43 Folders

Back to Work

Merlin’s weekly podcast with Dan Benjamin. We talk about creativity, independence, and making things you love.

Join us via RSS, iTunes, or at 5by5.tv.

”What’s 43 Folders?”
43Folders.com is Merlin Mann’s website about finding the time and attention to do your best creative work.

Open thread: Favorite spam blocker service?

I've been relatively fortunate with filtering spam over the past couple years (knock on wood). But despite a kickass three-tiered system that includes the world-beating server-side Sieve, plus Mail.app's pretty good client filtering, it's inevitable that even my best-loved private email addresses would find their way into the wrong hands (it's why I recently created "ThanksNo.com" -- an experiment in social re-engineering that you are free to use as well).

So, now that the spelling-impaired Lords of The Dark Side have such renewed interest in my investment options and genital proportions, I'm considering joining a service like Spam Arrest or the apparently deceased Knowspam. I mostly plan to run this on the addresses I use for strictly personal stuff, so I'm satisfied I can start with a "whitelist" to ensure I don't generate loops or dead ends for the "good" senders. But, you tell me...

Apart from running smart filters on your server and in your mail client, what's the best way to protect a mydomain.com-type email address from becoming compromised and punked-out? What are the dangers and cons of using a challenge/response service like Spam Arrest? Apart from abandoning it wholesale, what's the most effective and non-annoying way to rehabilitate a compromised address?

TOPICS: Email, Vox Populi
freecia's picture

This might seem obvious but...

This might seem obvious but make sure your personal e-mail address starts with a name not included in your URL. I've noticed that some spammers can hit your inbox by duplicating your URL ie example@example.com. Also, they try the obvious ones like info@example.com and etc.

I use Spamassassin on my mail server to filter out obvious spam and am training it to Spam/Ham like K.M. mentioned. Usually, I have all (yes, on every account, unlike K.M.) my spam forwarded to a single mail acct and check it with Yahoo! Mail, setting up filters for it to go directly to trash in Yahoo. I check legit mail with Thunderbird and Outlook. Yahoo! Mail has more bandwidth to suck up hundreds of spams than my DSL. I guess I could have spam sent to the Yahoo address directly, but I like to keep my mail on my own server for as long as possible.

Lastly, set your mail server to bounce(:fail:)/blackhole e-mails addressed to nonexistent e-mail addresses instead of forwarding it to a main account. If it is a human, they'll figure out that they spelled your addr wrong when you bounce it. Blackhole sucks up all e-mail. Otherwise you can set up an account just for failover mail if you're afraid of missing something. It seems that my server is smart enough not to bounce mailing lists that manually set the to: to a different addr by using the envelope-to: field in the header. I'd go with the fail for a bit, as people finally figure out how to spell your name, then go to blackhole after a few months.

The junk e-mails that peeve me to no end are the ones friends send you marketing deals for. You know, someone intended well but gave your e-mail address to "ProstituteFriendsEmailsForAnIpodShuffle" then those companies consider your e-mail fair for marketing use. My friends are all told that if send anything to me via 3rd party (quizzes, etc), use XYZ address instead and ping me via direct e-mail/IM/etc to check XYZ. It's become an informal protocol. There's also Legit marketing mails that don't process their unsubscribe list. Punks. I manually blacklist those addresses.

That's what works for me but I probably get less e-mail than you.




An Oblique Strategy:
Honor thy error as a hidden intention


Subscribe with Google Reader

Subscribe on Netvibes

Add to Technorati Favorites

Subscribe on Pageflakes

Add RSS feed

The Podcast Feed


Merlin used to crank. He’s not cranking any more.

This is an essay about family, priorities, and Shakey’s Pizza, and it’s probably the best thing he’s written. »

Scared Shitless

Merlin’s scared. You’re scared. Everybody is scared.

This is the video of Merlin’s keynote at Webstock 2011. The one where he cried. You should watch it. »