Eric Wolfram's Writing : How To : Stop SPAM, anti-spam blocking software and using Spam Filters

Eric Wolfram's Writing, How To Stop SPAM

Stop SPAM, anti-spam blocking software and using Spam Filters

What is SPAM? SPAM is unsolicited email. It is the Internet's version of junk mail. Whenever you receive an email from someone you don't know, be skeptical. Don't respond to the email, because this will confirm that your email address is, in fact, read by a real person. Responding to spam will result in more SPAM to you. Don't click on any links, because the links are often coded, and clicking on one of the links will result in more SPAM in the future. Sometimes the email will try to trick you into responding with a request to be taken off the list. Don't -- this is a trick and it will result in more SPAM.

What should you do?
Delete the email. That is the best thing to do. If the email seems fraudulent (WARNING: Many of the SPAM emails ARE fraudulent), if the email is asking you to send money, or if the email is promising that you will get money if you give them your VISA number or bank account number; you may want to report it.

Most importantly: If an email is asking you to forward the email to all of your friends, and if you feel compelled to do so, PLEASE make sure to first confirm that it is an email based in truth. Many emails that ask people to forward the email to all their friends are, in fact, untrue. Search UrbanLegendsZeitgeist site or Urban Legends Reference Page to make sure it's not a hoax or untrue. Type specific details of the email into the search box and press submit. It is also a good place to check and see if an email is fraudulent. BEWARE!

How to report fraudulent SPAM
This is the Federal Trade Commission's email fraud address. Send the email with all the header information to uce@ftc.gov.

Here are some other suggestions on what else you can do:

Filter your known email into their own directory. Email programs like Eudora allow you to filter.
Continue to complain to your ISP who will eventually get tired of complaints about spammers and block all email from the offending domains.
[A Favorite] Spam marketers are highly prone to avoid tax payment via non-declaration, so the IRS wants to investigate. The IRS wants to hear from you when you receive spam. Forward the email with full headers, and the domain registration to hotline@nocs.insp.irs.gov (and cc the spammer for additional results.)
The North Carolina Attorny General's office can fine the company for every spam mail received under NC General Statute: 1-539.2A. Damages for computer trespass. NC Attorney General's Office -- AGJUS@mail.jus.state.nc.us
Suggestion: Most people won't advocate this, but you may want to cc: the domain contacts when forwarding to AG offices and the IRS. A lot of that spam suddenly stops; on occasion, one person claims to have received an apology from someone at the spammer.

Disposible email addresses for Stopping spam
Here are some sites where you can get desposible email addresses.

Spam Gourmet -- a spam stopping service
Spamgourmet is really cool. It is a free hosted application designed to protect you from having your contact information abused. Sign up for free and they give you email addresses that expire -- you can spontaneously give out self-destructing disposable email addresses. That is, you can give out email addresses which will allow a specified number of emails sent to that address to go through to you, and following that, it will block emails from that address. It's pretty easy to figure out how to do this. Furthermore, they let you download the code, so that you can host a similar service, if you are so inclined.
TrashMail
Create an one use email redirection for free. After the first use, your account will be deleted and no more mails (like spams) will be delivered to your real email address! Your email account will be valid up to a maximum of 7 days. This is not an anonymous mail service. All mail server activity is logged.
Temporary Inbox
A temporary inbox is a disposable email address, which doesn't require registration and can be used to avoid spam.

Commurcial Spam filters for Stopping spam
Here are some notible filters that I have found while doing research on SPAM.

SpamAssassin -- an open-source product aimed at UNIX systems.
A user notes: the Open version is extremely configurable. Here is an Example of a SpamAssasin Report. Don't confuse this Opensource version with a product sold by Deersoft for Exchange and Outlook versions of SpamAssassin (see details below), and there is also Spamnix, a commercial Eudora plug-in. Other interfaces for plugging SpamAssassin into your mail systems are listed on this page.

MailDuster
There is no software to download and install to use MailDuster. It works with the program you currently use to read e-mail. It works with your existing email account. No need to get a new e-mail address. The ASP service maintains a list of "allowable senders" - those email addresses of people who are allowed to send you messages. If a message arrives from an allowable sender, it is passed along to you when you check your email. If a message arrives from someone who is not on your "allowable senders" list, it is simply held on the mail server (it is NOT deleted). An email is then sent to the original sender informing them they need to "request permission" to send you mail by going to the mailDuster web site. When such a request is received, you are informed via email. If you decide you want to grant the request, you simply go the mailDuster web site and grant it. That sender is then added to your "allowable senders" list, and their mail is delivered (including the original held message). Most junk mail is sent by an automated system. Automated system will never answer the MailDuster request for permission. After a few days, if no request for permission is received, the email is quietly deleted. In March 2002, MailDuster was free for the first 30 days of use. The fee is $1.42 per month, after that, billed as a single $17 annual subscription fee.

SpamSeive -- My friend Paul uses this filter and he likes it -- it uses Bayesian filtering and works with his relatively obscure mail client PowerMail.

CloudMark
This is an add-on that only works in Outlook right now (not Eudora or Outlook Express). Here's a testimonial from a friend on September, 2002. "I installed this prog and it's great. Doesn't miss much (less than 5%) and no false positives, thus far. Only bug is that now, when Outlook is reduced and the computer has been to the screensaver, I have to click it several times (or right-click and choose RESTORE) to restore it, but that's a small price to pay, methinks." October 2002, another user of cloumark said: "It is a networked community solution. It blocks spam you receive, but also spam which is received by anyone in the network. The more people who join, the better it works. I have not experienced many problems with friendly emails being blocked yet."

Brightmail -- supposedly an ASP spam filter
Brightmail is a San Francisco Based company, which is run by Sunil Paul, a self proclaimed wizard on SPAM. Brightmail appears to have too many MBAs working for them, in my humble opinion. Their most recent round of funding, in July 2000, "closed $35 million in strategic financing." So I bet they probably burnt through that money and are almost out of business by now! Upon reading the web site, it appears that you must install their software -- so it's not even a real ASP. I'd say, avoid this company, but what do I know?

SpamCop
This works with POP and Webmail, plus you can forward mail from your other POP accounts (For example, forward your ISP accounts to SpamCop, then use SpamCop's POP server). Not free, $30/Year, as of Jan. 2003.

Procmail -- Yikes, this is for professional coders who manage their own server only. If you're one of those people, here's a tutorial on Procmail

JunkFilter -- It is a set of procmail mail processing rules.
One user claims that he received less than 2% false positives after tweaking the rules. Upside: free, uses standard open source software (procmail), runs on the server, install once for all users, allows customization per-user; supports filtering on headers, domains, dialup connections, and other criteria. allows a "white list" to override rules. Downside: minimal tech support (mailing list), pretty geeky (you need to understand procmail and run a mail server or be on good terms with your sys admin), no automatic updates from a central blacklist. One user claims he spends about ten minutes a week adding new rules.

POPFile - Automatic Email Classification: Summary
POPFile is an email classification tool with a Naive Bayes classifier, a POP3 proxy and a web interface. It runs on most platforms and with most email clients. It *learns* as you work with it. Source code available and also an "easy to install" windows version. Written in Perl.

Stop people from harvesting your email from the web
People have written programs which surf the web and harvest email addresses. This is particularly annoying because it ends up stopping people from putting their contact information on the web. If you have a web site, or if you post your email address to forums or newsgroups, someone may have harvested your email address. One trick that people use to foil these email harvesting programs, is that they will modify their email address and leave instructions on how to fix it. For instance, someone will say:

"email me at nospam@wolfram.org (please replace "nospam" with "eric" in that email address.)"

That technique is a bit cumbersome, still, people use it because it works.

Personally, I recommend setting up an account at Spamgourmet and leaving those email addresses on forums or newsgroups. Also, if you have a web site with mailto links, you might want to try this Javascript trick for stopping email harvesting programs from grabbing your email off of your web site.

Here's another blog post about the effectiveness or various spam fighting ways of displaying email address on a web page

CounterExploitation -- Fighting Back Against Email Harvest Bots
What if, instead of YOUR email address, the harvester program finds hundreds and hundreds of completely bogus, invalid email addresses? Toxic Waste Dump is a program that allows you to create virtually an infinite number of bogus email addresses on bogus web pages pages (limited essentially by the amount of space you want to use for them in your Web account!)

Articles on SPAM
SPAM filtering strategies Paul Grahm's excellent article on how it should work
SPAM Filter Software that you Install
You may want to avoid spam filters that you install because they will obviously only work on the computer that you install them on, and instead you might look for hosted applications or email services that install filters at the server level.

Spam filter service for ISPs

Spamex -- a service -- shrinkwrap

About This Page
SPAM degrades the value of email. I intend on providing continued maintainanance to this page. Please let me know if anything on this page is misleading or needs updating or additions.
eric@wolfram.org
Please feel free to link to this page so that others can find it. It's easy to link to this page, just copy the text below onto your web page:
<a href="http://wolfram.org/writing/howto/2.html">How to Stop SPAM</a>