Slogging Through SPAM

There are five stages we all go through as we deal with spam. The first stage is bewilderment. The first time we receive spam we are bewildered at why we've received an unsolicited invitation to meet with someone we've never heard of, or why we've been offered a solution to grow more hair, or why a senior aid to an African dictator needs our help to protect 10 million dollars. At first we are genuinely perplexed and not sure what to do with this information. The second stage is anger. As we continue to receive more and more email we start angrily clicking on the "remove me from list" link, or we might reply to messages with angry requests to be removed from the list that sent us the email. By replying, we are unwittingly helping the spammers by confirming that our email address works. As a result we get more and more spam. The third stage is frustration. As the amount of spam we receive increases, we are forced to spend more and more time slogging through it. The fourth stage is sophistication. At some point we get used to distinguishing spam from real email, and can quickly scan our inbox to identify and delete the spam. We might even learn how to set some email filters to automatically move email with certain words directly into the trash. Ultimately however, spam will win. Finally, we reach the fifth stage when we come to realize that we need an automated way of managing this problem. At this stage we resign ourselves to having to pay for a special service or software that will help us contend with spam.

I'll share some recommendations for some of these tools later, but first I'll share some tips on how to minimize or slow down the amount of spam you receive.

The first tip for minimizing spam is to stay off spam lists in the first place. Be very careful when you enter your address into an online form. Make sure the company you are submitting your email to is a trustworthy company and that they have a published privacy policy. Always look for and click the "do not share my address" check box if they provide one. An even better protection is to have a few "throw away" email addresses that you use for such forms. If you have the ability to add email addresses to your account set up a couple extra addresses like myorders1@yourcompany.com. You usually can have these addresses set up to forward to your real email address. Use this address when filling out forms. This way, if you start to get spam on that address, you can simply delete the address and use another "throw away" address like myorders2@yourcompany.com. You can use the same technique for subscribing to online newsletters or participating in online chat rooms or blogs. If you use your real address, there is not much you can do, except change your primary address, but sometimes that is just not a viable option.

If your are going to create a new primary email account it is a good idea to follow the format of first initial, last name, or something similar because spammers will often send email to "every popular name" @yourcompany.com. It costs them so little to send an email that they can send hundreds emails to each common name in order to find one that works. This is why my four year old gets spam email in her account even though she has never filled out a web form in her life. She gets it because spammers send email to every common name at our domain and they hit on hers. Again, if you already use your first name as your primary email address (like me), it may be too late to adopt this practice.

Finally, you need to be careful about putting your email address on your website. Removing email links from your web site is unfortunately becoming more and more necessary now that spammers have software that can automatically harvest email addresses from sites. Instead you may need to rely on web forms that hide your email address from email harvesters. Another option is to display your email address as a graphic rather than as text. Unfortunately you cannot make the graphic a link that pops up an email window because the email harvesters can find the email address in the link as well.


If you're already on these lists, there is virtually no way of getting off of them. Whatever you do, DO NOT CLICK the "click here to remove" links on the spam email. Clicking such a link will not remove you. Instead it will let the spammer know that your email address is working. They will continue to send spam, and they will likely sell your address to other spammers.

Another mistake is to set your email windows to automatically display your email as you click through your messages. If you display a spam email, even for a split second, the spammer can confirm that they have sent their spam to a valid address. This is because the images in a spam email are not usually included in the email itself. Instead the images are pulled from the server when the email is viewed. When your email software displays an email it "requests" the images from the server, thus informing the sender that the email has been viewed. These requests can be embedded with your email address thereby confirming it simply by viewing the email. To prevent this you can set your email window to not display email automatically and instead you will need to click on the emails that are real to view them and not click on the spam emails. In time, if you do not confirm your address by viewing the email or clicking the "remove" link, your email address might get cleared from a list. At the very least you won't attract additional attention as a confirmed email address.

There are two basic approaches to dealing with the spam you already receive. One is to filter spam from real email using filtering software. The other is a fairly new technique called challenge/response.

Filtering spam. Most email clients such as Outlook allow you to set up rules for filtering spam. I used this approach for a while but I found that I had to continually add new rules as spammers became more clever with their messages. I also couldn't catch more than 50% - 60% of the spam coming into my account. There was also the danger of filtering out a real email. The next step is to purchase spam filtering software that will work with your email client and do a better job at catching spam. I used to use a filter called "I Hate Spam" from Sunbelt Software. It was only around $20 and it worked pretty well. It caught probably 95% of my spam emails and placed them in a "quarantine" folder. This allowed me to check the folder if I was concerned that a real email ended up in there (which did happen from time to time). The software allowed me to add "friends" and "enemies" to my spam filter so that emails from friends would always pass through and email from enemies would always go straight to the trash. The nice thing about using a product like "I Hate Spam" is that the software is constantly updated and learns how to recognize spam by gathering data from all the people who are using the tool. The only down side I found to using filters is that there will always be a certain percentage of email that slips through since the spammers constantly adapt their techniques to get around the filters, and the filters are always playing catch up. For me 5% failure was still 15 to 20 spam emails a day getting through.

Challenge/Response. This is a fairly new approach to contending with spam. I began using it a few months ago. The basic idea is to make the sender of an email prove that they are a real person before delivering their email to your inbox. This is accomplished by holding the email in a pending folder while a response is sent to them asking them to verify their email by typing in a series of numbers. Most spam is sent out by automated systems to thousands or millions of recipients. These spam systems would not pay attention to a challenge email and could not read the series of numbers because they are displayed as a graphic. The spam email remains in the pending folder for a period of time and since it does not get confirmed, it gets deleted. A human sender however would get the reply and can type in the numbers confirming their email and it is then released form the pending folder and goes into the inbox. This confirmation process only has to happen once for each sender because once they confirm, their address is automatically added to the accepted email list. You can add any email addresses you want to this accepted list and they will not be asked to confirm their email; it will go straight through.

This approach is almost 100% effective in keeping spam out of your inbox. The only spam I still receive is from email campaigns that are small enough that the sender might manually go through the challenge response when they get the automated reply. Usually these email, while unsolicited are at least real business offers that I can either ignore or add to my do not accept list and not receive again. It also protects me from losing email that might get filtered by a spam filter since it's up to a person to confirm themselves, not up to an algorithm to decide what to accept. I also have the option of looking through my pending folder to see if there is any real email that has not been confirmed yet. If I see it I can manually move it from the pending folder to my inbox and that recipient is automatically confirmed.

The downside of this approach is that I do not get my email instantly. My service checks my POP email box every half an hour. I can make it check whenever I want by manually clicking a "Check" button but if I don't do this I won't receive my email until the server checks 30 minutes later. Email is also delayed when sent from a person not already in my email list. They need to confirm themselves before I get the email. Sometimes someone might send and email and then shut down their computer. They might not get the challenge until the next time they log on. My pending folder gives a sender two weeks to respond to the challenge so it would be unlikely that the email would not eventually go through, but the delay is a downside. Of course, if I sift through my pending folder, I can often find such cases and move them myself.

Finally, there is a limitation when receiving automated emails that you want such as receipts and order confirmation from online purchases or email newsletters. Such emails are sent from servers and will not recognize the challenge. In these cases you need to use special email addresses that are pre-set to be approved. My service allows me to create up to 5 "trackers" that provide this capability.

[NOTE: Mailblocks went out of business and I'm back to depending on spam filters again - oh well]



I Hate Spam, Sunbelt Software (www.sunbeltsoftware.com) - $19.95 (30 day free trial)

I've used "I Hate Spam," so I feel comfortable recommending it. The rest of the items listed below come from Consumer Reports rankings of spam filters.

Spam Alert, Norton Systems

SpamKiller, McAfee (us.mcafee.com) - $39.95



Spamarrest - www.spamarrest.com - $34.95 per year