How to Block Foreign Spam

  • Document ID:7019724
  • Creation Date:24-Jun-2008
  • Modified Date:07-Aug-2017
    • Micro Focus Products:
      GWAVA (Secure Messaging Gateway)

Environment

GWAVA 4 (all builds) for NetWare and Linux

Situation

Spam messages with foreign characters not being blocked

Resolution


GWAVA will automatically block a lot of spam messages that use non-standard character sets (as of build 100), which will cut down on a lot of foreign spam.  Here are a few other options for blocking these messages:

1)  Blocking foreign IP ranges

Although GWAVA isn't currently able to block a range of IP addresses, many firewalls and gateways will.  You want to block IP address ranges from foreign countries that you don't do business with.  Many customers will block IPs using the GroupWise Internet Agent (GWIA).  Foreign IP ranges can be found on the internet.  A huge percentage of spam comes from Russia and China.  This would be a good place to start, then you can add other country ranges as appropriate for the spam that you're getting.

Blocking spam before GWAVA even gets it can reduce your system load dramatically

2)  Blocking foreign domain extensions

Source address filters are a good way to block spam where the domain name is constant (eg Spammer1@SpamCo.com, Spammer2@SpamCo.com, etc.).  With most modern spam, the domain name will vary, but a lot of foreign spam will use a foreign domain extension (eg Spammer1@SpamCo.com.ru - this is an example of a Russian domain).  Creating a source address filter for *.ru will block any message with that extension.  A list of domain extensions for other countries can be found on the internet.

3)  Blocking foreign character sets

Every message coming from the internet has a MIME file, which uses a particular character set.  US-ASCII is a common character set.  If you know the character set that is being used in the foreign spam, you can block it using a MIME filter in GWAVA.  Here is snippet from a MIME file as an example:

Subject: GWAVA message restriction digest
Date:  26 May 2008 10:00:04 BET
To: user@domainname.com.br
Content-Type: multipart/alternative;
 boundary="GWAVADigest.MAIN"

This is a multi-part message in MIME format.

--GWAVADigest.MAIN
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

In this example, the pertinent line is:  '...charset=US-ASCII'.  Check your spam.  If a foreign or obscure character set is being used, then block it with a MIME filter.  In this specific example, you could also implement Step 2 and create a source address filter for *.br


See also these related articles:

Training GWAVA 4 - https://support.microfocus.com/kb/doc.php?id=7020526


Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 287.