Filtering Spam

So while anti-spam laws are terribly ineffective, you can filter spam yourself. Here are the basics.

Filtering has several shortcomings, including the fact that you still have to pay for the time and bandwidth to download the spam to your computer to be filtered. You have to keep up with the latest spammer tactics and keep your filters updated — and most users don’t have the technical skill to do this. It is a poor way to stop spam.

“Challenge-Response”. A more recent concept is the “challenge-response” system. When you get a message from someone not on a “safe” list of senders, your ISP will hold that message while it sends a “challenge” to the sender that says, essentially, “We don’t know if you’re a spammer or not. If you are, you won’t read this, so your message won’t get through. If you’re not, prove it by going to a certain web page and passing a little test.”

While that sounds cool, what it does is change your problem with spam into a problem for everyone else — the people you actually want mail from, while not impacting spammers whatever. This is not a reasonable exchange. If you have a spam problem, it’s up to you to deal with it, not the people you want mail from. The appropriate response by a legit mailer who receives a challenge is “forget it” — meaning you may not get order confirmations, shipping alerts, newsletter subscriptions, and other mail you actually want.

There are several ways to filter spam: on your own server, if you have one; on your provider’s system, if you’re an individual user; or, you can do a combination of the tactics. (My own technique is detailed in the Spam Primer book — see the right side of this page for details).

Many e-mail programs have spam filtering built-in, such as Microsoft Outlook. The problem is, that doesn’t save your server-based inbox from piling up with junk (and perhaps sending you over the limit if you don’t have a large “mail quota”), and it doesn’t save you from having to download it all, which takes time and bandwidth.

If you run your own server, the most common spam-filtering method is to use SpamAssassin. This is an open-source non-profit initiative that is fairly effective. Your server provider may have it available for you, and that’s an effective way to get it, since installing it yourself is difficult unless you’re very familiar with unix and system administration tasks. See the Spam Primer book for more: you can do it even if you aren’t techie using some clever tricks described there.

Next Topic: Casualties in the War on Spam