Every month I get more spam. As great as POPFile is, with my weekly spam intake approaching 400 it has become incredibly tedious to rescue the one or two false-positives.
I’m also realizing that spam has had a chilling effect on my e-mail behavior. I rarely hand out my primary address. I use “disposable” addresses whenever there’s a chance of it being harvested or traded. I don’t display any e-mail address on my own web sites.
And I’m sick of it.
So I’m trying to identify my specific spam problems and devise alternate solutions that will allow me to eliminate spam instead of simply filtering it away.
Problem: I want a public e-mail address that I can display on my weblog, and use when commenting on other weblogs, without fear of harvesting.
It seems like Challenge-Response is the only viable solution. In general I do not like C-R because it alienates people and has devastating effects on any type of automated mailing system. For this particular scenario, however, it is appropriate. Only people that do not otherwise know how to contact me will be using that address, shifting to them the burden of proving that they are not spammers is not terribly impolite. I will not use that e-mail address when I am shopping, subscribing to a mailing list, or asking for technical support.
I’m evaluating Tagged Message Delivery Agent (TMDA) and Active Spam Killer, but I’m open to other suggestions — my only requirements are that it must work with procmail on FreeBSD.
What happens when a Challenge is sent to someone that also uses a Challenge-Response system?
Problem: Over 90% of my spam comes to a single e-mail address.
It took some serious grep wizardry to figure this out. It’s an address that I no longer actively use, but for a few years it was my primary personal address and was displayed on my original weblog. Today it only gets about 12 non-spam messages per month — half from old friends and family, the rest from Microsoft, Amazon, Classmates, etc.
I’ve decided to retire that address, but it’ll take some time to make sure that everyone has stopped using it.
Problem: My “disposable” addresses aren’t very disposable.
Sometimes I remember to invent a new address when I sign up for something, but much of the time I use a common generic address. Luckily, they all go to the same mailbox and so far it receives very little spam. But that will not last forever; I need to do a better job of creating single-purpose addresses that can be disposed of as soon as a spammer strikes.
I’m going to start by migrating all of my mailing list subscriptions to unique addresses.
I’ve installed Active Spam Killer, it wasn’t too painful.
tby@yehl.us
You should check out Spamex[1][2]. At $10/year for 500 disposable email addresses it is an exceptional value. It is also very reliable. I haven’t had any problems with it in over a year and a half.
[1] http://www.spamex.com
[2] http://mattgriffith.net/2002/07/03.html
I have fairly complete control over my mail servers, my problem is that I haven’t been disciplined enough not to reuse my “disposable” addresses. When retiring an address has undesired effects, it’s no longer disposable.
TMDA has some truly excellent support for limit-use addresses, if you’re willing to allow your MTA to accept messages from retired addresses (I’d rather reject the messages at the MTA level, but that’s a personal preference).