Wednesday, April 04, 2007

The Sorry State of Spam and What You Can Do About It

Again, from the very helpful Web Worker Daily.

A year ago, the Messaging Anti-Abuse User Group put out a report stating that over 80% of email is spam. Judging from my unfiltered inbox alone, I’d say that’s very true. Many say that email is dead thanks to the overwhelming influx of junk, but web workers still rely on it too much to say eulogies.

We can maintain control over our inboxes. Regardless of the email client or server you use, here’s an overview of the tools we have to fight back against those that insist we need larger sexual organs, free software and pre-approved bank loans.

First, admit that you are powerless to stop spam, at least at the individual level. You can make sure that your email address never appears anywhere a spammer can get it, sure. But how realistic is that? Legislation? Maybe. For now, you just have to get through your inbox.

For the sake of this article, we’re not going to talk about Exchange or corporate email filtering. If you get your email through a corporate server, you should have an IT person to talk to. The rest of us are usually on our own.

Web-based email and spam filtering inboxes

Gmail’s built-in spam filtering is now very good and getting better all the time. You can’t do anything to train it for your specific inbox, but Google does learn by its mistakes improving the filtering for everyone. Many have been known to send their email through Gmail simply to take advantage of its intelligent filtering. Since you can’t train it directly, you do need to skim the Spam folder from time to time to make sure you’re not missing legitimate mail. Yahoo’s free email accounts include SpamGuard, similar in function to Gmail’s filter but the jury is still out on whether it’s as effective. Most say not. With the paid Yahoo email accounts, you get the option of training/configuring the filter.

Along the same lines, paid services like SpamCop provide a clean, spam-free email address. You just forward your “dirty” email to it and SpamCop only delivers the filtered results.

Server-side filtering

If you have direct access to the server that manages your email, you can install and configure tools that will catch the spam before it hits your inbox. Most of these tools use Bayesian filtering to analyze the message on many levels and determine whether or not it’s spam. The advantage here is that you can get your mail via whatever desktop, mobile or web-based client you choose and you never have to deal with add-on software locally. If you pay per byte downloaded, this can save you a great deal of money. This is also your best hope if you get your email on a handheld device. A list of many different options can be found here. For Apache servers, SpamAssassin is a top choice.

If your email is hosted on a shared server, your service provider may have server-side filtering available for your account. Dreamhost and Pair Networks use SpamAssassin, for example. You have very little control over these filters, setting its aggressiveness with a slider. Too aggressive and you’re trashing legitimate mail, too lenient and you’re still filtering spam in your inbox. They are typically all or nothing, with rudimentary black and whitelist support at best. Having tried the server-side filtering tools at many different shared web hosts, I have yet to find one that I am truly satisfied with.

Client-side filtering

If you use a desktop email application chances are that it came with a spam/junk filter that you have to spend time training to get it to work effectively often with mixed results. There are 3rd party add-ons for desktop clients that work far more effectively, with finer control over the options. Brute force blacklists are useless now. For Outlook, the open source SpamBayes is outstanding, but it takes some tweaking to work well.

If you want set-it-and-forget-it convenience, I would highly recommend Cloudmark Desktop at $40/year. It installs as a plug-in to Outlook or Outlook Express and relies on its community to effectively filter spam. It works on the premise that spam to you is spam to everyone else. Once a message is marked as spam by one user, that information is immediately updated in the network so by the time you received the same piece of junk, Cloudmark knows it’s spam and filters it away. The more you use the filter, the more your selections are trusted by the system. The only emails that Cloudmark may have difficulty with are opt-in newsletters, where community members “block” the email rather than delete. Overall, Cloudmark has been over 99% accurate in keeping my Outlook inbox free of crud.

On the Mac OS X side, the best 3rd party add-on by far is SpamSieve. It’s a powerful Bayesian filter that just works and is well worth the $30 fee. SpamSieve works in Apple Mail and most Mac OS X email clients including Entourage and MailSmith and now, at last, Mozilla Thunderbird. The application installs a plug-in into the email client and runs alongside it. With minimal training, it’s not unheard of for SpamSieve to be greater than 99.8% accurate all the time.

Challenge/response filtering

Have you ever sent email to someone with an Earthlink account and gotten one of those annoying messages back asking you to prove that you’re a human being? These spam fighting tools put the onus on the sender to prove to the recipient in an extra step that they are not a spammer. It certainly works, since no spammer will take the time to type in the captcha to get their email through. Unfortunately, you are relying on the sender to take this extra step which they may not always do. If a prospective client wants to talk to you about a job, do you really want to take the chance that they won’t jump through your verification hoop? If you must, SpamArrest is a popular choice. Others here.

No comments: