http://img106.exs.cx/img106/7269/spam.png%%
My two-step approach to fighting junk email seems to work pretty well. My first line of defense is my ISP, DSLExtreme. Like many ISPs, DSLExtreme filters for spam on its mail server with an open-source program called SpamAssassin, a hefty Perl script with multiple rule sets. As the end user, I set the score threshold. Email messages that score too high are held on the server and never reach my inbox. Set the threshold too high and extra spam gets through. Set it too low and you’ll get false positives, the bane of spam filters.

(:*toc:)

But what of the 10 percent of spam messages that sneak by SpamAssassin? For that I use client-side filtering. I do all my email on Mac OS X using a streamlined and powerful program called http://ctmdev.com PowerMail. I use an add-on spam filter called http://www.c-command.com/spamsieve/index.shtml SpamSieve by Michael Tsai, in addition to PowerMail. SpamSieve also works with MailSmith, Apple Mail, and Entourage. SpamSieve uses a technique called “Wikipedia:Bayesian_filter Bayesian filtering” to detect spam. Bayesian analysis of text has been around for years. Wikipedia:Paul_Graham Paul Graham was the first person to recommend Bayesian filtering for fighting junk email in his seminal http://www.paulgraham.com/spam.html Plan for Spam.

On Windows I’ve had success with an open source Bayesian-based program called http://spambayes.sourceforge.net/ SpamBayes. It’s an Outlook plug-in and it does a good job. The commercial version of SpamBayes, http://www.inboxer.com/ inBoxer, is easier to install and even more accurate. I recommend it highly. http://www.spamihilator.com/ Spamihilator, another must-try Bayesian anti-spam-filter. This freeware %color=navy%supports almost every email clients%% out there with totally free downloadable plugins for customization. %comment% Kalic added, 26.12.2004 %%

• http://www.altruists.org/projects/as/ Anti-Spam Tips - How to Get Less Spam
• http://www.paulgraham.com/spam.html A Plan for Spam

• Wikipedia:Spam%5F%28%65%2D%6D%61%69%6C%29 Wikipedia:Spam
• Wikipedia:List_of_e-mail_spammers Wikipedia:List of email spammers

• Wikipedia:List_of_e-mail_spammers List of email spammers

http://img106.exs.cx/img106/7269/spam.png My two-step approach to fighting junk email seems to work pretty well. My first line of defense is my ISP, DSLExtreme. Like many ISPs, DSLExtreme filters for spam on its mail server with an open-source program called http://spamassassin.org/ SpamAssassin, a hefty Perl script with multiple rule sets. As the end user, I set the score threshold. Email messages that score too high are held on the server and never reach my inbox. Set the threshold too high and extra spam gets through. Set it too low and you’ll get false positives, the bane of spam filters.

Anti-Spam Countermeasures

tocauto?

Leo’s Tips

My two-step approach to fighting junk email seems to work pretty well. My first line of defense is my ISP, DSLExtreme. Like many ISPs, DSLExtreme filters for spam on its mail server with an open-source program called http://spamassassin.org/ SpamAssassin, a hefty Perl script with multiple rule sets. As the end user, I set the score threshold. Email messages that score too high are held on the server and never reach my inbox. Set the threshold too high and extra spam gets through. Set it too low and you’ll get false positives, the bane of spam filters.

I’ve found that a threshold score of 6.5 stops 90 percent of the mail I don’t want while letting through all the mail I do want. SpamAssassin kills an average of 120 spam messages a day on my main account. That’s several megabytes of hair-restoration ads I never have to download. I review the spam mailbox every few days to make sure it hasn’t trapped anything I want. I’ve used it for several months and I’ve found it to be quite reliable.

But what of the 10 percent of spam messages that sneak by SpamAssassin? For that I use client-side filtering. I do all my email on Mac OS X using a streamlined and powerful program called http://ctmdev.com PowerMail. I use an add-on spam filter called http://www.c-command.com/spamsieve/index.shtml SpamSieve by Michael Tsai, in addition to PowerMail. SpamSieve also works with MailSmith, Apple Mail, and Entourage. SpamSieve uses a technique called “Bayesian filtering” to detect spam. Bayesian analysis of text has been around for years. Paul Graham was the first person to recommend Bayesian filtering for fighting junk email in his seminal http://www.paulgraham.com/spam.html Plan for Spam.

As Graham points out, most spam filters work like pesticides: They simply breed smarter spammers. Because a Bayesian-based filter learns and evolves, it can keep up with spammers. It doesn’t always work, but it does a very good job of detecting the bad stuff. On my machine, SpamSieve has processed 8,018 spam messages and 48,195 good messages with a 98.7 percent accuracy rate. In other words, it missed only 572 penis-enlarger ads and incorrectly marked 186 messages from my mom as spam. (This might be the first time “penis enlarger” and “my mom” have ever appeared together in a sentence.) That’s still 186 false positives too many, but it’s the best I’ve found to date. SpamSieve is particularly accurate with mailing lists. Many spam filters incorrectly tag newsletters as spam. I subscribe to several dozen lists. Thanks to the combination of SpamAssassin and SpamSieve, I haven’t missed any newsletters.

SpamAssassin uses a combination of Bayesian techniques, rule-based filters, and white-and-black lists to do its job. Its developers are constantly fiddling with the rules, so it seems to keep up with the spammers.

But why do spammers try so hard to get past mail filters? If I’m filtering on the word Viagra, I don’t want to see messages about it. What’s the point in spelling it “V i a g r a”? Maybe it’s because many spammers aren’t trying to sell anything at all. According to an interesting study by Wired News, most spam is designed to harvest your email address. That’s why you should never reply to spam — even to complain.

A common way that spammers will use to verify that an email was read are “web beacons” aka “web bugs” which are images that the mail client will load when you read an html email. By opening an email with a beacon the piece of spam will “phone home” letting the spammer know your email address is “good”. In order to avoid activating these beacons you have to make sure that these images are never downloaded. This isn’t a problem if you use an email client that doesn’t read html or your client is set up such that is doesn’t automatically load images. It is a good idea to make sure that your client isn’t loading images so that you don’t ‘accidentally’ open a piece of spam and confirm that your email address is good.

On Windows I’ve had success with an open source Bayesian-based program called http://spambayes.sourceforge.net/ SpamBayes. It’s an Outlook plug-in and it does a good job. The commercial version of SpamBayes, http://www.inboxer.com/ inBoxer, is easier to install and even more accurate. I recommend it highly.

It helps to have an address you can use to give out when you sign up for things, instead of jeopardizing your mail email. For this purpose I subscribe to http://spamcop.net SpamCop. SpamCop does filtering, too. If your ISP doesn’t offer SpamAssassin, this might make a good alternative, but I found that SpamCop was stopping too much legitimate mail, especially from mailing lists. However, I use my SpamCop email address whenever I have to give an address to a website. I find that the @spamcop.net address seems to deter them from selling my name. I also report especially egregious spam to Spamcop.

http://gmail.google.com Gmail and http://mail.yahoo.com Yahoo Mail also feature effective spam filtering, and are a good choice if you are willing to use a web based email solution. If you are comfortable with IMAP I highly recommend http://fastmail.fm Fastmail - they offer both SpamAssassin and Kaspersky anti-virus filtering on the server-side.

Protecting Your Email Address

Hiding your address from spammers.

• http://www.u.arizona.edu/~trw/spam/ ECM-Email Countermeasures, Tim Williams.
• http://www.joemaller.com/js-mailer.shtml JavaScript: Protect your email address, Joe Maller.
• http://www.jottings.com/obfuscator.htm Anti-spam Email Link Obfuscator
• http://automaticlabs.com/products/enkoder/ The Enkoder for Mac users too!
• http://innerpeace.org/escrambler.shtml EScrambler
• http://www.onsite.org/html/antispam_email.html Wie Sie Email Spam verhindern oder Email Spam vorbeugen können (German)
• http://alicorna.com/obfuscator.html Email Obfuscator
• Stop Spam Bots
• http://w2.syronex.com/jmr/safemailto/ SafeMailto: A Safe Anti-Spam Email Encoder
• http://www.closetnoc.com/mungemaster/mungemaster.pl MungeMaster
• http://jamesthornton.com/software/graphic@.html Graphic @ for Spam Prevention
• http://www.gunnar.cc/contactform/readme.html CGI::ContactForm

Internal Links

• {{AlternativeEmailClientToMsOutlook}}

External Links

• https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01 Report spam to FTC
• http://antiphishing.org/ The Anti-Phishing Working group
• http://www.419eater.com/ 419 revenge stories
• http://pages.ebay.com/education/spooftutorial/ Spoof Email Tutorial
• http://spam.abuse.net/userhelp/ Tips and help for regular users
• http://digital.net/~gandalf/spamfaq.html Net Abuse FAQ/Spam FAQ

A common way that spammers will use to verify that an email was read are “web beacons” aka “web bugs” which are images that the mail client will load when you read an html email. By opening an email with a beacon the piece of spam will “phone home” letting the spammer know your email address is “good”. In order to avoid activating these beacons you have to make sure that these images are never downloaded. This isn’t a problem if you use an email client that doesn’t read html or your client is set up such that is doesn’t automatically load images. It is a good idea to make sure that your client isn’t loading images so that you don’t ‘accidentally’ open a piece of spam and confirm that your email address is good.

http://gmail.google.com Gmail and http://mail.yahoo.com Yahoo Mail also feature effective spam filtering, and are a good choice if you are willing to use a web based email solution. If you are comfortable with IMAP I highly recommend http://fastmail.fm Fastmail - they offer both SpamAssassin and Kaspersky anti-virus filtering on the server-side.

http://gmail.google.com Gmail and http://mail.yahoo.com Yahoo Mail also feature effective spam filtering, and are a good choice if you are willing to use a web based email solution. If you are comfortable with Jargon:imap IMAP? I highly recommend http://fastmail.fm Fastmail - they offer both SpamAssassin and Kaspersky anti-virus filtering on the server-side.

http://gmail.google.com Gmail and http://mail.yahoo.com Yahoo Mail also feature effective spam filtering, and are a good choice if you are willing to use a web based email solution. If you are comfortable with Wikipedia:imap IMAP I highly recommend http://fastmail.fm Fastmail - they offer both SpamAssassin and Kaspersky anti-virus filtering on the server-side.

But what of the 10 percent of spam messages that sneak by SpamAssassin? For that I use client-side filtering. I do all my email on Mac OS X using a streamlined and powerful program called http://ctmdev.com PowerMail. I use an add-on spam filter called http://www.c-command.com/spamsieve/index.shtml SpamSieve by Michael Tsai, in addition to PowerMail. SpamSieve also works with MailSmith, Apple Mail, and Entourage. SpamSieve uses a technique called “Bayesian filtering” to detect spam. Bayesian analysis of text has been around for years. Paul Graham was the first person to recommend Bayesian filtering for fighting junk email in his seminal http://www.paulgraham.com/spam.html Plan for Spam.

My two-step approach to fighting junk email seems to work pretty well. My first line of defense is my ISP, DSLExtreme. Like many ISPs, DSLExtreme filters for spam on its mail server with an open-source program called http://spamassassin.org/ SpamAssassin, a hefty Perl script with multiple rule sets. As the end user, I set the score threshold. Email messages that score too high are held on the server and never reach my inbox. Set the threshold too high and extra spam gets through. Set it too low and you’ll get false positives, the bane of spam filters.

But what of the 10 percent of spam messages that sneak by SpamAssassin? For that I use client-side filtering. I do all my email on Mac OS X using a streamlined and powerful program called http://ctmdev.com PowerMail. I use an add-on spam filter called [http://www.c-command.com/spamsieve/index.shtml SpamSieve]] by Michael Tsai, in addition to PowerMail. SpamSieve also works with MailSmith, Apple Mail, and Entourage. SpamSieve uses a technique called “Bayesian filtering” to detect spam. Bayesian analysis of text has been around for years. Paul Graham was the first person to recommend Bayesian filtering for fighting junk email in his seminal http://www.paulgraham.com/spam.html Plan for Spam.

On Windows I’ve had success with an open source Bayesian-based program called http://spambayes.sourceforge.net/ SpamBayes. It’s an Outlook plug-in and it does a good job. The commercial version of SpamBayes, http://www.inboxer.com/ inBoxer, is easier to install and even more accurate. I recommend it highly.

It helps to have an address you can use to give out when you sign up for things, instead of jeopardizing your mail email. For this purpose I subscribe to http://spamcop.net SpamCop. SpamCop does filtering, too. If your ISP doesn’t offer SpamAssassin, this might make a good alternative, but I found that SpamCop was stopping too much legitimate mail, especially from mailing lists. However, I use my SpamCop email address whenever I have to give an address to a website. I find that the @spamcop.net address seems to deter them from selling my name. I also report especially egregious spam to Spamcop.

http://gmail.google.com Gmail and http://mail.yahoo.com Yahoo Mail also feature effective spam filtering, and are a good choice if you are willing to use a web based email solution. If you are comfortable with Wikipedia.imap IMAP? I highly recommend http://fastmail.fm Fastmail - they offer both SpamAssassin and Kaspersky anti-virus filtering on the server-side.

(Still working on this…)

My two-step approach to fighting junk email seems to work pretty well. My first line of defense is my ISP, Sonic.net. Like many ISPs, Sonic filters for spam on its mail server with an open-source program called SpamAssassin, a hefty Perl script with multiple rule sets. As the end user, I set the score threshold. Email messages that score too high are held on the server and never reach my inbox. Set the threshold too high and extra spam gets through. Set it too low and you’ll get false positives, the bane of spam filters.

I’ve found that a threshold score of 6.5 stops 90 percent of the mail I don’t want while letting through all the mail I do want. SpamAssassin kills an average of 120 spam messages a day on my main account. That’s several megabytes of hair-restoration ads I never have to download. I review the spam mailbox every few days to make sure it hasn’t trapped anything I want. I’ve used it for several months and I’ve found it to be quite reliable.

But what of the 10 percent of spam messages that sneak by SpamAssassin? For that I use client-side filtering. I do all my email on Mac OS X using a streamlined and powerful program called PowerMail. I use an add-on spam filter called SpamSieve by Michael Tsai, in addition to PowerMail. SpamSieve also works with MailSmith, Apple Mail, and Entourage. SpamSieve uses a new technique called “Bayesian filtering” to detect spam. Bayesian analysis of text has been around for years. As far as I can tell, Paul Graham was the first person to recommend Bayesian filtering for fighting junk email.

As Graham points out, most spam filters work like pesticides: They simply breed smarter spammers. Because a Bayesian-based filter learns and evolves, it can keep up with spammers. It doesn’t always work, but it does a very good job of detecting the bad stuff. On my machine, SpamSieve has processed 8,018 spam messages and 48,195 good messages with a 98.7 percent accuracy rate. In other words, it missed only 572 penis-enlarger ads and incorrectly marked 186 messages from my mom as spam. (This might be the first time “penis enlarger” and “my mom” have ever appeared together in a sentence.) That’s still 186 false positives too many, but it’s the best I’ve found to date. SpamSieve is particularly accurate with mailing lists. Many spam filters incorrectly tag newsletters as spam. I subscribe to several dozen lists. Thanks to the combination of SpamAssassin and SpamSieve, I haven’t missed any newsletters.

SpamAssassin uses a combination of Bayesian techniques, rule-based filters, and white-and-black lists to do its job. Its developers are constantly fiddling with the rules, so it seems to keep up with the spammers.

But why do spammers try so hard to get past mail filters? If I’m filtering on the word Viagra, I don’t want to see messages about it. What’s the point in spelling it “V i a g r a”? Maybe it’s because many spammers aren’t trying to sell anything at all. According to an interesting study by Wired News, most spam is designed to harvest your email address. That’s why you should never reply to spam — even to complain.

Since I don’t use Windows to read email, I don’t have much experience with Windows-based spam filters, Bayesian or otherwise. I’ve been waiting for my buddy Mark Thompson to ship his long-awaited Spambo. He showed me a pre-release version during the Call for Help-a-Thon in December, and it looked pretty amazing, but for some reason he’s holding onto it. Meanwhile I’ve been trying a Bayesian-based program called Ella from Open Field Software. It’s an Outlook plug-in and it does a good job. Open Field plans to release it as an automatic mail categorizer, much like John Graham-Cumming’s POPFile. We’ve featured Graham-Cumming and POPFile on the show, but many users report they were confused by the set up. I’m going to give it a try this weekend. I’ll let you know how I do.

I also subscribe to SpamCop, but I no longer use it to filter my mail. For $30 a year you can run all your incoming mail through SpamCop before it hits your inbox. If your ISP doesn’t offer SpamAssassin, this might make a good alternative, but I found that SpamCop was stopping too much legitimate mail, especially from mailing lists. However, I use my SpamCop email address whenever I have to give an address to a website. I find that the @spamcop.net address seems to deter them from selling my name.

I’d like to review some other solutions, too, but with so many spam filters for Windows, I hardly know where to start! That’s where I need your help. Have you found a failproof solution? Have you wasted time and energy on a product that failed miserably? Let’s hear about it! Post your recommendations or warnings in the Talkback section below. I’ll put your favorites to the test and report back on our findings.