43 Folders

Back to Work

Merlin’s weekly podcast with Dan Benjamin. We talk about creativity, independence, and making things you love.

Join us via RSS, iTunes, or at 5by5.tv.

”What’s 43 Folders?”
43Folders.com is Merlin Mann’s website about finding the time and attention to do your best creative work.

Open thread: Favorite spam blocker service?

I've been relatively fortunate with filtering spam over the past couple years (knock on wood). But despite a kickass three-tiered system that includes the world-beating server-side Sieve, plus Mail.app's pretty good client filtering, it's inevitable that even my best-loved private email addresses would find their way into the wrong hands (it's why I recently created "ThanksNo.com" -- an experiment in social re-engineering that you are free to use as well).

So, now that the spelling-impaired Lords of The Dark Side have such renewed interest in my investment options and genital proportions, I'm considering joining a service like Spam Arrest or the apparently deceased Knowspam. I mostly plan to run this on the addresses I use for strictly personal stuff, so I'm satisfied I can start with a "whitelist" to ensure I don't generate loops or dead ends for the "good" senders. But, you tell me...

Apart from running smart filters on your server and in your mail client, what's the best way to protect a mydomain.com-type email address from becoming compromised and punked-out? What are the dangers and cons of using a challenge/response service like Spam Arrest? Apart from abandoning it wholesale, what's the most effective and non-annoying way to rehabilitate a compromised address?

TOPICS: Email, Vox Populi
K. M. Peterson's picture

Like you said, exposure of...

Like you said, exposure of private email addresses is "inevitable".

You asked about protection of "mydomain.com" addresses. Here's what I use:

  1. Spam Assassin.
  2. Spam Assassin Bayes support, with automated ham/spam updates (a script that reads through mail.app's mailbox folder structure and autommatically submits all new mail as ham or spam to the SA Bayes filters).
  3. Spamcop filtering of my general "inbox" address.
  4. Vendor-unique addresses (e.g., staples@mydomain.com) for every entity I deal with that is not a person.

I use Spamcop to report all spam that I get. Just 'cause it makes me feel better about it. Amazingly this year I've gotten two apologies from small organizations who had my address "leaked" to them somehow. Raised my faith in humanity. A bit.

Next project: since I don't record names that I give to entities, I don't use filtering on the "catch-all" mailbox that otherwise gets almost everything sent to mydomain. This means I get spam sent to addresses like xdeggsyz@mydomain.com - since I only use SA on the "personal" address at mydomain. So what I'd likely do is try to collect all the addresses that I've been getting mail to legitimately, and work out a way to regulate the others.

But this works pretty well - it's now more of a hobby than an obsession. It's also really interesting to see who has leaked my address - like United Airlines, three times...




An Oblique Strategy:
Honor thy error as a hidden intention


Subscribe with Google Reader

Subscribe on Netvibes

Add to Technorati Favorites

Subscribe on Pageflakes

Add RSS feed

The Podcast Feed


Merlin used to crank. He’s not cranking any more.

This is an essay about family, priorities, and Shakey’s Pizza, and it’s probably the best thing he’s written. »

Scared Shitless

Merlin’s scared. You’re scared. Everybody is scared.

This is the video of Merlin’s keynote at Webstock 2011. The one where he cried. You should watch it. »