If your Inbox is anything like mine, I get a dozen or so Junk emails a day, every day, promising me cheap meidcations, inside stock trading information and other less salubrious pursuits. My ISP has a degree of server-level filtering enabled to stop the really obvious text-based spam getting through, and Junk mail filters in my Apple Mail get most of the rest - but recently spammers have changed tactics to embed their messages in the form of embedded images, thus getting around text-scans.

So what to do? Well, Apple Mail uses Rules (Mail > Preferences > Rules) to sort out your mail into specific mail folders (I have ones for suppliers, customers, family etc.) and all incoming mail is filtered and distributed accordingly, rather than having it all dumped in my Inbox to sort out manually.

We can use this Rule process to filter out the image-based spam emails, too. This tutorial assumes you have Junk Mail filtering Enabled, and set to automatically move Junk Mail to the Junk Mail folder (Apple Mail then applies its own basic filtering rules to each incoming method - details in the Advanced section of the Junk Mail button).

Here's how to make our Rules:

a) For Apple Mail v2 (Mac OS X 10.4):

1) Open Mail's preferences, and click on the Rules button.
2) Click the 'Add Rule' button
3) Name the Rule - let's start with Filter PIFs
4) Select 'All' from the conditions to be met drop-menu
5) Click on the drop-menu labelled 'From' and from the list select 'Edit Header List' down the bottom
6) Click the ' + ' button to add a new Header, and type in Content-Type (note capitalisation and no spaces!). Click 'OK'
7) Now from the previously used drop-menu labelled 'From' select 'Any Attachment Name' and from the adjacent drop-menu 'Contains' and in the text box at the end type in .pif
8) Click the round ' + ' button to add a new criterium row
9) From the first drop-menu in the new row select 'Content-Type', and in the second drop-menu 'Contains' and in the text box type multipart/related
10) Click the round ' + ' button at the end of this row to add add a third row of criteria
11) From the first drop-menu in this new third-row, select 'Sender is not in my Address Book' from the list.
12) From the 'Perform the following actions' section select from the first drop-menu 'Move mesasge' to mailbox 'Junk' from the second drop-menu
13) Click the round ' + ' button at the end of this row to add another row of criteria
14) From the first drop-menu in the new row select 'Set color' , 'of background' from the second drop-menu, and select a colour from the third drop-menu

Your Rule box should now look like this:



15) Click 'OK' and you're done!

You can then from the Rules list box select the Rule you've just created and 'Duplicate' it - and change the Rule name and Contains text box to filter out other graphic formats:
.jpg .jpeg .png



The coloured background of the mesages in your Junk mailbox will also help you spot any false-positives that might get filtered. Don't forget to add any new recipients you want to recieve email from to your Address Book!

b) For Apple Mail v1.3 (Mac OS X 10.3) which has a more restrictive set of Rules to work with:

1) Open Mail's preferences, and click on the Rules button.
2) Click the 'Add Rule' button
3) Name the Rule - let's call it 'Filter Attachments'
4) Select 'All' from the conditions to be met drop-menu
5) Click on the drop-menu labelled 'From' and from the list select 'Edit Header List' down the bottom
6) Type in Content-Type (note capitalisation and no spaces!). Click 'Add Header' and 'OK'
7) Set the criteria as follows:

If All the following conditions are met:
Content-Type Contains multipart/related
Sender is not in my Address Book
Sender is not in my Previous Recipients

Perform the following actions:
Set Color of background Purple
Move Message to mailbox Junk
Stop evaluating rules

Your Rule should look like this:



8) Click 'OK' to save and close out of Mail Preferences.

This blanket Rule essentially directs any message with any kind of attachment from someone you don't know to the Junk mailbox, colouring it in the process so you can easily see to check for any false positives. If the message is a false positive, simply drag it back from Junk to Inbox for it to become recognised as a Previous Recipient. It's also a good idea then to add that person to your Address Book.

You should also ensure the 'Display remote images in HTML messages' is turned OFF (unticked) in Mail Preferences > Viewing. A lot of spam has images which automatically load from the spammers’ servers when you open the email - and this tells them that your email address is a “good one”, and you go on their list. This means that Apple Mail will display a Load Images button up in the right corner of every email containing images, and you will have to click it to see the embedded graphics if you're sure it's from a legitimate source.

13/1/07: Updated to include solution for Apple Mail under Panther 10.3

Tags: Apple Mail