How to Block Foreign Spam

Last reviewed on September 20, 2014   —  31 comments

A frequent question users ask is how to block foreign spam:

I’m receiving email that looks like it comes from Russia (funny looking letters). I keep adding the addresses to my block senders list however I seem to be getting more and more of them. I would like to make a rule to just delete them all, but I cannot find the letters anywhere to type into the rule.

Can we make a rule in which Outlook 2010 can auto-delete any emails that contain Asian characters?

Sure, you can create a rule to delete messages containing these (and other) character sets. You can also set the junk filter to delete mail that uses certain character sets.

But first, I’ll address the use of the blocked list: Don’t bother adding spammers to it. Because most spammers use an address once, you’re only filling up the list with bad addresses. The blocked list should be nearly empty. Set the Junk Email filter on High and let Outlook take care of spam; use the Safe lists to whitelist addresses as needed.

Junk Email Options

If you use Outlook 2003, 2007, or 2010, you can set the Junk email option to filter mail either by the top-level domain or character set. If you don’t correspond with users in certain high spam countries or who would be using alternate character sets, you can configure Outlook to filter all messages from the top level domain or that use foreign character sets.

Set the character encodingOpen the Junk Email Options dialog and go to the International tab. Block most of the encodings, but not ASCII or Western European, possibly not Latin 3 and 9 and any others that would be used by people from other countries that you correspond with.

Note: If the message (spam) doesn’t have a character set in the header, this filter won’t work.

The lines in the message header will look something like either of these two lines:

Content-Type: text/plain; charset=”ISO-8859-1″
Content-Language: en-us

The top level domain list blocks mail sent from addresses ending in a two-character country code (.de, .us, .ru etc). Because most spammers use .com addresses, this filter is less useful.

Find the Junk Email Dialog:

Expand the junk mail button to find optionsIn Outlook 2010, the Junk email options is Home ribbon in any mail folder; in Outlook 2003 and 2007, look on the Tools, Options dialog.

Note that Outlook 2010 maintains separate junk mail settings for each account.

If you have multiple accounts and deliver the mail to different Inboxes, select an Inbox and review the junk mail settings, then repeat for each Inbox. If you use one Inbox, select a message from one account and review the settings, then select a message from another account and check the settings.

Create a Rule for Foreign Spam

Users of all versions of Outlook can create rules that look for foreign characters in message bodies. Copy a few of the most common characters from a spam message and paste them into a rule. You only need about 8 to 10 letters from each language for maximum spam filtering.

To create a rule

First, locate a message with the characters you want to filter on and copy one or more characters.

  1. Open Rules Wizard. In Outlook 2010, look for Manage Rules & Alerts on the Home ribbon, Move section, under the Rules button. In Outlook 2007 and earlier, Rules & Alerts is on the Tools menu.
  2. Click Add Rule.
  3. Choose Apply rule on messages I receive near the bottom of the dialog.
  4. Click Next to move to the Conditions screen.
  5. Select the “with specific words in the subject or body” condition.
  6. Click on “specific words”in the lower part of the dialog and paste the characters in the Specify words… field. Click Add.  If you copied multiple characters, delete all but one character, then click Add. Repeat until all characters are added.
  7. Create a rule to delete spamClick Next to move to the Actions screen.
  8. Select “delete it” and click Next. At this point, the rule should look something like the rule shown in the screenshot.
  9. Click Next if you want to add exceptions to the rule or run it on messages in your Inbox, otherwise, click Finish to return to the Rules Wizard dialog.

About Diane Poremsky

Diane Poremsky
A Microsoft Outlook Most Valuable Professional (MVP) since 1999, Diane is the author of several books, including Outlook 2013 Absolute Beginners Book. She also created video training CDs and online training classes for Microsoft Outlook. You can find her helping people online in Outlook Forums as well as in the Microsoft Answers and TechNet forums.

Please post long or more complicated questions at Outlook forums by Slipstick.com.

31 responses to “How to Block Foreign Spam”

  1. jigneshhrathod

    Thank you! This was so helpful. I was really tired of getting junk emails written in some Chinese languages. I didn't think of any solution. Thanks a lot for the simple solution.

  2. NN

    Tried all this but outlook will not let me paste the characters.

    1. Diane Poremsky

      Did you use Ctrl+V to paste?

  3. ereemst

    Great article, but now one to you how do i block russian spam with cyrillic letters in Exchange 2013 with spam options on if i block a cyrillic letter A its just gives ? as return

    1. Diane Poremsky

      That would indicate a problem with the character set. does it change to ? as soon as you enter it/save it or after you close and reopen the dialog?

  4. PapaGolf

    Next step - block email with an embedded LINK to a foreign country?

    1. Diane Poremsky

      That is difficult to impossible. While you could filter all non-com, non-net urls, you'd need to do a DNS lookup on every url to insure they were not based outside the us. There are smtp filters that do this sort of thing - often based on url blacklists. I think the spam filters from both mcafee and Norton do this.

    2. PapaGolf

      I may be out of my league here, but in Outlook (and other programs) the link has an embedded address. Just mouse over and it pops up. No need for a DNS lookup unless you needed to verify something. That's how I do a quick determination of bogus email now manually.

    3. Diane Poremsky

      Correct, you can do that manually, but to do it automatically (or remove the link), you need to use a script (or addin) and check the source code.

  5. Maisy

    Hi Diane, When I copy the symbol (which I can't copy and paste here as it wont allow it) it shows up differently after I add it in the search list box and you cannot break it apart from the symbol. This spam cannot be stopped by Verizon, it also enters my junk box and removes itself back to the inbox. I am also seeing domains in my safe senders list. The one thing I would like to do which is consistent with all of them is there is nothing in the TO: field. I don't see how to block it in outlook. I am told it might be in the bcc field. I can send you some samples which will blow your mind. Otherwise, I tried to do what you say and it simply wont let me have just one symbol and it always contains the domain address which changes with each email (so obviously it would be a waste of my time which is what they want). I am going out of my mind with trying to block these. They have figured out all the ways you can block a spam email and countered it. Thanks

    1. Diane Poremsky

      Hmmm. I thought i answered this one. :( You can use a rule that looks for @ in the To field to filter out messages with To address. Well, it would actually be 'apply to all messages Except if @ in recipients address' Test it with flags or categories first to make sure it works as expected and doesn't delete mail you want to keep.

  6. Alan Striegel

    What mechanism (if any) is there for blocking by some of the new top-level domains that I'm starting to see as sending addresses?
    For example, quite a bit of the spam I'm seeing lately comes from domains that end in .club.

    1. Diane Poremsky

      At this time there is no built-in way to block them, but you could use a rule that looks for .club in the header.

      A run a script rule is another option, but the words in the header rule should work.

    2. Barry Foate

      Diane,
      Does the entry have to be entered exactly as you show (with ">" at the end)? If so, what is the function of that symbol?

    3. Diane Poremsky

      That sounds like a typo. (Is that on this page? I didn't see it.)

  7. dennis

    I changed the international language settings, but it isn't saved permanently. How can I get it to be permanent?

  8. Barry Foate

    "At this time there is no built-in way to block them, but you could use a rule that looks for .club> in the header."

    1. Diane Poremsky

      Ah... I was looking only at the article and the pending comments page and didn't see my comment with the typo. :) Yes, that was a typo and its fixed now. Thanks. Sorry about that.

  9. Bill Guidera

    I may have misread or misunderstood earlier posts. But for these common spams, since I do not see anything in the To: line, creating a rule by checking the option "where my name is not in the To box" then "delete it" then "except with @ in the recipients' address", correct?

    1. Diane Poremsky

      That should work - i'd use to or cc field and run a test for a few days where a category is added so you can see if it's working correctly as a lot of bulk mail and mailings put your address in the BCC.

  10. Dale

    I created a rule in Outlook 2007 to move any email with .info in the header to the junk email file. Sometimes it won't work, then other times it will move it there, display the notice that it's downloaded an apparent spam email. When I click "ok" it moves the email from the junk file to my inbox. ????

    1. Diane Poremsky

      Do you have any addins installed? Is the junk mail notification from outlook or from your antivirus or security software?

      Is this the message in this dialog:
      “Outlook has downloaded a message that appears to be Junk E-mail. This message was automatically moved to the Junk E-mail folder. You should check the Junk E-mail folder regularly to ensure that you do not miss e-mail that you want to receive.”

  11. Dale

    Not sure what an "addin" is. Yes, the message is just like the dialog you show.

    1. Diane Poremsky

      An addin is a utility installed in outlook so you can do something that outlook normally cant do. the list of addins should be at tools, trust center, addins. that dialog shoildnt move mail out of the junk folder. try changing the rule to move the mail to the deleted folder and see if it works better.

  12. Dale

    I'll try that, thanks. It seems like 90% of my spam comes from .info - 5% from .tk, and the rest from .com and/or .net.
    I'll let you know if that works.

  13. Dale

    That doesn't seem to help either. Maybe I'm telling the rule to look in the wrong place for the .info.(?) I'll try to past the wording below from the email when I click on "Message Options". (I took out my email address and replaced it with asterisks.

    Return-Path:
    Received: from cdptpa-pub-iedge-vip.email.rr.com ([107.14.174.245])
    by cdptpa-fep11.email.rr.com
    (InterMail vM.8.04.01.13 201-2343-100-167-20131028) with ESMTP
    id
    for ; Wed, 29 Oct 2014 20:11:31 +0000
    Return-Path:
    Received: from [84.239.57.231] ([84.239.57.231:62377] helo=Ayresmith.ndBreakfastShow.C.8S.com)
    by cdptpa-iedge09 (envelope-from )
    (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP
    id 31/80-10686-2F941545; Wed, 29 Oct 2014 20:11:31 +0000
    Date: Wed, 29 Oct 2014 20:11:29 -0000
    From: "=?ISO-8859-15?B?X1dpbmRvdyBEaXNjb3VudHM=?="
    Subject: =?Windows-1252?B?UXVhbGl0eaBXaW5kb3dfUmVwbGFjZW1lbnQuRGVhbHNf?=
    MIME-Version: 1.0
    Content-Type:
    multipart/alternative; boundary="SaI6111-IJ-1757323-676=_!"

    Message-ID:
    X-RR-Connecting-IP: 107.14.168.141:25
    X-Authority-Analysis: v=2.1 cv=GrbM+yFC c=1 sm=1 tr=0 a=K61abTOxmzkdaQiVxOMUpA==:117 a=K61abTOxmzkdaQiVxOMUpA==:17 a=ayC55rCoAAAA:8 a=0oj8HZZGiqAA:10 a=9cW_t1CCXrUA:10 a=jPJDawAOAc8A:10 a=13Gyjc2-_UYruZWFdh0A:9
    X-Cloudmark-Score: 0
    X-EsetId: 37303A29E3E9CF636D7162

    1. Diane Poremsky

      This is the problem:
      From: "=?ISO-8859-15?B?X1dpbmRvdyBEaXNjb3VudHM=?="
      Subject: =?Windows-1252?B?UXVhbGl0eaBXaW5kb3dfUmVwbGFjZW1lbnQuRGVhbHNf?=

      it's encoded because of the character set (ISO-8850-15). Unless there is something else unique to filter on, a rule is not going to work. Hmmm. If they all use the same charset, one of two things might work - if you don't get legit mail from that charset, create a rule to delete mail with Windows-1252 or ISO-8850-15 in the header. (I'd set a rule to set a category on the mail, to see if any legit mail uses it.) You could also try to filter on a partial string from the end of the from field - like VudHM=?=" (check the header of several messages from info addresses and see which characters always match). However, that might not work since its at the end of the string, not the beginning.

  14. Dale

    I did what you said with the "Windows-1252. I haven't had any spam from .info or .tk since - not even in my junk box or deleted file. I can't tell if this is stopping it before it hits my webmail at Road Runner, or if I'm just not getting any spam right now.

  15. Dale

    Hi Diane, I've pretty much given up on trying to block spam. They've started adding numbers to the end of the "Subject" line and changing them.

    I have another problem and don't know where to post it. I tried on the WD Elements forum but haven't received a response.

    Before my laptop crashed last week I did a backup on my WD Elements hard drive. Now I want to put this info on my new computer, but not sure how. When I drill down to the backup info it is listed as "Backup files 1", "Backup files 2" and so on through "Backup files 190".

    My questions are as follows:

    1. Can I just do a "Restore" in my Control Panel and tell it to use that data, or do I need to open Windows Explorer and drill down in each Backup file and drag and drop where I want it?

    2. I have saved new documents in my "Documents" under Libraries (which is where the bulk of my backed up info needs to go). Will either a "Restore" or drag and drop effect the new documents? I can save these few new files to a flash drive if necessary.

  16. Dale

    Worked...thanks.

Leave a Reply

If the Post Comment button disappears, press your Tab key.

This site uses XenWord.