How to beat spam!Originally published in Australian Personal Computer Magazine, March 1998. Last modified 03-Dec-2011.
Spam is bulk unsolicited email, usually commercial in nature. And for most users, it's no big deal. So you get an email advertising a get-rich-quick scheme or a pornographic Web site or time-share apartments in Botswana once a week, or even twice a day - who cares? Sure, technically it's costing you money and time, but the actual expense is negligible.
Some people, however, have a bigger problem with spam. Post messages to Usenet with a valid reply address and presto, the incredible business opportunities will start popping up in your mailbox. Make your email address known by filling in an online survey, joining a mailing list, registering for an email address directory or letting your Internet Service Provider give your address out and homeopathic cancer cure advertisements will not be far away. And if you've got a Web page with your address on it, anticipate a variant of the Nigerian Megabuck Scam arriving in the near future.
There are two sides to avoiding spam - stopping it from being sent to you in the first place, and avoiding ever seeing the stuff.
Stopping spammers sending the stuff to you is difficult. Since anything that makes your email address visible to anyone else can put you on a database, and these databases are quite freely traded and very poorly targeted, all you can do is try to keep your address as private as possible, and deal with the problem at your end if it gets out of hand.
If your ISP gives you access to a good old fashioned UNIX shell account with the Procmail program installed, you can do spam filtering right there on the server by creating your own filters or using one of a number of pre-built filter sets - for an example, check out http://www-new.hrweb.org/spambouncer/. But since many users only have PPP access these days - or would rather walk on broken glass than use UNIX - Procmail is often not an option.
Fortunately, it's quite easy to deal with "domestic" spam problems without enjoining your ISP to reconfigure their mail server, or emailing the postmasters of distant domains to complain about their errant users. Just about all of the popular email clients allow you, at the very least, to filter mail you have downloaded from the server. Some can do the filtering before they download, saving you from spending online time collecting useless mail. Since even quite serious spam problems only cost a minute or so in extra downloads a day, post-download filtering is adequate for most purposes - if it's set up properly.
If your email program supports filtering, you can set up a basic line of defence against junk mail - if only by sending mail from people you know to one folder, and everything else to another. Alternatively, you can try to spot the spam automatically.
Probably the most popular standalone email client is Eudora, in its free Light or commercial Pro incarnation. The current versions of Eudora and Eudora Light have the ability to filter messages based on any header field, and on the text of the message. Eudora's available for both PC and Mac and its filters work the same on both platforms, so I've chosen it for this example. Here's how to set up a basic anti-spam filter in Eudora, which catches mail from a particular domain.
Creating a new mailbox to dump spam into, in Eudora Light for Windows.
Make a spam mailbox by selecting "New" from the "Mailbox" menu. Call the new mailbox SPAM, or CRUD, or whatever takes your fancy.
Now click "Tools", then "Filters", and click the "New" button to create a new filter. Select the "Incoming" box, and in the "Header" dropdown menu select "<< Any Header >>". Leave the box that says "Contains" alone, because that default setting is fine, and type in the box to the right of it the domain name of your least favourite spammer.
Making a sender-specific spam filter. Even the free Light version of Eudora has quite powerful filtering tools.
Click "Action", select "Transfer", then click the grey bar to the right and select your spam folder as the destination. Set the next Action box down to "Skip Rest", which tells Eudora not to send this message to any of your other filters if it meets the criteria for this one. Hit Control-S to save your new filter, and you're done.
Filtering messages this way is reliable - oddball spam-only domains can be counted on never to send you anything worthwhile - but it's also time-consuming, because you need to make a specific filter match for every spam domain. It's worthwhile if you're continuously pestered by junk mail from a particular domain, but using domain filtering to keep the usual drizzle of rando-spam out of your face takes more time than just deleting the messages.
If any header contains "recipient list not shown" or "recipient list suppressed", there is more than a small chance that the message came from cheap and nasty bulk e-mailing software using a huge blind carbon copy (bcc) list, and is spam. Some legitimate automatic emailing systems - programs that send registration or receipt numbers, for example - also put this text in the headers, though.
If the creator of your spam is using Extractor Pro to build his database and fire his messages off, it'll put an X-Mailer header on all of its messages containing the string "Extractor Pro". Eminently filterable; just look for that string in any header.
Email Blaster is another spamming program, which advertises itself in all of the mail it sends. So filter for messages whose text or headers contain "EMAIL BLASTER" or "EmailBlaster".
Have you ever received a valid email that started "Dear Friend"? Neither have I. Filter message bodies for it. A To field that contains "firstname.lastname@example.org" is another dead giveaway.
With mail programs like Eudora that let you match text in the message bodies, you can make grab-bag filters that will spot most rubbish mail. Making a filter that matches "business opportunity" and "$$$" anywhere in the message body will catch a lot of pyramid scheme spam (the single word "Camaro" is pretty good for this, too, as are "$50,000" and "90 days" in the same email...), but this filter may also catch mail from friends talking about the problem, or humorous parodies. If your email correspondents are not prone to overexcitement, matching anything with three exclamation marks in the Subject line is another quite effective way of spotting spam.
Since multi-recipient emails usually don't have your email address in the To or CC fields, setting a filter that matches any message that doesn't contain your address in these fields is a very helpful strategy. If you subscribe to any mailing lists, you'll need to set them up as exceptions to this filter. Since mailing lists should always have the same To or CC address, this is easy - the mailing list spotting filter just has to come before the spam spotting ones.
Whatever you do, make sure that messages that match your filters are sent to a spam folder, not to the mail program's trashcan folder or just deleted. Unless you're chronically short of disk space, a cursory check of the spam folder every week or so will be fine to keep the dead weight down, and you'll never accidentally lose a valid message just because it happened to smell a bit spammy.
Most email programs have filters broadly similar to Eudora's. Pegasus Mail, for example, has filters more powerful than Eudora's, and they can be programmed in considerable detail to highlight text, run programs, send messages to other filters or even mail binary files to people, depending on the content of received mail.
Quickmail Pro has filters similar to Eudora's, but makes it easy to toggle them on and off. GroupWise lets you independently toggle particular filters. On the other hand, Lotus Notes can't filter, full stop. Older Microsoft email clients are just as bad, although the current Outlook Express and Outlook 98 have got with the program and provide reasonable filter features via the Inbox Assistant. Netscape's Messenger email program has filters as good as Eudora's, and can also do full-text searching on the server, which is more than Microsoft's managed yet.
This column is primarily about avoiding spam, not about retaliating to it. There's not enough space here to comprehensively deal with what to do to punish spammers for their misdeeds, or just get them out of your face.
For a complete guide to this sort of proactive spam control, check out the alt.spam Frequently Asked Questions list at http://www.faqs.org/faqs/net-abuse-faq/spam-faq/.
But one point about replying to spam does apply to simple avoidance - if you receive a piece of unsolicited commercial mail that says you should reply and say "remove" in the body of the message to get off their mailing list, you may find that doing so simply marks your account as "active" in their database, and results in more spam. Spammers, generally, are not renowned for the quality of their morals.
If you're using Eudora Pro or one of the other email clients that lets you auto-reply to messages based on content, it's easy to send a form I-don't-like-spam email to anybody who matches your spam filter. This is not, however, a great idea, because most "pro" spammers have a fake reply-to address as a matter of course - or use one that belongs to an innocent victim. Even if your auto-reply gets through, it's most likely to achieve nothing, or attract yet more spam, since you've once again just marked your account as "live".
If you want to reply to spammers, check the domains from which the spam most often comes and send a polite message to postmaster@<domain name>, along with the complete header from the message in question. The text of the spam isn't that important, but the header information contains lots of clues that help catch craftier spammers. Many mail programs, by default, suppress the complete header information, and some mail servers strip it out completely. In Eudora, you can view the complete headers by clicking the "BLAH BLAH BLAH" button at the top of the message viewing pane.
Complaining to the postmaster like this might result in action. Or, if the domain is faked, an aggrieved "yeah, tell me about it" reply from the victim. Or, if the domain owner is the spammer, more spam. If the domain name's something like bigbucksnow.com, don't waste your time.
There are plenty of anti-spam crusaders out there, so Joe User, thankfully, doesn't have to be one. With a few basic filters, almost all obnoxious email can be shot down before you see it, and that's quite good enough for me.