Gallery

Stop spam the easy way: pick an anti-spam ISP

Posted on 23 May 2005 at 15:23

Subject: Re: Va11ium C1ALlS V-AGRA

'man, very tall and stiff, a little older and greyer than Don Dieg had fallen into his hands ... A dreadful man. That is why. fugitive traitor as long as he lived.'

Our SpamAssassin-based anti-spam system recognised this as containing references to erectile drugs, but the content wasn't relevant enough to have the message classified as spam. If we allowed our Bayesian filter to read this message as a real one, which many systems would do automatically, the phrase 'Va11ium C1ALlS V-AGRA' would corrupt our database of real messages and future adverts containing this term would stand a better chance of avoiding the filter. It pays to keep a close eye on mis-classified spam and take steps to remove spam from your database of real messages.

Xenophobic filters

Many desktop- and server-based spam filters will allow you to ban email coming from certain countries. If you stop mail coming in from China, Taiwan and Korea you will make an instant improvement to your inbox. You can also reject messages containing different character sets, but we have not seen much spam actually written in Chinese.

The reason country filtering works is that spammers concentrate heavily on abusing computers in certain non-English-speaking nations. One London company we have worked with was receiving a total of nearly 1,000 spam messages a day. Blocking the China/Taiwan/Korea networks reduced this to around 50 messages per day, which was far more manageable by a desktop scanner.

Domain email forwarding

Register a domain with email forwarding and you will be able to send emails to different accounts, depending on the username. More often than not, you will be allowed to choose between ten and 20 email addresses. For example:

sales@mydomain.com ->user123@free-isp.tld

info@mydomain.com -> someone@gmail.com

fred@mydomain.com -> fred999@hotmail.com

*@mydomain.com -> fred999@hotmail.com

In this example, email to sales@mydomain.com is forwarded to the email address user123@free-isp.tld, while info@mydomain.com goes to a Gmail account. Fred999@hotmail.com receives mail for fred@mydomain.com as well as everything else to that domain.

This looks useful, because you wouldn't want to miss out on some business just because someone misspelled your address. However, like everyone else, spammers have access to the directories containing domain names, and it is easy to generate lists of potential email addresses. Popular choices include, but are not limited to, domain@ info@ sales@ technical@ and so on. Personal names are also easy to put through an automatic script for generating spam. If you can bring yourself to do it, avoid using the wildcard (*) entry for email forwarding. Little good will come of it.

Some ISPs allow you to set up automatic replies for certain email accounts. You could set one up for *@mydomain.com with an auto-reply message like this: 'The user you sent your mail to does not exist, but please feel free to call us on 0870 123 4567.'

That will keep potential customers happy, and spammers will not even receive this message because they send messages from other people's computers.

If you want to create your own anti-spam system, and you have a connection at least as fast as an ADSL line, you might actually want to collect spam and use it with a signature-based scanner. This would be particularly useful if you provide email accounts to more than one or two people. You could download samples from a database like www.spamarchive.org, but it would be better to gather your own by pointing the (*) address to an account that will only ever receive spam and nothing else.