Filtering faked email messages
Reader Paul Lomauro is receiving email that he’d rather not. He writes:
I am getting unsolicited mail from a source that has blank sender email address. How do I set up a new Mail rule on my iMac to totally block it or send this type of email to the trash?
I’m going to expand this one a bit to tell you how to filter any message that may have missing or faked information. When you select a message in Mail you see some of the message’s header information including the contents of the From, To, Subject, Attachment, and Body fields. There are times when some of this information is missing—when someone forgets to enter a subject heading, for example. And, of course, spammers and other digital ne’er-do-wells routinely fake some of this stuff. That makes it difficult to filter email when using only the entries that appears here because that information may not be accurate or the filter is too broad.
However, if you dig into the message’s full headers, you can find far more accurate information, which you can then use to filter messages. Here’s how to go about it.
In Mail select one of the messages that you’d like to filter and choose View -> Message -> All Headers. The top of the message will now contain a load of text including entries for things like Delivered-To, Received, and Return-Path. This is the data you want to mine in order to find something that specifically identifies this particular kind of message. For example, take a look at the Return-Path entry. If each of these messages has a return path that includes firstname.lastname@example.org, you’ve found the nugget that will allow you to filter out these messages.
To do that, choose Mail -> Preferences -> Rules. In the Inbox Rules tab click Add Rule. In the resulting sheet, name your rule (Filthy Spammer sounds good to me), and click on the first pop-up menu in the If area. Select Edit Header List from the menu. In the Message Headers window that appears click on the Plus (+) button. In the resulting blank field enter Return-Path and click OK. Click on that same pop-up menu and you’ll see that Return-Path now appears near the top of the list of items. Select it and enter email@example.com in the field to the right if it hasn’t automatically been filled in. In the Perform The Following Actions area of the rule select Delete Message. Click OK to complete the rule.
Mail will now look for any incoming message that contains firstname.lastname@example.org in the Return-Path header and delete it.