«

Greetings,

since Swen.A first appeared in the wild around September 18th 2003,
many people have asked how to filter the emails Swen wildly sends to
just about everyone who ever posted in any newsgroup. It's a bit
tricky, at first glance it seems impossible, but it can be done.

Here's how.

Swen emails unfortunately differ in From-, To- and Subject-field, but
you will always find your own valid email-address in the
Envelope-to-field of the email's header. OE unfortunately is unable to
filter emails by the Envelope-to-content, but this doesn't matter. If
you read the above carefully you see that:

Every email that arrives in your inbox and does NOT have your valid
email address in the To- or CC-field is almost guaranteed to be a
Swen-mail (exceptions see below).

To filter them out, do the following (tested with OE 6, earlier
versions may need a slightly different process):



*** BEGIN ***



(Thanks to Phil who helped me with using the correct English names as I
use the German version of OE - the following is a quote from his email)

Open the email rules: Tools\Message Rules\Mail

Create a new rule.

In the first window (Select the conditions for your rule) select the
following:
-Where the To line contains people
-Where the CC line contains people

In the second window (Select the Actions for your rule) select the
following:
-Delete it from server

In the third window (Rule Description...)
-Click on "contains people" and enter your email address, then click on
"Add"
-Your email has now been added, select the email address and click on
"Options"
-Select the second radio button "Message does not contain the people
below"
then "OK" to close.

(end quote from Phil)



*** END ***



Presto - you're done! OE will still have to download the _header_ data,
but not the message body with its 150K worm executable. Ergo you have
much less problems.

NOTE THE FOLLOWING:

Mailing lists - at least all lists I know - use a very similar
procedure to send their contents to you, inserting your valid address
in the Envelope-to-field and the basic email address of the list in the
To-field, along with usually adding a list-typical string to the
subject. Obviously this will create false positives with the
above-mentioned email rule that would delete the list messages along
with Swen.
Therefore, if you participate in mailing lists, I suggest you do the
following:



*** BEGIN ***



If you haven't done so until now, create an extra folder for each of
your lists.

Create one email rule for each of your lists with the following:

Subject contains the list-typical string, To-field contains the basic
list email address
Actions to take: Move to the folder created for that list, do not
process any more rules for that mail.

Move all these rules to somewhere ABOVE the rule that deletes
Swen-mails from the server.

(For the details on doing all this, see the description of the
Swen-filtering rule above)



*** END ***



That way, your mailing list messages will be moved to their own folders
while the pesky Swen mails will die while still on your provider's
server.

Hope to have helped...

Tocis (commoner AT carcosa DOT de)
To reply, include HI-AK 523 in the subject or else your mail will be
deleted!

On Thu, 25 Sep 2003 14:40:16 +0200, "Thore Schmechtig"
<> wrote:

>Every email that arrives in your inbox and does NOT have your valid
>email address in the To- or CC-field is almost guaranteed to be a
>Swen-mail (exceptions see below).


I pointed that out a couple of days ago and someone ( I don't remember
who) indicated that it doesn'twork, which is nonsense as it has
eliminated 100% of Swen from my mailbox. However, I am filtering at
the server level which means I don't have to download them to keep
them from filling up my message queue. Yes, it does work and it
doesn't delete legitimate mail from individuals. Incidently, whe
dropping my filter for a few hours to test I have noticed a sizable
decrease in Swen mail. Only 75 in an 8 hour period.

Bill,

I don't fully understand what you mean by "I am filtering at the server
level" or how one does that. There have been some posts that say OE has to
download the e-mail before it can take action. Could you explain how you
have your OE filter set up? Thanks!

--
John
If you Reply, be sure and remove the " (DELETE_THIS) " from the email
address.


"Bill" <> wrote in message
news:...
> On Thu, 25 Sep 2003 14:40:16 +0200, "Thore Schmechtig"
> <> wrote:
>
> >Every email that arrives in your inbox and does NOT have your valid
> >email address in the To- or CC-field is almost guaranteed to be a
> >Swen-mail (exceptions see below).
>
>
> I pointed that out a couple of days ago and someone ( I don't remember
> who) indicated that it doesn'twork, which is nonsense as it has
> eliminated 100% of Swen from my mailbox. However, I am filtering at
> the server level which means I don't have to download them to keep
> them from filling up my message queue. Yes, it does work and it
> doesn't delete legitimate mail from individuals. Incidently, whe
> dropping my filter for a few hours to test I have noticed a sizable
> decrease in Swen mail. Only 75 in an 8 hour period.

On Thu, 25 Sep 2003 09:07:09 -0400, "John"
<mooresjc@charter(DELETE_THIS)mi.net> wrote:

>I don't fully understand what you mean by "I am filtering at the server
>level" or how one does that.


Some ISP's and/or email services have filters on the server that users
can adjust to their own needs, which means you don't have to download
junk. The mail is filtered before it ever gets to OE.

In article <>,
mooresjc@charterDELETE_THISmi.net says...
>
>Bill,
>
>I don't fully understand what you mean by "I am filtering at the server
>level" or how one does that. There have been some posts that say OE has to
>download the e-mail before it can take action. Could you explain how you
>have your OE filter set up? Thanks!
>
>--
>John
****************** REPLY SEPARATER *********************
You don't use OE to filter at the server level. Our filtering service was smart
enough to detect the first few as "New Worm", and it quarantines virus and Spam
before it even gets to our server. My own account is over 4000 Swen virus's and
counting (about 30 an hour). I did however have to turn the notification
function off, and the filtering service allows me to delete 1000 quarantined
items at a time.

Hi Thore,

When I do as you suggest, I get the following new rule...

"Where the To line does not contain (my email address) and where the CC line
contains people, delete it from server"

But won't this rule delete all mail on which I am a CC recipient? That would
seem to include a lot of valid email, as I am often CC'd on mail to others.

Or am I missing something?

It works!! it works!!
Thank you !! Thank you!!
"Thore Schmechtig" <> wrote in message
news:bkunnu$61jqd$...
> Greetings,
>
> since Swen.A first appeared in the wild around September 18th 2003,
> many people have asked how to filter the emails Swen wildly sends to
> just about everyone who ever posted in any newsgroup. It's a bit
> tricky, at first glance it seems impossible, but it can be done.
>
> Here's how.
>
> Swen emails unfortunately differ in From-, To- and Subject-field, but
> you will always find your own valid email-address in the
> Envelope-to-field of the email's header. OE unfortunately is unable to
> filter emails by the Envelope-to-content, but this doesn't matter. If
> you read the above carefully you see that:
>
> Every email that arrives in your inbox and does NOT have your valid
> email address in the To- or CC-field is almost guaranteed to be a
> Swen-mail (exceptions see below).
>
> To filter them out, do the following (tested with OE 6, earlier
> versions may need a slightly different process):
>
>
>
> *** BEGIN ***
>
>
>
> (Thanks to Phil who helped me with using the correct English names as I
> use the German version of OE - the following is a quote from his email)
>
> Open the email rules: Tools\Message Rules\Mail
>
> Create a new rule.
>
> In the first window (Select the conditions for your rule) select the
> following:
> -Where the To line contains people
> -Where the CC line contains people
>
> In the second window (Select the Actions for your rule) select the
> following:
> -Delete it from server
>
> In the third window (Rule Description...)
> -Click on "contains people" and enter your email address, then click on
> "Add"
> -Your email has now been added, select the email address and click on
> "Options"
> -Select the second radio button "Message does not contain the people
> below"
> then "OK" to close.
>
> (end quote from Phil)
>
>
>
> *** END ***
>
>
>
> Presto - you're done! OE will still have to download the _header_ data,
> but not the message body with its 150K worm executable. Ergo you have
> much less problems.
>
> NOTE THE FOLLOWING:
>
> Mailing lists - at least all lists I know - use a very similar
> procedure to send their contents to you, inserting your valid address
> in the Envelope-to-field and the basic email address of the list in the
> To-field, along with usually adding a list-typical string to the
> subject. Obviously this will create false positives with the
> above-mentioned email rule that would delete the list messages along
> with Swen.
> Therefore, if you participate in mailing lists, I suggest you do the
> following:
>
>
>
> *** BEGIN ***
>
>
>
> If you haven't done so until now, create an extra folder for each of
> your lists.
>
> Create one email rule for each of your lists with the following:
>
> Subject contains the list-typical string, To-field contains the basic
> list email address
> Actions to take: Move to the folder created for that list, do not
> process any more rules for that mail.
>
> Move all these rules to somewhere ABOVE the rule that deletes
> Swen-mails from the server.
>
> (For the details on doing all this, see the description of the
> Swen-filtering rule above)
>
>
>
> *** END ***
>
>
>
> That way, your mailing list messages will be moved to their own folders
> while the pesky Swen mails will die while still on your provider's
> server.
>
> Hope to have helped...
>
> Tocis (commoner AT carcosa DOT de)
> To reply, include HI-AK 523 in the subject or else your mail will be
> deleted!

On Thu, 25 Sep 2003 11:20:25 -0400, "Marc" <> wrote:

>
>But won't this rule delete all mail on which I am a CC recipient? That would
>seem to include a lot of valid email, as I am often CC'd on mail to others.


I use the filter of if the mail doesn't specifically include my
address in the TO: or CC: fields delete it. It works.

On Thu, 25 Sep 2003 11:20:25 -0400, "Marc" <> wrote:

>Hi Thore,
>
>When I do as you suggest, I get the following new rule...
>
>"Where the To line does not contain (my email address) and where the CC line
>contains people, delete it from server"
>
>But won't this rule delete all mail on which I am a CC recipient? That would
>seem to include a lot of valid email, as I am often CC'd on mail to others.
>
>Or am I missing something?

No, you're not. I disagree with the advice you've been given and
would not use this rule. I read a couple of mailing lists and my name
does NOT always appear in the To or Cc header.

Also, most of my friends who send jokes and interesting stuff use Bcc.


--
Steve M -
remove wax for reply

On Thu, 25 Sep 2003 15:56:43 GMT, "Steve M (remove wax for reply)"
<> wrote:

>Also, most of my friends who send jokes and interesting stuff use Bcc.


That's where personal preferences make the difference. I don't want to
be on anyone's "bullshit mail list" and therefore certain rules work
for me that may not for you.