What to do About Spam?

Over the last year, my wife and I have noticed that the amount of spam that we receive has gone up tremendously. It got to the point, around the beginning of 2002, that we would each receive several hundred pieces of spam in a day. There were some days that we'd receive thousands of these annoying messages. Obviously it was getting out of hand, but what to do?

Finally, one day my lovely wife came into my office with a fierce look on her face. She was very upset (and she's normally as calm as can be) because she had received literally a hundred spam emails asking her to enlarge parts of her body that she didn't even have! She demanded that I solve the problem. If you know my wife, then you know it's best not to argue. Just do what she says, no matter what!

Okay, I had been working on the problem myself, but now my sanity (and perhaps my very life) was threatened! It was time to get to work and solve the problem.

The first thing to do was to define spam in a way that works for prevention purposes. You cannot handle something if you don't know what it is.

"Spam is any email not received from an authorized source."

You see, the term "unsolicated email" does not work well. How many times, after all, have you got on the phone to ask someone to send you an email? I found the phrase "authorized source" works very well for the purposes.

Next, I defined the criteria:

Newsletters and such must not be filtered - We receive a lot of newsletters, and there is little more frustrating than having an ISP occasionally filter an issue (delete it) because it matches some arbitrary rule. We decided we don't want this to happen - we like our newsletters.

Messages from friends and known sources must not be filtered - Our friends and people with whom we correspond must not be subjected to any filtering or chance rejection.

Our goal was to catch 99% of the spam on a regular basis - The only acceptable amount of spam to receive is none. Zero, zilch.

Now that I knew what I was trying to do, it was time to implement. I looked at many products, services and solutions, and after some experimentation decided what to do.

Set up our own email server - One fact that was completely unacceptable was allowing our ISP to filter our email. How could an ISP know what we wanted and didn't want without even asking us? To completely eliminate this possibility, we purchased our own email server software. (A static TCP/IP address is required to make this work. If you have a DSL or cable connection, you will find that your ISP probably offers a package allowing for a fixed address.)

We chose the Argosoft email server, because it allows for as many domain names and user names as we could add. The free version is probably adequate for most people, although it was too limited. The PRO version only cost $49 and fulfilled all of our needs well.

Alternate method: Note that if you cannot set up your own email server (or do not want to) you can purchase a domain for under $10 from http://Namecheap.com and forward up to 50 email accounts. This can help with controlling spam, as will be illustrated later in this article.

What you would need is TWO email accounts somewhere (perhaps at your ISP). One is a filtered account and another is an unfiltered account. The filtered account is scanned by a spam filter (such as SpamDetective) and the unfiltered account is not (it's for newsletters and such). You then use your NameCheap domain to define email addresses which forward to either the filtered or unfiltered account as needed. You never send directly to either account - instead you use the NameCheap email forwarding service to create email addresses as needed. If these email addresses get discovered by spammers, you simply delete them and create differently named accounts.

Define individual accounts for newsletters and such - We defined a separate email address for each and every newsletter to which we were subscribed. This included our egroups, topica and other email lists. These accounts are not filtered in any way. This is necessary because even the most intelligent and well defined filters will sometimes treat a newsletter as spam. 

It's important that these email accounts only get used for this purpose so they do not wind up on spammer lists. In fact, one side effect of defining an account for each newsletter is that if you do receive spam in that account, you know exactly who is doing the spamming.

All of these accounts are set to forward to a single email account from which email is retrieved on a regular basis. It's too much work to try and pick up email from dozens of account separately. 

You could also define one account if you wanted named something like "newsletters@yourdomain.com". You could then use this for ALL of your newsletters.

Use ORBD - ORBD is a list of email servers which are known to send spam. The argosoft email server can be configured to check these lists before receiving email, and reject any messages from any of the listed servers. We defined our Argosoft server to do this.

User accounts - We set up filtered user accounts for our normal email. These accounts are intended to receive non-newsletter type emails. 

Email filters - We found the Argosoft filters were inadequate as the server returns a 550 error for any filtered messages. Services such as egroups did not appreciate these errors and didn't work properly.

Instead, we purchased SpamDetective, which is a very good spam filter. It cost around $30 and was trivial to set up. We set it up to scan our filtered email accounts every 10 minutes and remove anything which matched our keyword set.

One of the reasons why I like SpamDetective is that it uses a scoring system. Thus is a message contains one spam-like phrase, it will not be treated as spam. However, if it contains three or more, it will be treated as spam.

Note: If you used the NameCheap method, described above, you would use SpamDetective to filter your filtered email account. Do not filter the unfiltered account.

Define Friends, enemies and spam phrases - At first SpamDetective does not catch much spam. It has some predefined phrases, but you have to train it. Thus, as emails are received you examine them and add them either to the friend or foe list. You can also take terms and phrases from the messages and define them as "definitely spam", "possibly spam" and "friendly". This is an ongoing task performed regularly. Thus, the filters get more intelligent as time goes on.

Get a spamcop account - Spamcop.Net is a great service which does extremely good filtering on email. This account is to be used for signing guestbooks, filling in forms and so on. You see, the spammers regularly surf the web, looking for email addresses. By using a spamcop account, you filter most of this junk out.

You NEVER put any "real" email account on any web page. 

I don't use Spamcop's reporting features as I disagree with vigilantism - I just use it to filter my messages.

Our web sites only use forms - Spammers cannot harvest email addresses from forms (unless the email address is embedded within the HTML which calls the form - don't use these). 

Don't use Formmail - I never used Formmail myself, but it is one of the most used form systems on the internet. It is also perhaps the least secure and the most loved by spammers. Formmail is trivial to break and can turn any web server into a spam machine.

Block China - Unfortunately, spammers are using Chinese (and other Asian) email servers as open relays. This is very bad, and it means that China is unwittingly a huge source of spam. We set up our Argosoft server to completely block any email sent from China. Believe it or not, this alone reduced our spam by 75%.

I hated doing this (it seems so unfair to block an entire country), but until China cracks down and orders it's ISPs, universities and other servers to be more polite to the rest of the internet, it's imperative (in my opinion).

Conclusions - So what was the net result of all of this? We spent about fifty bucks on the email server software, a hundred bucks on a used laptop to run the server, thirty dollars on the SpamDetective software and a final thirty dollars on a Spamcop.net account (one year's service).

For that money, we now have met our goal. Our solution is blocking 99% of all spam. The filters block 300 to 400 messages per day, and only a dozen or so get through a week. 

We also receive all of the newsletters and mailing list messages that we desire without fear that it's going to be accidentally deleted because it contains a forbidden phrase.

In other words, our solution has worked even better than we had hoped.

And my lovely wife is happy, which is what really counts!

Additional Reading

• SPAM Everyone hates SPAM, which is defined as unsolicited emails. It's the big villain of the net.
• What is Spam Anyway? People call all kinds of things spam, but do they really know what it is?
• What to do About Spam? Overwhelmed with spam? Here is what we had to do in order to cut ours down to manageable levels.
• SPAM - How Spammers Get Your Email Address Ever wonder how spammers get hold of your email address no matter how careful you've been? Here are some of the ways.
• SPAM - History This is the story of how spam came to be, how it got started and how it has evolved.
• SPAM - Senate Bill 1618 The bottom line is 1618 is a myth used by scum spammers to make their emails appear to be valid. They want it to look like it is okay for them to send their emails. And if you happen to reply to get removed, why then you will find yourself on more and more spam lists.
• SPAM - Correctly sending commercial emails Okay, now you've read all about spam. You should now how a crystal clear idea of what spam is and what it is not. Now an additional question begs to be asked - how to you send bulk email without it being spam?
• SPAM - links
• SPAM - Do not respond to spam Most spam messages will include a link at the bottom which states something like "to remove yourself from the list click here ...". On the surface this seems innocent enough, but if you do respond you are potentially increasing the amount of spam that you receive by many times.
• SPAM - Spamcop There are three really nice sites which can help you with spam. Each of these offers a different service, each with it's own use.
• SPAM - email spiders Some spiders are malignant and are used by spammers to harvest email addresses. These engines should be blocked or denied where possible, and you need to take steps to ensure that your addresses are not siphoned off into some spammers database.
• SPAM - Spam Vigilantes It does not matter how well you do your job as regards spamming, at some point you will find yourself accused of being a lousy spammer. It is as inevitable as a politician lying or a psychiatrist sleeping with his patients.
• SPAM - Sending Letters to representatives Tired of spam? Think you can do more to fight this evil? Send a letter to your congressman!
• SPAM - Don't get mad, get even Got some time to kill? Need to find something to do? Perhaps even some money you don't need? Here's some ideas for you!
• SPAM - Munging Your Email Address Need a quick and simple way to keep spammers from getting your email address? Try munging it.
• SPAM - Spam Nonsense Some of the games the spammers play are actually quite amusing, once you realize they are happening.
• SPAM - Poisoning The Spammer Want to whack a few spam spiders? Add a poison pill to your web site.
• SPAM - Hiding Your Email Address Sometimes you may need to put your email address on your web pages. Here is a method for hiding it from the spam spiders.
• SPAM - Monty Python Spam Song The words of the Monty Python Spam song
• What happens to the spammers? Spammers, like all criminals, do eventually get caught. And the penalties are not light.
• SPAM - Bozo Filters Bozo filters are one of the main methods you can use to control any spam that gets to your account.
• Black Hole Death One of the most important set of players in the fight against spam are the black hole lists.