Alistair Maclean's Web Site
Spam Blocking in OE
Back

You may know this already but while chugging through some menus I found an interesting feature of Microsoft Outlook Express to help block spam email.

The problem is this: email from spammers has hideous FROM addresses that can be changed at the drop of a hat. I needed a way to block the domain, the bit of the email address that doesn't change too much.

An example sender email address might be : Qi4yNDkuNDc3MjI5@list01.speedi-list.com

Blocking this sender is tough, the bit you need and want to block is the speedi-list.com part.

Blocking senders

The first step in Microsoft Outlook Express is to block a sender. To do this highlight the email, then from the menu bar at the top of the window select "Message" and then on that menu the "Block Sender..." option this will bring up a dialog box like the one below.

Blocking a sender

Clicking the "Yes" button sends this email to the deleted folder, it also puts the senders email address on a list of -essentially- offenders.

Modifying the Blocked Sender List

Because the sender address is easily changed the evil ones just make one minor change and you get to do this blocking for evermore. The way round this gets us pretty much to where we want to be...

From the "Tools" menu on the top menu bar, select "Message Rules" then select "Blocked Senders List..." and get a dialog like that below:

Blocked Sender List

The first time you do this you will probably have lots of entries to work through but it's worth it. After the initial effort, it only takes a few seconds to edit a new block.

Make sure that in the Message Rules Dialog you are on the Block Senders tab.

Select an entry on the Blocked Senders List (highlight it) then select "Modify..." from the buttons at the right. This brings up a dialog like...

Modifying a block

Edit the entry removing anything from the "@" symbol to the left. You can also remove the server definition from some email addresses.

Blocking a sender

Click the OK button. Sometimes you have already zapped this domain name so you get an error message. You can ignore the error message. If you don't replace the item, you can return to the main dialog, reselect the entry and use the "Remove" button.

Blocking a sender

In the examples I have shown here I have removed a spam email that purports to be from CompUSA, now it sends all email from chtah.com to the deleted items folder.

This feature works in Microsoft Outlook Express 5 through 6.

Warning

You can get a little overzealous with this. Some spam is generated by people that have email accounts on the big email vendors (yahoo, msn, aol, Juno, etc). Blocking the initial email (say, spamscum@aol.com) is fine, but if you now modify this to be just the domain name (ie, aol.com) then any of your friends on that domain will be instantly tossed in the trash. If you do this, edit the senders list again and click the remove button. The next time you get an email from the spammer just re-block it and go no further.

Limits

While it is hard to say for definite if there are real limits to the number of blocked addresses you can have, Microsoft coded in a 3 digit counter to the registry entry for each block entry. This 3 digit number is in Hexadecimal, so leading to a suspicion of a 4095 entry limit. I have my suspicion that this limit may be an illusion, but other issues come up before the limit is reached, namely that entry to the registry becomes very slow. In OE, as the Block Senders list exceeds 2000 entries, there is a noticeable slowdown in access time to the list. The registry can also inflate quite a bit as the list grows.

noHTML: another weapon

This is a third party product that I have recently tried with great success. It is not a spam blocker, it does not attempt to stop you getting spam, but it does stop the spam you get from notifying the sender that you have read the email. The product is called noHTML, it is an add-in to Outlook Express, I believe there are versions for other email readers too. It shows up as a toolbar button (a big red button) and converts all the HTML code that spammers send to you into (ascii) text. It may not be best suited to none roman based languages, but I guess for those of us that speak English or German that is not a problem. The software is shareware, costing about $20, and a trial version is available.

Along with blocking spam as much as you can, every so often you just have to look at an email to determine if it really is spam or a good email from Uncle Henry, that just happens to contain a lascivious joke. This product helps in that checking process by making the email safe to view.

Find out more about this at www.baxbex.com.

Text Only email in OE

As of Outlook Express 6 SP1 (and hotfixes), there is an option to read email only as text. This causes email with embedded HTML to be displayed without the tags that make it HTML, so it will not go jumping off to sordid locations, showing pictures that you're not expecting, etc. However, it is not easy to switch on and off, and so is a bit of a pain if you do get email that you have to see in the form the sender created it in.

To switch in and out of text mode,

select the Tools menu,
then Options.
On the dialog select the Read tab.
You should see the highlighted check box.
If you don't have this checkbox then you are probably not up to date with all your hotfixes for Outlook Express 6 SP1. Do not pass Start, Go to Windows Update!

Switching to text only email

Managing the Block Sender List

Screen of Block Sender list manager

I noticed that there is no means of managing the list of blocked names that Outlook Express holds. More to keep my finger in at coding than anything else I created an application that servers 2 purposes:

  1. Backup the current list
  2. Add new entries in bulk
There are several provisos with this application:

I have only run it in Windows 2000
It does not handle the newsreader blocks or rules

It absolutely requires the Microsoft .NET (v1.1) Framework (this is an extra download from Microsoft)

The BlockSenders Application

There is not much to this application. On starting it will either crash or it will display a screen similar to that above. If it crashes tell me about the problem. If it comes up it should display a list of domains in the left side window (These are your blocked sender list entries from the Registry). The right panel will be empty (unlike the above image).

The Save button

If you click the Save button you can save your blocked sender list to a text file. This allows you to backup the list incase OE goes bye-bye. I would recommend saving each Identity to a separate file. (WARNING! I don't append files, I simply over write them).

Block List Select button

Using the "Block List Select" button allows you to locate and read a text file with more domains for adding to the blocked senders list. Once you select to open this file, the application will attempt to read the entries and put them in the right hand pane. The list is sorted into alpha order (v3). If an entry is not already in your system, a CHECK mark will appear by the domain name to indicate it will be added to the registry. This does not yet save these entries to the registry, it just loads the file and checks for presence.

<< Apply button

Using the "Apply" button allows you to place the new list, only the checked items though, from the right pane into the registry. The left pane will be updated to indicate what has been added.

Find

(from v3)

Pressing Ctrl+F will bring up the find dialog box, enter text that represents something you want to find and press "Find". If anything is found the item will be highlighted. To find another item with the same text, press the F3 key.

Other Considerations

If you were running Outlook Express while using this application then it needs to be stopped and restarted to make use of the new entries.

Download

Version 3.1 (Mar 9, 2005)

The application is in a ZIP file that can be downloaded from here [blocksenders.exe.v3.1.zip].

Another zip file which can be downloaded from here [blocksenders.code.v3.1.zip], contains C# source code, project files for the SharpDevelop environment, project files for the Borland C#Builder environment, some documentation in Word format, and an example domain file.

You should be able to explode the application zip file into any directory, and run the application (blocksenders.exe) from there

Exploding the source code zip to a directory will allow you to see the code, but the project files may or may not work. The project files may contain absolute directory paths, you may need to re-assign some items.

This version adds better sorting and unsorting. There is also a fix for the lefthand scrollbar going off the bottom of the tab control.

Version 3 (Mar 2, 2005)

The application is in a ZIP file that can be downloaded from here [blocksenders.exe.v3.zip].

Another zip file which can be downloaded from here [blocksenders.code.v3.zip], contains C# source code, project files for the SharpDevelop environment, project files for the Borland C#Builder environment, some documentation in Word format, and an example domain file.

You should be able to explode the application zip file into any directory, and run the application (blocksenders.exe) from there

Exploding the source code zip to a directory will allow you to see the code, but the project files may or may not work. The project files may contain absolute directory paths, you may need to re-assign some items.

Version 2

This is an older version

The application is in a ZIP file that can be downloaded from here [blocksenders_v2.zip]. The Zip file contains the program, C# source code (and project files for the SharpDevelop environment), some documentation in Word format and an example domain file.

You should be able to explode the zip file into any directory, and run the application (blocksenders.exe) from there.

If you have bugs, problems or comments email me

There is no warranty with this software, it is what it is.

Changes in OE 6.0.2800.1106

As of Outlook Express 6.0 SP1, with updates (version 6.0.2800.1106 on Win2K) the Blocksenders program does not work. The reason behind this seems to be that Microsoft has quietly changed the way it uses the registry (or doesn't use the registry - more to the point.) In the past all the blocked email addresses were written to a specific place in the registry, this seems to have changed. Quite where the values are going is "under investigation!" I have a suspicion that the entries may still be going into the registry, but in multi-byte mode, making location a lot tougher. The new version does not use the registry key that is has for many years ( HKEY_CURRENT_USER\Identities\{Identity#}\Software\Microsoft\Outlook Express\5.0\Block Senders\ ) . So if you want to download the blocksenders program, feel free, but just at the moment it will not work with the latest versions of Outlook Express.

Updated 03/06/2005 with V3

Updated 03/09/2005 OE v6.0.2800 news, updated V3.1

Delete the Block Sender List

Lots of people have emailed me asking how they can delete the Block Senders list in Outlook Express, the reasons have been many (corruption, drastic clearance, getting back to some known state). Below is how I generally answer this question. A warning first though: Editing the Registry is a dangerous activity, there is no 'Undo', elimination of a registry hive, node, or key is a one time, permanent event - it is GONE! Wrongly deleted nodes or hives can corrupt the registry to the point windows will not run. The thing I describe here should only effect the Block Senders list, and hence some of the operation of Outlook Express, nothing else.

The Block Senders list that you see in Outlook Express under the "Tools | Message Rules | Block Senders List" menu is in fact stored in the Windows Registry. You generally cannot delete the registry files, try at your peril, success means trashing your system. The only way to adjust things in the registry is to edit the registry through one of two GUI tools (there are some command line tools too, but they are MUCH to difficult to use and may not have been installed on your system anyway.) regedit.exe and regedt32.exe are the editing programs. I generally prefer regedit.exe as I can access all the registry hives at once without having to change windows. The description should work equally well with regedt32.exe though.

Close Outlook Express

Open regedit.exe by using a command prompt or Start | Run and type in "regedit.exe"

You need to look for the HKEY_CURRENT_USER 'folder' (they are actually called 'nodes' but use the same folder icon as does Windows Explorer). In there find an 'Identities' node. In Identities there will be one or more really long numbers. Each number refers to an identity you have in Outlook Express. If you only have one then just open it. If you have more than one you just have to open each in turn and wander round trying to figure out which is which. At the Identity level is a key called Username, it should give you an idea as to which identity you are looking at.

There are lots of nodes to open now:

  • Software
  • Microsoft
  • Outlook Express
  • 5.0

At this point you should see one called Block Senders. Inside it will be nodes for "mail" and perhaps "rules."

The best policy is to delete the entire Block Senders hive, by selecting Block Senders, right clicking and selecting 'Delete' from the pop-up menu. There is no going back on this though. hit delete and it is GONE!

If you now exit regedit.exe and restart Outlook Express, then go to Tools | Message Rules | BlockSenders, you should see that you have an empty list.

Outlook Express will recreate the registry entries it needs when you add new Block Senders.

If you are using OE Version 6.0.2800 The instructions for resetting the registry will have no effect. This version does not use this registry key anymore.

Norton AntiSpam 2004: another tack

BIG ISSUE : AntiSpam install disables Norton's own AntiVirus software. This is DUMB! The way round seems to be to uninstall AntiVirus, then re-install AntiVirus (and get all those Megabytes of Live Updates, again. Dumb!!! Dumb!!! Dumb!!!) Symantec should be boiled alive for this mess.

From the makers of the Anti-Virus software comes an add-on to contain Spam. It works by grabbing the mail before it gets to your mail reader (Outlook Express, Outlook, Mozilla, Thunderbird [it does work with this product], or whatever), checking against your mail addresses and other entries in an allowed list, then prefixing the subject line of offending email with a message like "[Norton AntiSpam]". The mail reader can be given a rule (OE requires the rule, Thunderbird just seems to do it) that puts mail so labeled into a specific mailbox, other than your Input box (OE gets a "Norton AntiSpam Folder" as an input box).

So far the anti spam engine has been very good, missing only one or two spam emails (out of over 100 / day). In OE, by right clicking the Norton folder you can empty the folder to the deleted mail folder and clear the "New Mail" flag. You also have to look through the spam mail just to make sure that it is not junking stuff you want - it is in this process you start adding mail to your allowed list. This handles Spam MUCH better than anything in OE and is on a par with the Spam filters in Mozilla Thunderbird. It costs about $39, with paid annual support after the first year.

The AntiSpam software seems to be a little buggy yet. It consistently fails to get email messages down from the email server, which can only be accessed by manually deleting from the mail server. It has also got so messed up it would not log-on to my mail server, and required me to close and re-open (logoff/logon) my Win2K session.

Find out more about AntiSpam at www.symantec.com/antispam/.

Norton AntiSpam 2005: More pain

At least this version didn't disable Norton Antivirus, but that is one of the few good things that can be said of it. I have run AntiSpam 2005 for 8 months. It is now uninstalled. Problems included the inability to scan any mail; scanning mail from people on my address book, and its allowed list, as spam; blowing up and upsetting the TCP/IP stack so a log-off, log-on was required; slowing the machine at boot time considerably; becoming absurdly slow in assigning mail as spam when I did it manually. The crashes though were the most obnoxious events, and lead to it being uninstalled. Unfortunately, it had a neat pop-up blocker that worked very well and will be missed

Spam Fighter

Spamfighter is a Danish product that tries to block spam. It is a free download with a 30 day trial before you either pay for it ($30) or get a crippled version that has ads and tacks signatures onto your email to advertise that you have the product. The product installs readily, and works immediately after a restart of OE. It has limited controls, some tech talk about "whitelists" and "blacklists", but seems to work pretty much as advertised. Only time will tell if its blocking stands up to the torrents of spam we get nowadays.

With a few months under my belt with this tool, it seems pretty respectable at drilling the large bulk of spam I get. It still leaves some spam for me to examine, but on an average day with about 150 emails, it will leave me with about 20 to pass a quick eye over before clicking the spamfighter block button.

There have been occasions were their software upgrades haven't been progressive, and it has required waiting on the next fix, or alternatively hitting their website and getting the minor level updates. There have also been occasions where the servers they use to analyse the emails are a bit on the slow side, but of recent, they have increased the number and locations of servers.

It may not be the perfect solution but it has been a good solution. Highly recommended.

Check out their website at Spamfighter.com

Alternatives

Microsoft is making it pretty clear that they are not willing to really do much with Outlook Express, they seem to want us all move to that slug of an email reader called Outlook. Outlook works in a corporate setting if the corporation uses the Exchange mail server, but is far less happy in almost any other situation.

One thing I have been using as an alternative is the Mozilla Thunderbird mail reader. It has just come out in version 2.0 Beta. It looks much better than the older version, and the junk filters are every bit as good. On this client a typical day will present around 100 emails, the spam filter frequently gets every single piece of spam. It has not yet picked a real email as junk. Pretty impressive really.

Online email readers also offer some features that you might like, and the recent email wars between Google, Yahoo and others now mean that we get massive mailboxes. Their bulk mail and spam filters seem to work adequately, though they are also still letting some stuff through - how may Nigerian offers can there be before the spam filters get them all?


Firefox 3 Thunderbird

© Copyright A. Maclean 2002 - (updated 04/29/2006)
  A page index