Anti-Spam Countermeasures

Leo’s Tips

My two-step approach to fighting junk email seems to work pretty well. My first line of defense is my ISP, DSLExtreme. Like many ISPs, DSLExtreme filters for spam on its mail server with an open-source program called SpamAssassin, a hefty Perl script with multiple rule sets. As the end user, I set the score threshold. Email messages that score too high are held on the server and never reach my inbox. Set the threshold too high and extra spam gets through. Set it too low and you’ll get false positives, the bane of spam filters.

I’ve found that a threshold score of 6.5 stops 90 percent of the mail I don’t want while letting through all the mail I do want. SpamAssassin kills an average of 120 spam messages a day on my main account. That’s several megabytes of hair-restoration ads I never have to download. I review the spam mailbox every few days to make sure it hasn’t trapped anything I want. I’ve used it for several months and I’ve found it to be quite reliable.

But what of the 10 percent of spam messages that sneak by SpamAssassin? For that I use client-side filtering. I do all my email on Mac OS X using a streamlined and powerful program called PowerMail. I use an add-on spam filter called SpamSieve by Michael Tsai, in addition to PowerMail. SpamSieve also works with MailSmith, Apple Mail, and Entourage. SpamSieve uses a technique called “Bayesian filtering” to detect spam. Bayesian analysis of text has been around for years. Paul Graham was the first person to recommend Bayesian filtering for fighting junk email in his seminal Plan for Spam.

As Graham points out, most spam filters work like pesticides: They simply breed smarter spammers. Because a Bayesian-based filter learns and evolves, it can keep up with spammers. It doesn’t always work, but it does a very good job of detecting the bad stuff. On my machine, SpamSieve has processed 8,018 spam messages and 48,195 good messages with a 98.7 percent accuracy rate. In other words, it missed only 572 penis-enlarger ads and incorrectly marked 186 messages from my mom as spam. (This might be the first time “penis enlarger” and “my mom” have ever appeared together in a sentence.) That’s still 186 false positives too many, but it’s the best I’ve found to date. SpamSieve is particularly accurate with mailing lists. Many spam filters incorrectly tag newsletters as spam. I subscribe to several dozen lists. Thanks to the combination of SpamAssassin and SpamSieve, I haven’t missed any newsletters.

SpamAssassin uses a combination of Bayesian techniques, rule-based filters, and white-and-black lists to do its job. Its developers are constantly fiddling with the rules, so it seems to keep up with the spammers.

But why do spammers try so hard to get past mail filters? If I’m filtering on the word Viagra, I don’t want to see messages about it. What’s the point in spelling it “V i a g r a”? Maybe it’s because many spammers aren’t trying to sell anything at all. According to an interesting study by Wired News, most spam is designed to harvest your email address. That’s why you should never reply to spam — even to complain.

A common way that spammers will use to verify that an email was read are “web beacons” aka “web bugs” which are images that the mail client will load when you read an html email. By opening an email with a beacon the piece of spam will “phone home” letting the spammer know your email address is “good”. In order to avoid activating these beacons you have to make sure that these images are never downloaded. This isn’t a problem if you use an email client that doesn’t read html or your client is set up such that is doesn’t automatically load images. It is a good idea to make sure that your client isn’t loading images so that you don’t ‘accidentally’ open a piece of spam and confirm that your email address is good.

On Windows I’ve had success with an open source Bayesian-based program called SpamBayes. It’s an Outlook plug-in and it does a good job. The commercial version of SpamBayes, inBoxer, is easier to install and even more accurate. I recommend it highly. Spamihilator, another must-try Bayesian anti-spam-filter. This freeware supports almost every email clients out there with totally free downloadable plugins for customization. Kalic added, 26.12.2004

It helps to have an address you can use to give out when you sign up for things, instead of jeopardizing your mail email. For this purpose I subscribe to SpamCop. SpamCop does filtering, too. If your ISP doesn’t offer SpamAssassin, this might make a good alternative, but I found that SpamCop was stopping too much legitimate mail, especially from mailing lists. However, I use my SpamCop email address whenever I have to give an address to a website. I find that the @spamcop.net address seems to deter them from selling my name. I also report especially egregious spam to Spamcop.

Gmail and Yahoo Mail also feature effective spam filtering, and are a good choice if you are willing to use a web based email solution. If you are comfortable with IMAP I highly recommend Fastmail - they offer both SpamAssassin and Kaspersky anti-virus filtering on the server-side.

Protecting Your Email Address

Hiding your address from spammers.

• ECM-Email Countermeasures, Tim Williams.
• JavaScript: Protect your email address, Joe Maller.
• Anti-spam Email Link Obfuscator
• The Enkoder for Mac users too!
• EScrambler
• Wie Sie Email Spam verhindern oder Email Spam vorbeugen können (German)
• Email Obfuscator
• Anti-Spam | Stop Spam Bots
• SafeMailto: A Safe Anti-Spam Email Encoder
• MungeMaster
• Graphic @ for Spam Prevention
• CGI::ContactForm
• Anti-Spam Tips - How to Get Less Spam
• A Plan for Spam

Internal Links

• AlternativeEmailClientToMsOutlook
• Show #1
• Show #2
• Show #45
• Show #76
• Show #81
• Show #83

External Links

• Report spam to FTC
• The Anti-Phishing Working group
• 419 revenge stories
• Spoof Email Tutorial
• Tips and help for regular users
• Net Abuse FAQ/Spam FAQ
• Wikipedia:Spam
• Wikipedia:List of email spammers