Hughesnet Community

How to Filter Spam Email

cancel
Showing results for 
Search instead for 
Did you mean: 
Hal
Alum

How to Filter Spam Email

This guide will show you how to set a Spam filter for HughesNet email to automatically block messages from your inbox and move them to your spam folder. 

Go to Supportcenter.myhughesnet.com. At the top of the web page please click on My Email. This will bring you to the inbox of your email. 

 

 

Step 1) Find an email you want to mark as spam for the future. Em1.PNG

 

 

Step 2) Create a new filter for spam by right clicking on an email.

 

Em2.PNG

 

 

Step 3) Customize the new spam filter.

 

em3.PNG

 

 

Step 4) Select the action you want to perform for spam emails. You can either set it so the spam email gets automatically moved to the spam folder or you could make it, so the spam email is just discarded instead, this is a personal preference.

 

Em4.PNG

 

 

Step 5) Select the folder you want the spam email to be moved into (preferably spam).

 

Em5.PNG

 

 

Step 6) Once you have the filter set up for spam messages, you can easily add new email sender's to the spam filter. 

           - Open an email from your inbox and right click on the senders name (where it says from).

 

Em6.PNG

 

 

 

Step 7) To customize what you are filtering. You can click the plus or minus button to customize what you are filtering into the spam folder.

 

Em7.PNG

 

 

 

 

8 REPLIES 8
MarkJFine
Professor

This would help filter some spam that uses repeat email addresses and keywords in subject lines. However many spammers have gone past that.

 

If possible, should be another thing to filter on: server. Alternatively, have it checked against spamhaus.org or another block list. This would automatically check and eliminate anything that was HELO'd from known spamhauses.

 

Would also recommend adding Apache Spamassassin options which look for specific characteristics in spam, such as sketchy embedded links and the use of open relays.

 

Edit: Am looking at using an API to AbuseIPDB in my own spam checker instead of the mini-DNS file that I use.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.

Here's an example from just yesterday's spam catcher log in the format [DTG] From [IP, host, Spamassassin flags] Subject. Notice the common Spamassissin flags N (RDNS-NONE) and F (FREEMAIL_FORGED_REPLYTO).


All the stuff from ColoCrossing:
[Thu Jul 26 10:03:45 2018 GMT] "Jan" <kewiont@batteryspec.com> [107.174.81.104, colocrossing.com, xxxxxxxxNFx], Subject: your website photos
[Thu Jul 26 10:19:56 2018 GMT] "Jan" <doselanit@supercoloring.com> [107.174.81.104, colocrossing.com, xxxxxxxxNFx], Subject: photos for your company
[Thu Jul 26 11:05:10 2018 GMT] "Jan" <doselanit@supercoloring.com> [107.174.81.104, colocrossing.com, xxxxxxxxNFx], Subject: your photos

 

All the stuff from Powerup Hosting:
[Thu Jul 26 09:18:13 2018 GMT] TerminixPestControl <terminixpestcontrol@consultoriaifrs.com> [199.212.86.68, poweruphosting.com, xxxxxxxxNxx], Subject: Live Tinnitus Free?
[Thu Jul 26 11:22:55 2018 GMT] "Protect Your Home" <protect.your.home@meramhaber.net> [199.212.86.64, poweruphosting.com, xxxxxxxxNxx], Subject: Did you know that burglaries increase in the summer?  Help protect your home
[Thu Jul 26 12:21:41 2018 GMT] "Loan Offers" <loan-offers@everytingwp.com> [103.210.214.129, poweruphosting.com, xxxxxxxxNxx], Subject: Get quick Approval for Quick Cash!
[Thu Jul 26 16:27:43 2018 GMT] Anna <anna@christian-serratos.net> [199.212.86.62, poweruphosting.com, xxxxxxxxNxx], Subject: Meet Beautiful, Adoring Russian Women Today
[Thu Jul 26 17:19:18 2018 GMT] "Easy Canvas Prints" <easy-canvas-prints@coachxfactory.com> [199.212.86.71, poweruphosting.com, xxxxxxxxNxx], Subject: Add to Your Gallery Wall | 85% Off Canvas Prints

 

All the stuff from various Chinese carriers (these are the worst, btw):
[Thu Jul 26 03:15:58 2018 GMT] 郜先生 <gcr@aihf.com> [112.10.165.78, chinamobile.com, xxxxxxxxNxx], Subject: 运用采购谈判的降龙十九掌;郜先生
[Thu Jul 26 07:21:33 2018 GMT] zhangyshang@126.com [125.122.169.106, ns.chinanet.cn.net, xxxxxxxxNxx], Subject: 代开-发票15921268052张
[Thu Jul 26 08:27:50 2018 GMT] 周夏蘩  <shxhgl@163.com> [121.227.49.146, ns.chinanet.cn.net, xxxxxxxxNxx], Subject: 企业批准其离职
[Thu Jul 26 18:41:27 2018 GMT] 计主任 <ned@tvuvbg.com> [223.114.87.34, chinamobile.com, xxxxxxxxNxx], Subject: 销售精英2天强化训练2018xoqcv
[Thu Jul 26 19:25:12 2018 GMT] "wnsgtbk" <ocg@baidu.com> [114.229.172.127, ns.chinanet.cn.net, xxxxxxxxNxx], Subject: webmaster:销售业绩该如何抓?
[Thu Jul 26 21:17:36 2018 GMT] Jane <guanniao822411@126.com> [112.85.200.143, chinaunicom.cn, xxxxxxxxNxx], Subject: RE: Professional Silver fabric factory

 

Incidentally, those people advertising photo and video work are fake... I see them all over the place, not just ColoCrossing.

 

There's a whole slew that come from various tiny latin american hosts in Brazil, Argentina that I've left out of this.

 

In most instances these are coming from the email servers of hacked websites or even whole webservers, and even people's hacked phones, acting as open relays for malicious spam that is designed to create even more open relays and validate people's email addresses.

 

As I've said, the From and Subject will change invariably just to spoof simple filtering techniques on those fields. Filtering on server and/or just using Spam Assassin to characterize the spam is a lot more effective.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.

Here's another good example of how spammers use common email addresses to spoof address filtering techniques:

[Sun Jul 29 09:36:30 2018 GMT] "Google <no-reply@accounts.google.com>" <no-reply@accounts.google.com> [190.219.240.239, cableonda.net, xxxxxxxDNxx], Subject: Iastra Movie Weekend
[Sun Jul 29 14:48:12 2018 GMT] "LinkedIn Messaging" <<messaging-digest-noreply@linkedin.com>> [190.219.240.239, cableonda.net, xxxxxxxDNxx], Subject: Iastra Movie Weekend
[Sun Jul 29 16:53:24 2018 GMT] "Google <no-reply@accounts.google.com>" <no-reply@accounts.google.com> [190.219.240.239, cableonda.net, xxxxxxxDNxx], Subject: Iastra Movie Weekend
[Sun Jul 29 18:39:06 2018 GMT] "LinkedIn Messaging" <<messaging-digest-noreply@linkedin.com>> [190.219.240.239, cableonda.net, xxxxxxxDNxx], Subject: Iastra Movie Weekend

Some company called iAstra (I think it's a Netflix-wannabe) has been sending spam through a Cable Onda server in Panama using common (faked) Google and LinkedIn addresses.

 

The Spam Assasin flag N is RDNS_NONE as before, but the D signifies HELO_DYNAMIC_IPADDR - The mail was HELO'd using a suspicious hostname that doesn't match the actual IP or anything under Cable Onda.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
1rt
New Poster

Be great if it's worked this way....seriously, even yahoo has kept up with the new ways of spam. Just admit it Hughes net, way behind the times and don't care

@1rt

Way to add to what was supposed to be a helpful suggestion with an unhelpful, sardonic comment.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
maratsade
Distinguished Professor IV

"Step 4) Select the action you want to perform for spam emails. You can either set it so the spam email gets automatically moved to the spam folder or you could make it, so the spam email is just discarded instead, this is a personal preference."

 

Until the technology exists to bounce the spam email back to the sender and electrocute him, I'm going with discard. 


@maratsade wrote:

Until the technology exists to bounce the spam email back to the sender and electrocute him, I'm going with discard. 


Lol. My min-DNS originally included an abuse email to auto-send the spam to. After seeing what manually sending does to some infected mail servers, I quickly decided against it. I'm not into exponentially increasing the load.


* Disclaimer: I am a HughesNet customer and not a HughesNet employee. All of my comments are my own and do not necessarily represent HughesNet in any way.
GabeU
Distinguished Professor IV


@maratsade wrote: 

Until the technology exists to bounce the spam email back to the sender and electrocute him, I'm going with discard. 


I think that's an option all of us would LOVE to see.  Heck, people would sign up with HughesNet just because they could do that!  LOL.    

 

That African diplomat's nephew who's trying to give everyone a cut of his money just for a little help in moving it would be getting thousands upon thousands of zaps each day!  😛