Last reviewed on April 23, 2015   —  38 Comments

A frequent question users ask is how to block foreign spam:

I’m receiving email that looks like it comes from Russia (funny looking letters). I keep adding the addresses to my block senders list however I seem to be getting more and more of them. I would like to make a rule to just delete them all, but I cannot find the letters anywhere to type into the rule.

Can we make a rule in which Outlook 2010 can auto-delete any emails that contain Asian characters?

Sure, you can create a rule to delete messages containing these (and other) character sets. You can also set the junk filter to delete mail that uses certain character sets.

But first, I’ll address the use of the blocked list: Don’t bother adding spammers to it. Because most spammers use an address once, you’re only filling up the list with bad addresses. The blocked list should be nearly empty. Set the Junk Email filter on High and let Outlook take care of spam; use the Safe lists to whitelist addresses as needed.

Junk Email Options

If you use Outlook 2003 or newer, you can set the Junk email option to filter mail either by the top-level domain or character set. If you don’t correspond with users in certain high spam countries or who would be using alternate character sets, you can configure Outlook to filter all messages from the top level domain or that use foreign character sets.

Open the Junk Email Options dialog and go to the International tab. Block most of the encodings, but not ASCII or Western European, possibly not Latin 3 and 9 and any others that would be used by people from other countries that you correspond with.

Set the character encoding

Note: If the message (spam) doesn’t have a character set in the header, this filter won’t work.

The lines in the message header will look something like either of these two lines:

Content-Type: text/plain; charset=”ISO-8859-1″
Content-Language: en-us

The top level domain list blocks mail sent from addresses ending in a two-character country code (.de, .us, .ru etc). Because most spammers use .com addresses, this filter is less useful.

Find the Junk Email Dialog:

In Outlook 2010, the Junk email options is Home ribbon in any mail folder; in Outlook 2003 and 2007, look on the Tools, Options dialog.
Expand the junk mail button to find options

Note that Outlook 2010 maintains separate junk mail settings for each account.

If you have multiple accounts and deliver the mail to different Inboxes, select an Inbox and review the junk mail settings, then repeat for each Inbox. If you use one Inbox, select a message from one account and review the settings, then select a message from another account and check the settings.

Create a Rule for Foreign Spam

Users of all versions of Outlook can create rules that look for foreign characters in message bodies. Copy a few of the most common characters from a spam message and paste them into a rule. You only need about 8 to 10 letters from each language for maximum spam filtering.

To create a rule

First, locate a message with the characters you want to filter on and copy one or more characters.

  1. Open Rules Wizard. In Outlook 2010, look for Manage Rules & Alerts on the Home ribbon, Move section, under the Rules button. In Outlook 2007 and earlier, Rules & Alerts is on the Tools menu.
  2. Click Add Rule.
  3. Choose Apply rule on messages I receive near the bottom of the dialog.
  4. Click Next to move to the Conditions screen.
  5. Select the “with specific words in the subject or body” condition.
  6. Click on “specific words”in the lower part of the dialog and paste the characters in the Specify words… field. Click Add.  If you copied multiple characters, delete all but one character, then click Add. Repeat until all characters are added.
  7. Click Next to move to the Actions screen.
    rule-for-spam
  8. Select “delete it” and click Next. At this point, the rule should look something like the rule shown in the screenshot.
  9. Click Next if you want to add exceptions to the rule or run it on messages in your Inbox, otherwise, click Finish to return to the Rules Wizard dialog.

Comments

  1. jigneshhrathod says

    Thank you! This was so helpful. I was really tired of getting junk emails written in some Chinese languages. I didn't think of any solution. Thanks a lot for the simple solution.

  2. ereemst says

    Great article, but now one to you how do i block russian spam with cyrillic letters in Exchange 2013 with spam options on if i block a cyrillic letter A its just gives ? as return

    • Diane Poremsky says

      That would indicate a problem with the character set. does it change to ? as soon as you enter it/save it or after you close and reopen the dialog?

    • Diane Poremsky says

      That is difficult to impossible. While you could filter all non-com, non-net urls, you'd need to do a DNS lookup on every url to insure they were not based outside the us. There are smtp filters that do this sort of thing - often based on url blacklists. I think the spam filters from both mcafee and Norton do this.

    • PapaGolf says

      I may be out of my league here, but in Outlook (and other programs) the link has an embedded address. Just mouse over and it pops up. No need for a DNS lookup unless you needed to verify something. That's how I do a quick determination of bogus email now manually.

    • Diane Poremsky says

      Correct, you can do that manually, but to do it automatically (or remove the link), you need to use a script (or addin) and check the source code.

  3. Maisy says

    Hi Diane, When I copy the symbol (which I can't copy and paste here as it wont allow it) it shows up differently after I add it in the search list box and you cannot break it apart from the symbol. This spam cannot be stopped by Verizon, it also enters my junk box and removes itself back to the inbox. I am also seeing domains in my safe senders list. The one thing I would like to do which is consistent with all of them is there is nothing in the TO: field. I don't see how to block it in outlook. I am told it might be in the bcc field. I can send you some samples which will blow your mind. Otherwise, I tried to do what you say and it simply wont let me have just one symbol and it always contains the domain address which changes with each email (so obviously it would be a waste of my time which is what they want). I am going out of my mind with trying to block these. They have figured out all the ways you can block a spam email and countered it. Thanks

    • Diane Poremsky says

      Hmmm. I thought i answered this one. :( You can use a rule that looks for @ in the To field to filter out messages with To address. Well, it would actually be 'apply to all messages Except if @ in recipients address' Test it with flags or categories first to make sure it works as expected and doesn't delete mail you want to keep.

  4. Alan Striegel says

    What mechanism (if any) is there for blocking by some of the new top-level domains that I'm starting to see as sending addresses?
    For example, quite a bit of the spam I'm seeing lately comes from domains that end in .club.

    • Diane Poremsky says

      At this time there is no built-in way to block them, but you could use a rule that looks for .club in the header.

      A run a script rule is another option, but the words in the header rule should work.

    • Barry Foate says

      Diane,
      Does the entry have to be entered exactly as you show (with ">" at the end)? If so, what is the function of that symbol?

  5. dennis says

    I changed the international language settings, but it isn't saved permanently. How can I get it to be permanent?

  6. Barry Foate says

    "At this time there is no built-in way to block them, but you could use a rule that looks for .club> in the header."

    • Diane Poremsky says

      Ah... I was looking only at the article and the pending comments page and didn't see my comment with the typo. :) Yes, that was a typo and its fixed now. Thanks. Sorry about that.

  7. Bill Guidera says

    I may have misread or misunderstood earlier posts. But for these common spams, since I do not see anything in the To: line, creating a rule by checking the option "where my name is not in the To box" then "delete it" then "except with @ in the recipients' address", correct?

    • Diane Poremsky says

      That should work - i'd use to or cc field and run a test for a few days where a category is added so you can see if it's working correctly as a lot of bulk mail and mailings put your address in the BCC.

  8. Dale says

    I created a rule in Outlook 2007 to move any email with .info in the header to the junk email file. Sometimes it won't work, then other times it will move it there, display the notice that it's downloaded an apparent spam email. When I click "ok" it moves the email from the junk file to my inbox. ????

    • Diane Poremsky says

      Do you have any addins installed? Is the junk mail notification from outlook or from your antivirus or security software?

      Is this the message in this dialog:
      “Outlook has downloaded a message that appears to be Junk E-mail. This message was automatically moved to the Junk E-mail folder. You should check the Junk E-mail folder regularly to ensure that you do not miss e-mail that you want to receive.”

    • Diane Poremsky says

      An addin is a utility installed in outlook so you can do something that outlook normally cant do. the list of addins should be at tools, trust center, addins. that dialog shoildnt move mail out of the junk folder. try changing the rule to move the mail to the deleted folder and see if it works better.

  9. Dale says

    I'll try that, thanks. It seems like 90% of my spam comes from .info - 5% from .tk, and the rest from .com and/or .net.
    I'll let you know if that works.

  10. Dale says

    That doesn't seem to help either. Maybe I'm telling the rule to look in the wrong place for the .info.(?) I'll try to past the wording below from the email when I click on "Message Options". (I took out my email address and replaced it with asterisks.

    Return-Path:
    Received: from cdptpa-pub-iedge-vip.email.rr.com ([107.14.174.245])
    by cdptpa-fep11.email.rr.com
    (InterMail vM.8.04.01.13 201-2343-100-167-20131028) with ESMTP
    id
    for ; Wed, 29 Oct 2014 20:11:31 +0000
    Return-Path:
    Received: from [84.239.57.231] ([84.239.57.231:62377] helo=Ayresmith.ndBreakfastShow.C.8S.com)
    by cdptpa-iedge09 (envelope-from )
    (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP
    id 31/80-10686-2F941545; Wed, 29 Oct 2014 20:11:31 +0000
    Date: Wed, 29 Oct 2014 20:11:29 -0000
    From: "=?ISO-8859-15?B?X1dpbmRvdyBEaXNjb3VudHM=?="
    Subject: =?Windows-1252?B?UXVhbGl0eaBXaW5kb3dfUmVwbGFjZW1lbnQuRGVhbHNf?=
    MIME-Version: 1.0
    Content-Type:
    multipart/alternative; boundary="SaI6111-IJ-1757323-676=_!"

    Message-ID:
    X-RR-Connecting-IP: 107.14.168.141:25
    X-Authority-Analysis: v=2.1 cv=GrbM+yFC c=1 sm=1 tr=0 a=K61abTOxmzkdaQiVxOMUpA==:117 a=K61abTOxmzkdaQiVxOMUpA==:17 a=ayC55rCoAAAA:8 a=0oj8HZZGiqAA:10 a=9cW_t1CCXrUA:10 a=jPJDawAOAc8A:10 a=13Gyjc2-_UYruZWFdh0A:9
    X-Cloudmark-Score: 0
    X-EsetId: 37303A29E3E9CF636D7162

    • Diane Poremsky says

      This is the problem:
      From: "=?ISO-8859-15?B?X1dpbmRvdyBEaXNjb3VudHM=?="
      Subject: =?Windows-1252?B?UXVhbGl0eaBXaW5kb3dfUmVwbGFjZW1lbnQuRGVhbHNf?=

      it's encoded because of the character set (ISO-8850-15). Unless there is something else unique to filter on, a rule is not going to work. Hmmm. If they all use the same charset, one of two things might work - if you don't get legit mail from that charset, create a rule to delete mail with Windows-1252 or ISO-8850-15 in the header. (I'd set a rule to set a category on the mail, to see if any legit mail uses it.) You could also try to filter on a partial string from the end of the from field - like VudHM=?=" (check the header of several messages from info addresses and see which characters always match). However, that might not work since its at the end of the string, not the beginning.

  11. Dale says

    I did what you said with the "Windows-1252. I haven't had any spam from .info or .tk since - not even in my junk box or deleted file. I can't tell if this is stopping it before it hits my webmail at Road Runner, or if I'm just not getting any spam right now.

  12. Dale says

    Hi Diane, I've pretty much given up on trying to block spam. They've started adding numbers to the end of the "Subject" line and changing them.

    I have another problem and don't know where to post it. I tried on the WD Elements forum but haven't received a response.

    Before my laptop crashed last week I did a backup on my WD Elements hard drive. Now I want to put this info on my new computer, but not sure how. When I drill down to the backup info it is listed as "Backup files 1", "Backup files 2" and so on through "Backup files 190".

    My questions are as follows:

    1. Can I just do a "Restore" in my Control Panel and tell it to use that data, or do I need to open Windows Explorer and drill down in each Backup file and drag and drop where I want it?

    2. I have saved new documents in my "Documents" under Libraries (which is where the bulk of my backed up info needs to go). Will either a "Restore" or drag and drop effect the new documents? I can save these few new files to a flash drive if necessary.

    • Diane PoremskyDiane Poremsky says

      Sorry I missed this earlier - I'm trying to get caught up after taking most of Dec off. :) I'm not familiar with that backup software, but with other backups, yes, you would use the restore program. Some programs will mount the backups and you can browse to find specific files. Restore shouldn't affect existing files - as long as they have different file names. If the file names are the same, the new file may be overwritten.

  13. Allan says

    Diane, I'm not a user of Outlook and I use Yahoo standard email.

    Here lately I'm getting virtually thousands of spam emails with an ISP I traced back to China, the emails are in English. ALL these spam emails ISP's begin with 116.

    Other than reporting the emails as spam, which I've done so much, my fingers are raw, is there ANY other way of stopping these spam emails?

    Thanks,

    • Diane PoremskyDiane Poremsky says

      What character set is used? The junk filter has an option to block by character sets.

      You can try a rule for 'with words in the header' - but you need to make this as unique as possible to avoid filtering good mail accidently. Using "[116." might not be unique enough (the bracket will avoid filtering within an IP address.)

    • Diane PoremskyDiane Poremsky says

      On the International tab of the Junk mail filter, you can block character sets; you don't want to filter us-ascii or western European but can block several others.

      A Rule processes messages as they arrive - the second part half of the article shows how to create a rule that looks for words in the body.

  14. Allan says

    Diane, in Yahoo email Filtering, there is no "International tab", the junk mail filter tab includes:

    Filter Name
    From
    To/CC
    Subject
    Body
    Then Move The Message to....

    Please remember, I don't have/use Outlook, and I have standard Yahoo email.

    • Diane PoremskyDiane Poremsky says

      Oh... I misunderstood. Yeah, your options are limited when you use web access - if Yahoo doesn't support it, you won't be able to filter on it.

  15. Allan says

    FYI Diane,

    I think Yahoo is doing all they can to force users into buying their "Premium" email service by doing little or nothing to stop these Spammers.

    Same Spammers, over and over again are attacking user's inboxes, even though they are reported as Spam.

    As a footnote, you might, just for giggles, open a new Yahoo email account and see for yourself where I'm coming from.

    MAYBE, with all your wisdom, you can find a way to stop these Spammers, on Yahoo at least(-;

    Allan

Leave a Reply

Please post long or more complicated questions at OutlookForums by Slipstick.com.

If the Post Comment button disappears, press your Tab key.