43 Folders

Back to Work

Merlin’s weekly podcast with Dan Benjamin. We talk about creativity, independence, and making things you love.

Join us via RSS, iTunes, or at 5by5.tv.

”What’s 43 Folders?”
43Folders.com is Merlin Mann’s website about finding the time and attention to do your best creative work.

Open thread: Favorite spam blocker service?

I've been relatively fortunate with filtering spam over the past couple years (knock on wood). But despite a kickass three-tiered system that includes the world-beating server-side Sieve, plus Mail.app's pretty good client filtering, it's inevitable that even my best-loved private email addresses would find their way into the wrong hands (it's why I recently created "ThanksNo.com" -- an experiment in social re-engineering that you are free to use as well).

So, now that the spelling-impaired Lords of The Dark Side have such renewed interest in my investment options and genital proportions, I'm considering joining a service like Spam Arrest or the apparently deceased Knowspam. I mostly plan to run this on the addresses I use for strictly personal stuff, so I'm satisfied I can start with a "whitelist" to ensure I don't generate loops or dead ends for the "good" senders. But, you tell me...

Apart from running smart filters on your server and in your mail client, what's the best way to protect a mydomain.com-type email address from becoming compromised and punked-out? What are the dangers and cons of using a challenge/response service like Spam Arrest? Apart from abandoning it wholesale, what's the most effective and non-annoying way to rehabilitate a compromised address?

TOPICS: Email, Vox Populi
Matthew Chatfield's picture

My email addresses have been...

My email addresses have been online since 1996 and so attract a lot of spam - with up to 2000 per day recently. For a public-facing web service keeping your email addresses secret simply doesn't work. Sure, I have secret addresses, but that isn't the whole solution as if they are used, they are no longer secret. Many of my enquiries are from new contacts, so whitelisting is of limited scope. For years I've tried many client-side filtering solutions, using the good offices of Pegasus, Eudora and latterly Thunderbird. All have worked to an extent, but never to my satisfaction. Especially in the good old days of dial-up modems the attraction of a server-side solution was always significant. It sucks when you pay by the minute to download 2000 spams!

Last November I took on SpamArrest, and I am still with them today. I find the service to be good, with perhaps no more than 0.2% false positives and and false negatives. It seems particularly good at handling email lists and moderation of forums by email, which can be problematic with any filtering system. It took some work to set it up to my liking, and like local filters this does need a constant, low-level scrutiny and tweaking to ensure that it is getting it right.

I very much regret the inconvenience that challenge-response does cause to my contacts, and I recognise the abhorance that others have expressed. For those who prefer to use it I also have a web form which bypasses the SpamArrest system, and some people do chose to use it. I am aware of a very few messages which have slipped through the system and never reached me, but in the bad old days there ware similar numbers that would get accidentally deleted by my local filtering system too.

I would recommend SpamArrest for high-volume emailers with many new contacts. It needs to be watched and requires careful management, but hey, that's what we all do for our valuable customers, don't we?




An Oblique Strategy:
Honor thy error as a hidden intention


Subscribe with Google Reader

Subscribe on Netvibes

Add to Technorati Favorites

Subscribe on Pageflakes

Add RSS feed

The Podcast Feed


Merlin used to crank. He’s not cranking any more.

This is an essay about family, priorities, and Shakey’s Pizza, and it’s probably the best thing he’s written. »

Scared Shitless

Merlin’s scared. You’re scared. Everybody is scared.

This is the video of Merlin’s keynote at Webstock 2011. The one where he cried. You should watch it. »