Beating Spam Without Busting Your Address

(aka a low maintenance accurate per-user opt-in anti-spam technique)

[ Preamble | The Method ]
[ Recipes for Specific Systems (Eudora, Internet Explorer, Netscape/Mozilla, Forte Agent, Procmail, Unknown Mailers) ]

Preamble

I think we'll all agree spam is a PITA.

What a lot of people have taken to doing to avoid it is to post news (and email!) with a corrupted version of their address in the From: line so that automatic address gathering tools don't collect a useful address. A side effect of this is that anyone wanting to <reply> to the author must manually hack the address back into usable form.

Conversely, we can probably all agree that busted addresses like "fred@diespam.domain.com" for "fred@domain.com" cause legitimate repliers inconvenience, and harm the "it just works" nature of electronic communication.

Now, if you could have your mailer automatically recognise spam and toss it for you, wouldn't you feel less need to hide from the spammers? It is, after all, the interruption/noise-in-the-mailbox which is the major irritant.

Here's my technique, which is low maintenance and works quite well (particular types of spam get past it, but most doesn't).

The Method

The guiding principle is based on that fact that we don't care, by and large, who is mailing us, just why. So instead of some complex scheme to notice spammers' addresses or hosts (which are routinely forged anyway) we measure their intent: did this person intend to email me-in-particular?

A brief jaunt into spam and then the filter method, which any of you can apply yourselves. How it works: most spam is broadcast (contact SMTP service, give message to service, tell it to deliver to thousands of people). As a consequence, the header lines are fixed and thus do not have my (your) address in the To: or CC: line, nor the address of any of the mailing lists you read.

So, you make a list of rules, saying something like:

This effectively removes the interruptive effect of spam. It does take a few days to get the ruleset complete, but you then only have to edit the rules when you join a new list, not whenever some new spammer springs up from the slime.

I've personally set this up for people using: netscape, M$ Exchange, Eudora, procmail. Anything with filters will do the trick. And your mailbox will be quiet again and you can stop hiding!

Special Notes

  1. It will probably take a few days to get the rules complete, so check up on your ProbablySpam folder frequently during this time.
  2. Some legitimate mailing lists don't put anything useful in the To: line. Usually a rule based on the Sender: line or failing that the Reply-To: line suffices to identify these lists.
  3. Never change the:
    if Subject: has ""
    then Transfer to ProbablySpam
    into:
    if Subject: has ""
    then Delete
    because there'll always be the occasional item which isn't spam, but does look that way to these rules. Just peruse your spam folder every so often (I do it every 3 or so days) for the exceptions - some exceptions will be lists you forgot, especially early on, and some will simply be exceptions - many can be addressed by examining the From: line. For example, I have a friend whose mailer routinely busts the To: line, so these rules would call it spam. I recently added:
    if From: has "barry@his.site.dom"
    then SkipRest
    to the list. There should be very few of these.
  4. Likewise, never attach some auto-replying "never spam me again you vermin" tool to things which land in your ProbablySpam folder; aside from the fact that this is wasted effort for the (many) spams with forged addresses, the day you join a mailing list and forget the rule for it you'll make many enemies. Moreover, in a new form of loathesomeness, some recent spam has real addresses in the From: line - the address of an unrelated innocent!

Recipes for Specific Systems

Firstly, recipes for a number of mailer agents. (Please send me recipes for other mailers if you make one!) Then background lore about making filters which may be of help if you want to do this for a mailer I've not encountered yet.
Note: if you're on UNIX and your mailer (eg pine) isn't explicitly mentioned, check out the procmail filter - it can do the filtering before your mailer sees the mail. UNIX tends to separate tasks like this - leaves you more flexibility. Many UNIX systems ship with procmail preinstalled these days; just ask your sysadmin.

Mailer Lore about Filters

Some background and terminology

Many mailers let you apply relative arbitrary rules (aka "filters") to incoming mail, to autofile things in particular folders, reject things, etc.

Email rules are quite simple. You just set up a list of tests in a nice little dialogue and it applies them in turn. When one matches email item then the corresponding action is taken. Your choices for tests and actions are pretty constrained, like "does the To: line contain this address" and "transfer this item/message to that folder".

Different types of rules

Most mailers require you to set things up with simple rules. So what you may have to do is, for each of your addresses (including the mailing list submission addresses, which reach you and thus, in a sense are you) make a pair of rules saying:
if To: contains the-address skip-all-further-rules
if Cc: contains the-address skip-all-further-rules
Netscape has a header rule clause for saying:
if To:-or-Cc: contains ...
which immediately halves the work you need to do. Anyway, after these "match me" rules you need a final rule:
if something-always-true then transfer to "ProbablySpam"
If the mailer doesn't have a "true" I tend to use "Subject: contains empty-string".

Some mailers let you make complex rules:

if this or that or the-other
then do 1 then 2 then 3
like this:
if To: contains the-address
OR Cc: contains the-address
OR To: contains another-address
OR Cc: contains another-address
... etc etc ...
then skip-all-further-rules

if something-always-true then transfer to "ProbablySpam"

If you're really lucky you can say:
if To: does-not-contain the-address
AND Cc: does-not-contain the-address
AND To: does-not-contain another-address
AND Cc: does-not-contain another-address
... etc etc ...
then transfer to "ProbablySpam"
as a single rule and you're away.

My personal mail filer's custom and amongst other things labels items with their topic (i.e. "Personal", "SydRide", "SysAdmin" etc) for later use. Anything not getting a label is "ProbablySpam", and that's where it goes.