A useful firewall rule trick to prevent your email client from accessing the web

If you use Port Explorer or any other realtime port monitoring tool you'll see that when you open a HTML email from a spammer, the email client often connects out to remote websites, usually on port 80 but that can vary. This isn't good at all -- it basically allows the spammer to detect that you have read your email, and in addition to this, they garnish your IP address and web-browser information when your browser visits their server.

The good news is that it can easily be prevented by adding two simple rules to your personal firewall (should work with all personal firewalls):
Rule #1 - Allow your email client outbound TCP access on port 25 (sending mail), 110 (receiving mail), and 119 (newsgroups, if you visit them).
Rule #2 - Block ALL other access by your email client

Note that the rules must be in that order to work . The first rule simply allows your email client outbound access to the ports it needs to get access to, while the second rule blocks all other access, thus preventing your email client from connecting out to remote webservers.

Best regards,
Wayne

 

Re:A useful firewall rule trick to prevent your email client from accessing the

as an additional constraint on those rules, specify the IP(s) of your account's associated mail servers as the only possible destinations.

It is child' play for a script to configure a new address in most email clients (worst of all is Outlook97/2k/xp - the vba extensibility is pretty powerful) and download attachments residing on a mailserver of the script writer's choice.

I don't know if this has happened but I can't be the first to have thought of it. I've seen an ftp version of this scenario, so the same advice applies there.

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Yup and to extend further, it won't stop your email client from connecting to a webserver that is listening (strangely) on port 25 or 110 - it's not likely to happen, but it's possible, so if you only use a few particular IP addresses, then use those
We get asked this quite a lot in emails so its a problem that affects a lot of people, but it's easy to deal with!

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Thanks for the information Wayne.
I ended up moving to “The Bat” to prevent this sort of thing happening and increase protection. The advice would have maybe saved a lot of work. I do believe the next version of Outlook will include an option to stop mail doing this. Could it be that Microsoft is now beginning to take notice?

 

Re:A useful firewall rule trick to prevent your email client from accessing the

MS should notice with less people using their OU and OE for this and all the comments worldwide.

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Let's not forget IMAP port 143 shall we !

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Hi Jooske

They already took care : in OE6SP1 options you may read all your mails in *.txt

To complete excellent Wayne's advice : you may also need port 143 (IMAP)
If you use hotmail.com from your mail client you need port 80, bad luck

Rgds,

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Hi Wayne,

Great piece of advice and only takes a few seconds to re-configure, simple yet very affective. As soon as I flicked through a few emails I had notifications on blocked connections (some emails were not overtly HTML either just shows that things can hide very easily).

Wink.

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Hello Wayne!

A decent firewall is doing this job already from itself!

And because I'm using such a decent firewall, Outpost Pro , I don't care about rules for my email program (Outlook XP).

 

Re:A useful firewall rule trick to prevent your email client from accessing the

 

Re:A useful firewall rule trick to prevent your email client from accessing the

NOT wrong: when you are using the "Rules Wizard" in Outpost it works just like I explained before!

BTW: you are talking about Outlook Express, I'm talking about Outlook XP....

 

Re:A useful firewall rule trick to prevent your email client from accessing the

For Outlook, when using "Create rules using preset" => Email client the only rule is TCP out :25 Allow. Hence you will be prompt to edit some more rules according to your whim : you may or may not accept in learning mode TCP OUT 80, 8080, etc... when you first time receive some kind of HTLM mails requesting OUTBOND connexion

Rgds,

 

Re:A useful firewall rule trick to prevent your email client from accessing the

As for hotmail: I´m trying out this program called web2pop
It does what it promises, I can fetch my Hotmail with The Bat this way.
Do you see any additional security risks?

Regards,

Pieter

 

Re:A useful firewall rule trick to prevent your email client from accessing the

This was a longer post but as I posted I got a 404 error and then lost it. So I will shorten this one.

Want to stop spam? Grab Mailwasher
http://www.mailwasher.net

What does it do? It allows you to bounce emails which removes you from 99% of spam lists and also allows you to delete emails off the server which means you don't have to download it in your client (really only a problem if your on dialup)
-Jason-

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Hi Jason

Excellent little App but I don't think bouncing is a great idea : lot of stupid robots consider it as a positive answer
and you are at risk to receive some more spam IMHO.

I NEVER answer any spam even NEVER unsuscribe : it's often a trick to cheat you

Best regards,

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Hi Jack,
Well I don't know what robots they use on me but bouncing them makes them disappear, whereas doing nothing I just kept getting more and more of the same email from the same people 5 times a day. Also recently I've been getting a lot of the boss.com worm which is a pain to have to download a lot when your on a 56K
-Jason-

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Doing nothing confirms to spammers that some mailbox is getting the spam. An unsuccessful bounce can do no more harm than that.

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Unless the spam bounce is so badly done that it's gives away the fact that it's a live account.

I doubt spammers keep track of bounces anyway.

 

Re:A useful firewall rule trick to prevent your email client from accessing the

most likely, all returns go to /dev/null

 

Re:A useful firewall rule trick to prevent your email client from accessing the

Hmm even I thought of it. It's basically an example of the basic principle of making firewall rules as restrictive as possible. Which itself is a subet of the general security rule to use only needed services and get it simple.

I've applied this restrictive rules (to specific ips) from anything like antivirus updates to Newsgroups and htmlclients (to specific email hosts I upload my site) .

To be extra careful, normally I do a reverse DNS (using web-based sites and local) to see if the Ips make sense.