Can't add Domain name to Block List because of invalid characters

Norton Security | Norton Internet Security
1

I've been getting spam where the sender is somehow putting an invalid character in their domain name.  When I cut and paste it the character turns into a question mark and the block list says it has invalid characters in it.  I'm sure the spammer is doing this intentionally.   How do I get around this ?    I want to block the entire domain and not just one email address.

Here's and example :  thwg212ocaution.com

 

Thanks

2

AllenM - Using the example above, would the domain name be listed as caution.com or would you have to find a way to type in those special characters?  Normally isn't the domain name on the right side of the @ symbol, what if there isn't any @ symbol?

3
PC_confused wrote:

AllenM - Using the example above, would the domain name be listed as caution.com or would you have to find a way to type in those special characters?  Normally isn't the domain name on the right side of the @ symbol, what if there isn't any @ symbol?

HI PC_confused,

 

That is correct. The domain is to the right of the @symbol such as "symantec.com". Of course I would not recommend adding "symantec.com" to the blocked list. :smileytongue:

 

LOL, sorry just a bit of levity. :smileyhappy:

 

Best wishes.

Allen

4

AllenM - I agree that the domain name is usually after the @ symbol, but what if there is no @ symbol (like in shalung's example)?  Is there a wildcard symbol you can use?  Sorry if I'm just being hardheaded.:smileysad:

5

Thank you for the response.  The error occurs when I'm manually adding the domain name to the block list.

I'm running Windows XP service pack 3 (32 bit),  Outlook Express 6,  Norton Internet Security version : 18.6.0.29.

What I'm doing...........

I right click on spam email,  click on Properties,  click on Details tab,  I copy the domain name from both Return-Path and the From: and then go to my block list and enter each (one at a time) manuallly.  The From: domain name has a funky character in it that the block list rejects as a invalid character.  So since that doesn't work I right click on the email and select Norton antispam > This is spam.   I click on having the email forwarded to Norton and then add the email address to my block list.  It excepts the format using this approach. The problem is I keep getting spam from the same domain name specified in the Return-Path (in the properties tab) but the From: email address keeps changing and has invalid characters in it.   It appears that Norton looks at the From: address/domain name and the spam sender knows it.  This is not allowing me to block ALL spam coming from these domains with one entry.

 

 How do I insert a picture into my post ?  I would show you what I'm looking at.

6

I should add that when I paste the domain address with the funky characater (looks kind of like a box) into the block list field it seems to translate to a question mark (?).   Like this     Ized133oda?ting.info    but in the returnpath field it looks like this

Ized133odating.info  .   Please remember I am entering the returnpath value but because of the funky character it never blocks that domain

7

Hi Shalung,

 

You can post images per the instructions here.

 

Actually I believe I know exactly what you mean. I did not realize until your latest post that the domain was changing each time but I have actually received some examples of this type of spam myself in the last few days.

 

I'm going to do some more testing and see if I can come up with anything. Thus far I cannot seem to get wildcards such as "*" to work even though the entry is accepted.

 

I will also ask for input from Symantec on this.

 

Please stay tuned and I will post back with updates as I get them.

 

Best wishes.

Allen

8

Actually it's not the domain that's changing,  it's the address to the left of the @.  

The domain name is corrupt (I'm sure intentionally) with some strange character that NIS will not except in the block list.

 

9
Shalung wrote:

Actually it's not the domain that's changing,  it's the address to the left of the @.  

The domain name is corrupt (I'm sure intentionally) with some strange character that NIS will not except in the block list.

 

Hi Shalung,

 

Thanks very much for the clarification. I am still trying to see if there is a way to get a wildcard to work from NIS's blocked list. So far no luck and for that I will let Symantec know so they can look into a way to deal with this.

 

If the domain name is not changing you can include any portion of it which is valid and configure an Oulook Express Email Rule to move it to the Junk email folder. Please see the following tutorial on how to do this.

 

http://www.freeemailtutorials.com/outlookExpress/advancedTopicsOutlookExpress/creatingAndUsingEmailRules.cwd

 

I have the full version of Outlook 2007 and this method works well. It has been a while since I used Outlook Express but I think you can do the same thing there.

 

Look for an option or checkbox in the email rule where it says something like "with specific words in the sender's address" or some similar wording.

 

I believe that NIS should be able to handle this on its own and I'll continue to look for a way to do so and work with Symantec. But in the meantime I'm hoping that you will be able to set up a rule in Outlook Express to accomplish the same thing.

 

Please let me know how it goes.

 

Best wishes.

Allen

10

Thanks Allen much appreciate  !!!!

11

Hi Shalung,

 

You are most welcome. :smileyhappy:

 

Please let me know if you are able to set up the Outlook email rule to filter these messages to the Junk email folder until such time as NIS is able to handle this better.

 

Best wishes.

Allen

12

Allen

 

Comment from the peanut gallery

The square box mentioned as a part of the domain name suggests that it is a character that is not one of the fonts loaded on the receiver's computer. This may be why the block isn't working. I have a couple of foreign language fonts loaded and I can insert one of those letters/characters into a name as needed. Just a thought

 

13
dickevans wrote:

Allen

 

Comment from the peanut gallery

The square box mentioned as a part of the domain name suggests that it is a character that is not one of the fonts loaded on the receiver's computer. This may be why the block isn't working. I have a couple of foreign language fonts loaded and I can insert one of those letters/characters into a name as needed. Just a thought

 


Anyone know if you can use a wild card ? That could get around the display problem and not knowing what the missing character is.

14

Hi Hugh,

 

I've tried every possible combination of wildcard I can think of including the obvious *. An * is accepted by NIS but it does not get treated as a wildcard but apparently rather as a literal character.

 

NIS also does not treat it as a contains. The indications I see are that whatever you enter for email or domain must match in its entirety, character for character.

 

Allen

15

Thanks Allen,

 

Let's hope they can fine tune it with a little encouragement ....

16

The peanut gallery again

 

I wonder if doing a mouseover will shed any light on the character, or even its binary identity. Not even sure that can work but it was a thought as I reread the messages here.

17

I think it has to be an obfuscated @ symbol

Try putting in ting.info

 

I first thought the same as Dick, that it may be a unsupported language character but I don't think that is allowed in internet addressing.  Maybe a unrecognized symbol is interpreted as the @ symbol since that is the only symbol used besides a period.

 

Dave

 

 

18

Dave,

Just wondering about the sites in other countries using native languages. ä ê ğ ɋ β could these cause a problem?

 

19
DaveH wrote:

I think it has to be an obfuscated @ symbol

Try putting in ting.info

 

Dave

 

 

Hi Dave,

 

Unfortunately this will not work. NIS does not handle partial matches. If you specify domain, the entire string after the @ must match character for character. I've tested this fully with my alternate email accounts and no matter what I have tried partial matches and wildcards simply do not work.

 

If you have found some way to do this, then let me know but definitely doing "ting.info" will not work.

 

This is why I suggested using Outlook Express email rule where you can specify to move any email containing even a partial match to the Junk email folder. This can be a temporary solution until Norton is able to handle partial matches.

 

Allen

20

I've been getting spam where the sender is somehow putting an invalid character in their domain name.  When I cut and paste it the character turns into a question mark and the block list says it has invalid characters in it.  I'm sure the spammer is doing this intentionally.   How do I get around this ?    I want to block the entire domain and not just one email address.

Here's and example :  thwg212ocaution.com

 

Thanks