Simple ways to deal with spam
1. Get Mailwasher but DON'T bounce spam
Recently I've been receiving hundreds of returned undeliverable messages a day. What's happening is that a virus or a spammer is inserting my domain into the 'From' address for their crap, and the recipients have their servers configured to blindly return or 'bounce' spam to the sender... so I gets it :o(
Bouncing spam used to be a good idea, but now it's only worsening the threat that spam and viruses pose to the useability of email. Indeed the only legitimate use for bouncing email now is to tactfully inform a known sender that you don't want the mail they're sending you (such as forwarded and widely circulated funnies). See 2 Bounce or not 2 Bounce for a fuller explanation of why BOUNCING IS BAD
There are many freeware and shareware programs out there (and some commercial ones too) which claim to block spam before it reaches you, and some of them probably do work, at least to reduce it a little. Unfortunately many of these programs are either complicated to set up or simply ineffective, or require subscription to a third party spam-filtering service, which removes control from the user somewhat.
However... I have found a cheap and highly effective tool - Mailwasher - which lets you examine the headers of your mail from multiple email accounts before you download them and apply powerful filters (including an amazing 'learning' filter) to weed out the crap. It can automatically mark suspected spam for bouncing/deletion using an easily configurable filter/blacklist system, and if you're uncertain about any message you can safely preview it (by double-clicking on its header) since Mailwasher doesn't parse HTML (so no executable code can be run). When you've marked them you can simply delete blacklist all the spam and then download the mail you want as normal using your default email client.
Simple, cheap... and very effective.
2. One filter for 95% of spam
A little while ago I stumbled across a very simple way of filtering out 95% of spam using a single filter.
Previously I had laboriously created numerous filters (a.k.a. message rules in
Outlook Express) to identify and EXCLUDE spam, either by sender (e.g. Where
the From line contains '@email-prom.net') or by message content (e.g. Where
the Subject line contains 'mortgage rates').
However it kept on coming (especially the Lender's network crap) - the
spam seeming to mutate as fast as virii.
Then I twigged that the vast majority of the spam I receive is not actually
addressed to me. Much of it is addressed to '@myISP.com' and/or relayed to
me via 'email@example.com' (for example).
So with a little effort I created a single filter to catch ALL this
impersonalised spam, basically by assuming that EVERYTHING I RECEIVE IS SPAM and the best way to sort it is to
identify and allow what has really been sent to me personally.
It goes something like this:
Where the From line does not contain 'me@myISP.com' or '@anyofmydomains.com'
or 'NAMED SENDERS'
Where the To line does not contain 'me@myISP.com' or '@anyofmydomains.com'
or 'NAMED SUBSCRIPTIONS e.g. SARC or firstname.lastname@example.org'
Where the CC line does not contain [DITTO the To line]
TREAT IT AS SPAM (e.g.. 'Delete from server' or, for now, just 'Move it to
the Spam folder' to be safe)
Not only does this filter catch unsolicited spam, but it also catches all
those annoying update notices to which I have unwittingly subscribed, such
as Real-anything, Computer-Arts etc. etc.
The only down-side is that new subscriptions will be caught by
this filter if they are addressed to anything other than my subscriber email
address... so the filter will have to be disabled for a short period after
subscribing to anything new to let the first message come through so it can
be checked and the filter can be adjusted if necessary to allow further
messages to pass.
UPDATE: I recently received an unexpected email which was very important (from the British Council) but was addressed to no-one (they had correctly used the bcc line) and since I had not previously had email from them (and so not adapted the filter to allow it) this vital message was caught by my anti-spam filter. The filter is still in place, doing its job, but I would now advise only using this technique to sort spam into a separate folder and not to delete it, in case you do miss important but unsolicited mail.
3. Hide your email address on web pages
Most spam is sent to addresses extracted from web pages. If you put your email address anywhere on a web page - in a <a href="mailto:...> link, in the action parameter of a form tag or (especially) in a meta tag - it will be found by spam robots and added to spam lists.
There are many simple ways to disguise your real email address, from writing your address with '%40' instead of '@' (email protocol reads me%40mydomain.com the same as if it were email@example.com, but 'spambots' won't) to inserting obvious human-readable bits into your address, like: me@DELETETHISANTISPAMSTRINGmydomain.com or me@NOSPAM.mydomain.com. The problem is the spam bots are aware of these traps too and are becoming more sophisticated in circumventing them.
On my contact page I used to use this code to write a mail link onto the page. The point being that the complete email address does not appear on the raw html page and so cannot be detected by spambots, but the link still works:
fstr+='\?subject=Message sent via georgedillon.com">'
4. Hitting back at spammers
Reporting them takes time and doesn't really have much effect. Bouncing is now a no no. There is another way to hit back at spammers... fill their lists with false email addresses. If you have CGI access on your website, it's simple to add a script like the one at Cliff's Perl Scripts to generate fake email addresses complete with realistic names and properly formed mailto: tags, which any email harvester will gobble up... Here it is in action