Spam Defense. ** Mailwasher.net **

For several years I've used my Hotmail account for registering software or any case where my e-mail addy was needed. No Spam for a couple years. Then last year it began. Now that account is flooded constantly no matter how often I use block sender. My concern is that now my "real" addy is beginning to get a few. I'm careful what sites I go to and never give the addy out. I use Cookie Crusher, Ad Aware and Zone Alarm.

What do you do to defend your main address?

Re: Spam Defense. What do you do?

Hushmail uses a neat concept where you can set up a list of allowed senders, and weeds out automated mailers by requiring a one time verification response by the sender, before allowing the message to go through. Presumably the mouseclick on the graphical icon can't be done automatically, so it ensures the sender is a real person with a real address behind it.
It has been 100% effective so far in blocking out the torrential spam I was getting, but the Hushmail mail interface is geared more towards text messages, and doesn't make it easy to handle attachments, so it's not my regular use address.
Still, it's a nice concept that works well to get rid of every single incoming spam, because the automated mailers just can't break through.

What will work for you if you want to use an existing address, (provided you still have a "clean" address) is available at sneakemail.com-
This service provides "throwaway" email addresses, which you can assign to each company you send an email address to, and forwards the emails to your regular address with a header indicating which company it originated from. This allows you to trace where the "leak" came from, which opened up the spam floodgates. Works very well, provided you don't already have spam coming in on that address. It's perfect for all those signups that you have to provide an valid email address to get a confirmation code back, for instance. If you create a strong randomized primary address that won't be brute forced, you can be sure it doesn't come directly in to you, and the unique address created by sneakemail can be easily managed, and disabled if you choose, without affecting the other addresses in use.

Re: Spam Defense. What do you do?

Tried Sneakmail.com . It bounced me to http://www.secretnet.com/secretnet/ which is an undeveloped page with a link to KGB.org . I opted not to use the link.

I musta did something wrong?

Re: Spam Defense. What do you do?

it's sneakEmail.com - guess you dropped the 'e'.. I don't think I'd follow a link to the KGB either!

Re: Spam Defense. What do you do?

Well I'm not afraid of those damn "Rooskees."

I followed the link to KGB and it is another Internet security company. They state upfront that they are not part of the Russian KGB.

But then again, you know what storytellers those KGB guys were/are.

Re: Spam Defense. What do you do?

Originally posted by Tombeis:
Tom "I always lawyer up before posting on the CPF."

Click to expand...

<font size="2" face="Verdana, Arial">Is that lawyer or lather?

Re: Spam Defense. What do you do?

Sometimes both!

Funny, my last name is Beiswenger, Wingerr.

I added the Lawyer Up line to my sig after being cautioned buy a forum lawyer with no sense of humor, about one of my posts.

It's kind of a disclaimer to prevent double billing.

Re: Spam Defense. What do you do?

Back on topic

I use http://spamcop.net

I copy the headers of the email, it does some magic stuff, it will annoy the sys admin of the box thats either relaying the message or the postmaster.

its lot easier than my explanation of it.

Geoff

Re: Spam Defense. What do you do?

I have been wondering about that spam stuff, too. I was using my main email address for about 4 years now and finally they got me. After not checking mails during the weekend out of 40 mails one is a real one, the rest is spam. I have tried several programms including mailwasher but am not sure if they work. The best thing so far is to set up a nice batch of filters that throw emails into the trash as soon as they match a certain keyword or domain. This keeps most of the stuff out.

Any other suggestions?

Re: Spam Defense. What do you do?

Back off topic

What are the odds that member #652's post immediately followed member #651's post?

And back on again-

The Human AuthenticatorTM

From their description:
"As revolutionary and unique as our software is, it's really quite simple. With our system, every person that emails you is *authenticated*. We call this our Human AuthenticatorTM.

The big problem with spam email is that anyone can send out an automated email to tens of millions of people at a time ; but with our software installed, you will no longer receive these automated nuisances. We simply show first-time email senders a specialized web-form that only a human can easily complete. If the sender's one-click authentication process is correct, you receive their email, knowing that it was an actual person who sent it to you, and NOT an automated spam robot. Most other anti-spam software tries to filter email with "intelligent rules", which have undesired failure rates on identifying both unwanted spam and email sent by real people.

To use our system, all you have to do is click the big "Kill Spam Now!" button in our application right before you check your email, and it filters out all the bulk spam. And if you use the Outlook ExpressTM email client, you don't have to change a thing ; the "Kill Spam Now!" function runs automatically anytime you check your mail."

This is a pay-for service, but the concept seems to work pretty nicely- hushmail makes this option available with their free email service. The difficulty with using filter rules is that the spammers are always trying new tactics to make it past, by changing names, headers, etc.

Re: Spam Defense. What do you do?

@Klaus and others who are SPAM-Plaqued

- only register using throw away email addresses - if those get spammed - just close them dowm

- be careful to whom you give your "real" email

- if a "real" address is "burned" (gets spammed) use something like POPfile which I very very highly recommend. Its free software POPfile and just WORKS while being a bit more tricky to install then some of the paid solutions.

Its much more advanced than most any commercial package which mostly just block certain email addresses, (like [email protected] or whatever@hotmail) or IP ranges (like all korean hosts with open relays - no offense to korean CPF members) or key words which all doesn´t work as well - but relays on text classifying based on advanced Bayes rules.

"POPFile is an email classification system that has a Naive Bayes text classifier and a POP3 proxy. It works with any mail client using POP3."

If you have a problem understanding the above sentence with words like Proxy or POP3 this MIGHT not be the ideal solution for you though.

Klaus

Re: Spam Defense. What do you do?

I also use two techniques that don't get a lot of press but work pretty well. The first is I tell friends and family with my "real" address NOT NOT NOT to use it to have sites notify me "For Free" that a greeting card or gift registry or pictures or whatever is waiting for me. All you do then is research and verify the validitiy of the address for the spammers. Remember, just because they SAY in their TOS that they don't sell addresses doesn't in the slightest bit mean that they don't. There are no real reprecussions for lying about such matters, ever hear of sites getting sued for lying about selling addresses? No? Think that must mean it never happens?

I also tell folks to exclude me from those forever forwarded e-mails of jokes or stories I "just have to see" that always contain dozens of e-mail addresses.

Second is set your e-mail reader to filter out e-mail that doesn't explicitly have your address in it. This is tremendously effective. Notice how 90% of the spam you get has your address in the BCC, this of course is because they e-mail 1000 people at a time and can't include every address in the TO field. It also provides purchased addresses to other spammers, so they go in BCC.

Both of these have worked well for me.

Re: Spam Defense. What do you do?

Wingerr-

Thanks. Found both sites. I'll look at them.

GeoffChan-

Thanks. Looks interesting.

K-T –

Thanks. That isn't block sender, right? If I create batch files how do I insert them?

Klaus-

Thanks. I know what POP3 and Proxy Server are but you are right. Unless I fully understand how it applies and how it will affect my mail, I better hold off.

Michigan Man-

Thanks. I don't know how to filter incoming mail to only include my specific address.

Re: Spam Defense. What do you do?

Originally posted by Icebreak:
Wingerr-

Michigan Man-
Thanks. I don't know how to filter incoming mail to only include my specific address.

Click to expand...

<font size="2" face="Verdana, Arial">Unfortunately I can't give you much specific help since it varies from mail client to mail client. For instance, here is the Help file entry from my reader, Agent:

Many times spam mail is not directly addressed to you, that is, it does not have your actual address as the value in the "To:" field. Here's an expression you can use in a kill filter that will match any message that does NOT contain your actual address, either at your work email address or home email address.

The example below shows the address for Jane Doe at work and at home. The "any-recipient" qualifier tells Agent to search for the addresses in the To, Apparently-To, Cc, and Bcc fields.
not any-recipient:

([email protected] or [email protected])

This will work for most spam. However, you may find that your own mail system inserts an Apparently-To field to messages that are missing a To: or Cc: field. The "any-recipient" filter matches the Apparently-To field. If you'd prefer to have a filter that does not match that either, try using the following expression:

not any-recipient: ([email protected] or [email protected])

and not cc: ([email protected] or [email protected])

Click to expand...

<font size="2" face="Verdana, Arial">Thats just an example how one reader does it (and its MUCH easier done than explained) If you can figure out how you can use it in your reader's kill file its tremendously effective at reducing SPAM.

Re: Spam Defense. What do you do?

Michigan Man -

My apologies. I took "reader" to mean the e-mail app like Outlook. A "reader" is something like the software Wingerr described. I put you to some trouble for the clarification. Thanks. I think I get it.

Re: Spam Defense. What do you do?

??

Nope I meant a reader like Outlook (or more specifically Agent) And don't worry about the trouble. This is my relaxation.

Whatever app you're using, it almost definitely has Watch and Kill filters. Take a look through the documentation for them and I bet you can put a condition together that segregates mail to a Spam folder if the To field is not "[email protected]"

Re: Spam Defense. What do you do?

Oh no! Not the Help button! Not Microsoft Knowledge Base! Not a book!

OK in Outlook it's Tools/Message Rules. So I made this rule:

"Where the to line does not contain '[email protected]' send this cr*p to the Recycle Bin."

Surely that means incoming mail. Let me play with this. Read a bit more. Re-read your post. And I should be able to figure it out. I really appreciate this. If you saw the size of my Block Sender list you might get a chuckle.

Also, I'm taking your sig line seriously. It's appropriate for this time of year.

Re: Spam Defense. What do you do?

Maybe I didn't make my point clear, with a batch of filters I meant several filters that add up over the time while refining them to leave the spam out. As MichiganMan wrote, neraly every mailprogramm has mail filters, this is were you have to setup some rules.
These spam people tend to use different subject lines and different senders, one part that most of the time is similar is part of the domain so you might want to set the filter in such a way that it looks for that certain domain part.
Example: you receive mail from [email protected] and [email protected], some filerts can use wildcards and some don't. With wildcards your filter would look like *@spam.*.com, without I would set it to "@spam.".
Now be careful if someone from @excite.com spams you and you setup a filter for that since some normal people use this webemail service and you wouldn't receive anything from them anymore.
It also works good to setup a filter that throws out any mail where your name/and/or email address is not in the receiver-field.

klaus.

Re: Spam Defense. What do you do?

I agree with Klaus. Ever since I added a filtering constraint that will reject any mail whereby the To or CC fields are not addressed to me. I have the unique opportunity to do this server-side as I own my own dedicated SMTP server which I use for my business. The MS Exchange server that I use has gone through some evolutionary changes over the years, and it now has the ability to reject incomming message before they even arrive into an account. This has cut by over 50% of the SPAM. I also change my email address (a hassle to some, but not me) about every 12-18 months, when my threshold for spam has been exceeded. When I make the change, I leave the old one intact with an autoresponder which sends the new address after some user interaction, so that automated spammers will not likely grab my newer addy. Seems to work for me as I am no longer annoyed. Maybe just amused

Ed

Re: Spam Defense. What do you do?

Interesting discussions and ideas.

I take it that those of you who set the filters to reject e-mail that doesn't have your address specificly in the "TO" or "CC" fields don't belong to a bunch of super-large technical mailing-lists that by design try to keep privacy up and spam down by BCCing all the addressees?

None of the large programming, engineering, or design discussion groups and such I belong to list me (or any other single user) in the "TO" or "CC" fields.

Even being able to do that sort of block, though, wouldn't work for me - I get SPAM that actually shows about 25 addresses at a time in the "TO" or "CC" fields. *sigh*

I just realized how long I've been fighting SPAM - My pic is still up (since 1997) at SpamFighters.org



====