Filtering for Spam

While presenting about phishing and spam in a corporate setting I realized some people don’t know how to configure a handy filtering trick.

I use this filter in one way but you may find a different, equally valuable use.  One reason this is so powerful for me is that I have a LOT of email accounts that I use for different purposes.  I receive hundreds of emails daily and while some online email services are good at filtering, they are not as functional as I want sometimes.  I use this method to ensure that I can view a couple of email accounts and see very quickly the high value emails out of all the noise that hits any of my email accounts daily.

For this trick to work, I’ll be using a “catchall” email account that I watch regularly throughout the day to see email that has passed through multiple filters and landed on an account I have through Google’s email service.

You may also notice that I use Google’s labels extensively (the colored squares to the left of the in-focus filter box or the white or orange rectangles under it in the screenshot below).

In my example, someone spamming me is targeting a valid email address I have that forwards email to the address that I’m checking even though the spammer doesn’t know that final address.

Visually the diagram looks like this:


The intermediary step of the fake email allows me to apply filters, not only based on key words but also based on the email account or even the domain I provide someone.  It isn’t necessary but it helps me differentiate my email more granularly for my purposes.

I use the filtering function of the email service (Gmail, Office, SmarterMail, etc) and add the key words that should result in deleting the email (as seen in the filter screenshot below).  I leave the From field blank because in my experience spammers can use an unlimited number of domains as the source of the spam.

My To box includes a domain (i.e., “”) which adds a layer for me so that someone sending me email about “diet” or “weight loss” to my real email address would get through to me while emails going to the bogus email address I handed out will get deleted.

One perk is that if someone who has that address sends me email about something other than those keywords, I can still receive it from them even though they don’t know my real email address.  There’s a lot of flexibility in this even if you only have a single email address/domain that you use.