Forum Discussion

johnptd's avatar
New Contributor II
6 years ago

SPAM Filtering

As many others here I too am experiencing an explosion in SPAM lately. They mostly follow a particular pattern in the subject beginning with 2 or 3 numbers followed by a dash and then followed by some nonsense phrase. I understand a new Anti-SPAM system will be initiated shortly by Cox. Hopefully it will resolve this mess. In the meantime, I am looking at setting up manual filters to try to alleviate this flood of SPAM. I noticed the new filters have some interesting options which seem to work well although trying to keep up with the mutations of these SPAM mails can be difficult.

I see there is an option to use Regular Expressions as a tool to search for key words or phrases in the emails. I have some questions.

1. Are you using Regular Expressions as defined in the Perl syntax?

2. There is an option to search in "Headers". Does this include the entire raw header section of the emails?

3. When looking at the raw source format of these emails, the "Subject" title in many of them are coded as UTF-8 instead of regular text format which makes it virtually impossible to decipher. I suspect these emails are coming from overseas. What would be visible to the filter mechanism in the "Subject" title, the converted text or the raw UTF-8 coding? That would determine what type of filter that could be set up to block them. If it is the raw UTF-8 coding, then a filter looking for the "UTF-8" could possibly eliminate these emails.

4. Does the "Discard" action completely eliminate the email from appearing anywhere in your email list?

Unfortunately not a lot of people are familiar with the use of regular expressions, but thanks for including that option.


4 Replies

Replies have been turned off for this discussion
  • CoxSpamdetectSU's avatar
    New Contributor III

    I find it strange that the incoming email either isn't filtered at all by Cox or their software was programed by ** monkeys.

    I have had many requests from the companies that these emails link to to forward them (the spam emails) either as a regular forward or as an attachment.

    if I try to do as the request the SMTP server instantly identifies them as potential spam and refuses to forward them.

    NOW explain to me why incoming is STUPID and outgoing so BRILLIANT

    and DON'T put the onus on the customer to block them, you are the experts not the customer.

    I forward hundreds (yes hundreds) of the same spam over and over to and still the same ones come in daily.

    Today I sent an email to corporate asking about this abysmal customer service explaining the issue.

    I wonder if I will even get a response.

    • johnptd's avatar
      New Contributor II

      I feel your pain and I agree that the onus should be on Cox. They are in the process of bringing a new Anti-SPAM system online. But we have no idea how long this will take or how effective it will be. In the meantime, I am not going to standby and be inundated by this flood of SPAM. That is why I have taken steps to block this garbage the best I can and so far my attempts have been effective.


  • MSinAZ's avatar
    New Contributor III

    I have not had any luck using the "header" filter in the email filtering. I've set up several filters using regex, but it's really difficult because Cox email does not read the HTML in the emails, only the VISIBLE sections. Meaning it does not read the links OR TO and CC email addresses contained within < > brackets.

    Also, anything set up with an "ends with" filter does not work.

    I tried to set up a filter that sends anything that is a BCC to me to go directly to SPAM. You'd think this would be easy - if TO or CC does NOT contain, send to spam. However, If somebody has me in their address book as FirstName and the "TO" is FirstName <>, Cox does NOT SEE the email address within the <> brackets and sent it to SPAM because it only sees the email came to First Name!

    Also, I've had zero success in trying to use the header filters. It asks for a header name. I've tried various header name combinations and nothing worked. Reply-to:, From:, Return-Path:, etc - with and without the colons. It just sends EVERYTHING to spam!

    Also DISCARD does not work - it just sends it to the SPAM folder. With most other services, DISCARD means it is just deleted without further action.

    Here are some regex expressions I've used that HAVE cut the spam down to minimal levels - each one needs its OWN RULE:

    Any Recipient -> not regex ->|FirstName

    From -> regex -> cbd|cannabis|keto|loan|meds|pharm|rx|tumeric|viagra|warranty
    Subject -> regex -> cbd|cannabis|keto|loan|meds|pharm|rx|tumeric|viagra|warranty
    Body -> regex -> cbd|cannabis|keto|loan|meds|pharm|rx|tumeric|viagra|warranty

    From -> not regex -> \.[ca|com|edu|gov|mil|net|org|uk]>$

    Hope that helps anybody out there!

    • MSinAZ's avatar
      New Contributor III