Last update: March 6, 2017

How-To: Block Content & Email

I work online just about every day hunting for knowledge, collaborating, whatever - and in that process there are things that I find which annoy any sensible person whether we’re talking about email exploits or the barrage of unwelcomed solicitation. I don’t get it; why do people waste time creating subterfuge?

Regardless, I’m sharing some of my tips and tricks for getting past these issues. These are Windows PC solutions and will require Admin Rights, maintenance to stay on top, and basic knowledge of HTML because that is the language of the Web and Email. I’ll try to keep it simple.

The easiest way to block a pesky website is to use the Parental Controls and adding the site a list, but that only works for the obvious websites like etc.

More likely we’re browsing the web, possibly a favorite website with news and media. Often there’s a section of content imported in from another obscured source that displays our latest shopping interests; this is called “targeted marketing” and serves a legitimate purpose. However many times it’s compromised with annoying images and text, typically misleading headlines to fake news, solutions to crude physical ailments, low-brow images, and worse.

For good or bad, these websites are known to share your browsing activity: Amazon, eBay, Alibaba, Auto/Motorcycle/RV Parts, News/Weather/Jobs/Food Portals, “free” Medical websites; anyplace you visit for shopping of any sort, you name it - most do it. Thankfully Government and Utility sites DO NOT share.

The easiest way to avoid having your browsing experience exploited is to execute the Browser in Privacy (Anonymous) Mode, but we all know that is a PITA.

A better way is to just Block the Content, and to do that we have to get the name of the serving Host. Modern browsers like Chrome and Internet Explorer have Developer Tools which helps quite a bit. I’m not going to explain how to uses these other than to highlight the section of pesky content, locate the source code, and search for the root host addresses of the content, such as IMG SRC or Background-Image URL. Once located, we can usually test the validity of the source by hacking it in situ without wasting a lot of time.

Next, we modify the O/S HOSTS File that contains a list of Addresses that are redirected to the Local IP Address which in effect blocks the resource. See Wikipedia: hosts (file)

  1. To begin, close all open browsers and applications that use browsers for Help.
  2. Open a new Browser instance, clear out the Cache, then close it.
  3. Purge Temporary files.
  4. Make a HOSTS File Backup: Presuming that Windows is installed on the C-Drive, navigate to “C:\Windows\System32\drivers\etc”, select the “hosts” file (it will not have an extension), then Copy|Paste to create the backup.
  5. With Notepad running as Administrator,
    1. File Open, change filter to “All Files (*.*)”
    2. Navigate to “C:\Windows\System32\drivers\etc”
    3. Select the “hosts” file, and click Open button.
  6. The syntax of the Hosts file is:
    1. IP Address, given as “” which points to the Local Machine Server.
    2. Name Resolution, given as “localhost” or “” or “”, etc.
  7. Create a new entry of the site that you want to block, for example “”:
    1. Literally, format the new entry as “” without quotes.
    2. Save the File. If you don’t have Admin Rights, then Windows will not allow the file to be saved.
    3. Reboot. Before Windows 10, we didn’t need to reboot, but now this is the only sure-fired way.
    4. Test by returning to the website that had the pesky content and refresh: If we did our homework the content should not appear. Success comes through trial and error, and persistence pays.

Here is a link to someone that has maintained a current list. I have developed my own though years and years. If it were me, I would only add the names that really cause frustration, otherwise there is risk that important content may become blocked, like throwing out the baby with the bathwater. Let common sense prevail.

There are several tricks to reduce exposure.

  • Browse the Web Anonymously. Definitely a RPITA.
  • Just Don’t Go There: Be aware of where you are going for information. I’ve never received SPAM from searching Wikipedia, IMDB, or XBox.Com, but then I never go to gambling sites or chase after racy content.
  • Become a small business owner, register your own domain, and manage your own email server. Most people can’t do this, however there might be email hosts that would allow alias creations:
  • Use Email Aliases for every place that asks for your email address. When SPAM arrives using that account, simply delete the account. Caveat: I never reply on an Alias because that would expose the routing to my primary address. For example, if I need a special account to interact with manufacturers then I will provision a new email account just for them.
  • ALWAYS use privacy when registering websites. I just went through an exercise where I had to move domain registrations from one Registrar to another because they exposed my contact details.
  • Change your primary email address. After 15 years, that is what I did to escape the barrage, but this will only work for about 2 or 3 years without resorting to using aliases.
  • Finally, know how to write good email rules for trapping spam.

Again we need to know how to read source code to find the identity or unique pattern within so that we can create a rule to trap the furry cretin. My email server allows me to create complex rules using wildcards and rerouting very much like Outlook. There are three parts where we can apply filters uniquely or together:

  • Header: This contains the routing, reply, who from, security scan details, relay, specific language tags, IP addresses, and more.
  • Subject Line: Message Title
  • Body: The contents of the Message. This may also be multipart for plain text and rich text formatting.
Constructing a Rule

First, I flag SPAM and block the sender in Outlook which gives me a list of violations over a period of time. Next, I use WebMail to view the RAW message source and then interrogate that to ferret out the patterns. From there it is simply a matter of defining the category of the SPAM ala Header, Subject, Body (or combinations thereof).

Next we write the action rule; most of my actions delete messages, but some I flag as potential SPAM. Here’s some examples…

Notes Name of Rule Section Rule Action
1 UnknownHost Header|anywhere *unknownhost* Delete
2 From RU Address Header|Address *@*.ru Delete
3 Attachment Filename Attachment|Specific Filename Investment Proposal.pdf Delete
4 From-To-Me Header|From|To Address Delete
5 Rolex Subject-Body Subject|Body Rolex
*amazing watches*
6 Body Text Buggers Body *100 day loans*
7 Attachment 5MB Attachment > specific size 5000 kb Flag
  1. Messages containing “unknownhost” in the Header are known to be SPAM, and so we delete them. This is my #1 Rule at the top.
  2. Block messages “From Address”: In this case from *.ru -> meaning all messages from Russia. I also do not do business with Nigeria, Syria, Iran, Yemen… but SPAM does not normally originate from these countries like they do from Romania and China. Block countries only as needed.
  3. Block suspect Attachments: A favorite trick is to embed a virus into an Attachment… being the first clue, and the second is with the filename. Frankly I’m a software developer and not an investor, so this one was easy to filter.
  4. This Rule blocks email sent from my account to my account. A Spammer favorite, except I rarely send email to myself. Low-hanging fruit.
  5. Deletes emails with “Rolex” or “amazing watches” in the subject or body. ‘Nuff said.
  6. Same idea as #5.
  7. Attachments > 5 MBs are flagged on the Subject Line as “EMAIL Oversized” and allows them pass through. I created this rule because back in the day my email box was a lot smaller: Someone at MICROSOFT sent me a funny video file (and not the link to the file) on a Friday afternoon of a 3-Day weekend to a group of friends. These people in turn forwarded the message to their pals, and the next thing you know is that the email box is stuffed full until the following Tuesday. OK, so it’s a legacy rule, but I still do not like sending files this way and I want them flagged.

We can also block IP Addresses by passing a range parameter. This requires a lot of patience to develop because as we know - IP Addresses are not assigned in large blocks consecutively. I look for patterns from specific countries and apply blocks as required. Again the source arises mainly from Russia, Romania, and China. It’s also worth noting that 50% of SPAM originates in the USA from Virginia, Ohio, Florida, and Los Angeles, but we know that could be spoofed.

Adding filters is a great way to reduce SPAM, but it comes at a cost of maintenance and server performance. In the last 10 years I prefer to use isolated email accounts targeting specific manufacturers and partners, and that has worked quite well. Really, in today’s world, if doing business at large and exposed then it’s better to have a disposable burn account like in Mission Impossible because the tiny few out there that ruin it for the rest of us.

With that in mind, I support signed-email, but that too has issues. As long as networks are public, there will always be assaults against them.

Good Hunting