGS ME!

Thanks for taking a look, SpywareDr.

[SpywareDr]

You're welcome.

Try adding the following list to your "block all email containing the following" (or similar):

200.191.137
203.86.166
209.145.89
211.244.240
85.64.61
absolutemotion.com
acessonet.com.br
armailhac.com
barak-online.net
barak.net.il
click21.com.br
cstone.net
embratel.net.br
ntelos.com
pcmail.com.tw