Can That Spam!

Just like everyone else, I get spam. Spam in my inbox, spam in my comments, spam in my referrer listings, spam everywhere! A few months ago — after being bombarded by those vial email programs just about enough — I decided to fight back. Here are some things that I do to combat our common enemy, in all of his various forms:

Email Spam — a lifelong struggle
I own the domain phark.net, and while my true email address is mike at phark.net, any email sent to that domain gets auto-bounced to my catch-all box. I use Apple's Mail as my email app of choice because it does a great job of catching Junk Mail right out of the box. But to combat these new-age spam pirates, I needed a technique that was a bit more industrial strength.

I don't give my real email address out to just anyone (not even RIT knows about it) so by being selective when I give it out I'm lowering my chance of spam. Whenever an online service asks for an email address to signup (Yahoo!, ESPN, Pepsi, New York Times, etc.), I tell them an email address that corresponds to the name of the service — yahoogames@phark.net, nytimes@phark.net, pepsi@phark.net, and so on. They're all valid email addresses, and all get sent to my catch-all box, but as soon as I see that I'm getting spam addressed to any of them, I set up my Mail program rules to delete all incoming mail to that address automatically. Not only is this a useful way to isolate and trap spam messages, it's also fun to see which companies sell your email address out to spammers! I can't tell you how many times I'd get THE EXACT SAME spam message sent four times in a row, each one addressed to pepsi@phark.net, yahoogames@phark.net, and nytimes@phark.net. Coincidence? Nope, because I've never given those email addresses away to anyone else.

Now for a more client-side approach to spam sniffing, I went into the Junk Mail settings, and clicked on the Advanced button. From there, I changed things around to look like this:

When Mail thinks something is spam, that's good enough for me — so it deletes it before I ever see it. To facilitate the growth of Mail's AI, the few messages that do squeak through, instead of just deleting them, I identify them as spam so that it learns a little more. And just to nail those pesky Nigerians and Viagra peddlers, I set up this Rule:

Comment Spam — the anonymous enemy
Whenever I write something on my blog, Google eats it up. Because of that, my blog is prime target for spammers looking to find a large audience. TypePad (currently? I'm not sure) doesn't have any sort of spam protection for people who use its blog service, so I'm going to have to manufacture a homegrown remedy. I was thinking of having an image with randomly-generated numbers next to the "Submit" button so that you'd have to type the numbers in to comment, but that might alienate visually-impaired users and I don't want to do that. So for right now, I'm still trying to figure out a plan.

How do you fight the good fight?

Comments

One thing that Mike didn't really touch on is referrer spam. So far, I've only heard of this happening to me, but when I check my refer list, there are, like, 30 entries at a time from the same domain. Curiously, I go see if a link to my site is on there or something, and it just ends up being some porn site. Wow, eh?

Posted by: Nigel Goodfellow | Sunday, April 25, 2004 at 07:23 PM

Mike, why wouldn't randomly generated text letters (the kind screen reader software could catch) work? Are the spam bots that smart?

Posted by: Honus | Monday, April 26, 2004 at 08:01 AM

I have been doing the same thing for about a year now ( for instance my emailadres here is phark - @ - percept.be ) and it's been quite effective so far. I had one problem when a spammer started generating random adresses but they allways kept a part of the emailadres the same so I was able to filter on that.

It's currently one of the best ways to block spam but unfortunatly not something a lot of people can do.

Posted by: Bart N. | Monday, April 26, 2004 at 10:26 AM

On all of the sites where I've seen this technique used, they use images. I'm assuming that there is a reason they don't use text, and the intelligence of spam bots might just be it.

Posted by: Mike | Monday, April 26, 2004 at 10:30 AM

Hey Bart - That "randomly generated" names thing happened to me a few weeks ago, and that's what prompted this big crackdown on spammers. I was getting 50+ a day addressed to random names, and I couldn't take it anymore.

Posted by: Mike | Monday, April 26, 2004 at 10:32 AM

Spambots are quite smart and the most advanced once are even able to read images ( that's why the text on such "code" images is usually rendered in some strange font with some random background. This way it's a lot harder for the bots to extract the text from them ).

Posted by: Bart N. | Monday, April 26, 2004 at 10:41 AM

My main tactic is to let my Yahoo account manage spam. If I sign up for any service or account, I give them my Yahoo account. Spam filters there catch nearly everything, and I generally get only a couple spam messages a day in my inbox.

Only the most trusted friends (or those I know won't give my name out at websites for those stupid "fill out this quiz" websites), professional acquaintances, or for resume purposes is my nicoleswan.com email available. Well, and for enterprising website visitors that find it on my "about" page. Through careful watch, I've managed to keep my domain accounts spam free. *knock on wood*

Posted by: Nicole | Monday, April 26, 2004 at 11:02 AM

I use knowspam and like countless others (Brad Choate comes to mind) I've seen a reduction in my spam versus legitimate emails ratio.

I was amazed that in 2 weeks time I received over 100,000 spams and all because I used my actual email to sign up for various web-related services a few years back. My fault, I know.

Now it feels good to actually have a healthy email box without the clutter. Granted I could have used Spam Assassin or Thunderbird's junk mail filters for cheaper alternatives but I think I made a wise choice.

I also could have just as easily created a new address and dumped my old one but that would defeat the purpose of having an email address doesn't feel impersonal (like yahoo, hotmail, etc.)

When GMail goes live for public use I'm going to set up an account as a spam catcher and at 1GB it means I won't have to check it as often.

Posted by: kartooner | Monday, April 26, 2004 at 11:12 AM

I do the same thing Nicole does. Yahoo's filter works shockingly well. The only spam I seem to get in my inbox is JC Whitney's catalogue. MSN's Hotmail spam filtering really blows, because it always sends emails from my father into the trash, and putting him on my safe list has been flaky. I am lucky though that I don't get a whole lot of spam there (it's basically exists just so that I can get emails people send me if they can't remember if I'm at Hotmail or Yahoo - AHEM, Mike, cough cough).

I wish I had some more advanced techniques at my disposal, but without my own site based email, that's not going to happen. I have to say Mike your cleverest trick is giving yahoogames@phark etc and seeing who is selling your info.

As far as bots go, I find it odd that they're good enough to decipher not just text but photograph ones too. That's downright diabolical.

Posted by: Honus | Monday, April 26, 2004 at 02:18 PM

Great tips! And I third the vote for Yahoo mail, they've just upgraded there mail features and it's working great.

Posted by: hass | Monday, April 26, 2004 at 03:55 PM

Yeah add me onto the Yahoo list. I've been using them for mail for about 4 years or so and with the exception of probably 2 weeks I've been pretty much spam-free for years.

Occasionaly a good email will slip into the Bulk folder but what can you do. :)

Posted by: Scott | Tuesday, April 27, 2004 at 12:49 AM