Filtering Spam

So anti-spam laws are mostly ineffective, but you can filter spam yourself. Here are the basics.

Filtering has several shortcomings, including the fact that you still have to pay for the time and bandwidth to download the spam to your computer to be filtered. You have to keep up with the latest spammer tactics and keep your filters updated -- and most users don't have the technical skill to do this. It is a poor way to stop spam.

"Challenge-Response". A more recent concept is the "challenge-response" system. When you get a message from someone not on a "safe" list of senders, your ISP will hold that message while it sends a "challenge" to the sender that says, essentially, "We don't know if you're a spammer or not. If you are, you won't read this, so your message won't get through. If you're not, prove it by going to a certain web page and passing a little test."

While that sounds cool, what it does is change your problem with spam into a problem for everyone else -- the people you actually want mail from, while not impacting spammers whatever. This is not a reasonable exchange. If you have a spam problem, it's up to you to deal with it, not the people you want mail from. The appropriate response by a legit mailer who receives a challenge is "forget it" -- meaning you may not get order confirmations, shipping alerts, newsletter subscriptions, and other mail you really want.

There are several ways to filter spam: on your own server, if you have one; on your provider's system, if you're an individual user; or, you can do a combination of the tactics.

Many e-mail programs have spam filtering built-in, such as Microsoft Outlook. The problem is, that doesn't save your server-based inbox from piling up with junk (and perhaps sending you over the limit if you don't have a large "mail quota"), and it doesn't save you from having to download it all, which takes time and bandwidth.

If you run your own server, the most common spam-filtering method is to use SpamAssassin. This is an open-source non-profit initiative that is fairly effective. Your server provider may have it available for you, and that's an effective way to get it, since installing it yourself is difficult unless you're very familiar with unix and system administration tasks.

Google raised the bar with their free webmail product, Gmail. It has excellent spam filtering, and allows you to review what it thinks is spam in a "spam folder" -- which is a good idea, in case there's a "false positive" -- legitimate mail that it tagged as spam, which you can then mark as "not spam". Any spam that makes it into the inbox can easily be marked as spam, too -- and by being careful to always mark legit mail as "not spam" and missed spam as "spam" actually trains the filters to do better in the future.

Be careful to never mark mail you asked for as spam. This is an outrageous accusation to make against a legitimate mailer, and it is absolutely wrong to use the "spam" button to "unsubscribe" from mail you asked to get. You are accusing someone you asked to send you mail of a crime. Follow the instructions to unsubscribe from legitimate mail. Only if they ignore your request does the mail become "spam", because you've asked them to stop sending it.

You can do a hybrid of these spam filtering techniques: that's what I do. I explain in my blog entry How I Beat Spam how I use SpamAssassin first, then Gmail's filters second, to go from having tens of thousands of spam e-mails a month to just a couple a week. It's great!

Next Topic: Casualties in the War on Spam

Copyright © 1996-2010 by Randy Cassingham, All Rights Reserved. All broadcast, publication, retransmission, copying or storage is strictly prohibited without prior written permission (contact the author). This is True® is a registered trademark of ThisIsTrue.inc and is used with permission. (Privacy Statement)