43 Folders

Back to Work

Merlin’s weekly podcast with Dan Benjamin. We talk about creativity, independence, and making things you love.

Join us via RSS, iTunes, or at 5by5.tv.

”What’s 43 Folders?”
43Folders.com is Merlin Mann’s website about finding the time and attention to do your best creative work.

Open thread: Favorite spam blocker service?

I've been relatively fortunate with filtering spam over the past couple years (knock on wood). But despite a kickass three-tiered system that includes the world-beating server-side Sieve, plus Mail.app's pretty good client filtering, it's inevitable that even my best-loved private email addresses would find their way into the wrong hands (it's why I recently created "ThanksNo.com" -- an experiment in social re-engineering that you are free to use as well).

So, now that the spelling-impaired Lords of The Dark Side have such renewed interest in my investment options and genital proportions, I'm considering joining a service like Spam Arrest or the apparently deceased Knowspam. I mostly plan to run this on the addresses I use for strictly personal stuff, so I'm satisfied I can start with a "whitelist" to ensure I don't generate loops or dead ends for the "good" senders. But, you tell me...

Apart from running smart filters on your server and in your mail client, what's the best way to protect a mydomain.com-type email address from becoming compromised and punked-out? What are the dangers and cons of using a challenge/response service like Spam Arrest? Apart from abandoning it wholesale, what's the most effective and non-annoying way to rehabilitate a compromised address?

TOPICS: Email, Vox Populi
nex's picture

i don't like soam filters,...

i don't like soam filters, as they leave you in perpetual doubt whether you've received every message you ought to read, and thus force you to check your 'spam folder' regularly. i use no spam filter at all and still get a very negligible amount of spam. only a fraction of the messages i delete right away without reading them are 'real' spam; the majority are newsletters i subscribed to and i can just tell from the subject line that the current issue is not interesting.

if you'd like to try out that technique, here's how to do it: 1. get your own domain. they're cheap. you don't need an e-mail server of your own, the ISP you buy your domain from just has to offer forwarding, which should include mapping multiple incoming addresses to multiple outgoing addresses and also a catch-all. for the 'real' mail-server, you can use the one of the ISP that provides your net connection, or gmail or whatever. and if that ever changes, you don't need to tell dozens of people and dozens of web services you're registered with about your new address. since you have your own domain, all addresses stay the same, forever. 2. don't let spammers know that you receive their messages. never click a link in a spam mail. this includes 'unsubscribe' links! configure your e-mail client to never automatically load images or other resources linked from a message. these two points are all you need to do to cut down the spam you receive to a volume that doesn't bother you at all. in my experience, i get less spam in a month than legit messages in a day, and i don't receive that many messages to begin with.

in addition, i do the following: 3. when filling out a form on the web ... well i explain it by an example: in this comment form here, i put 43folders.com@mydomain.org. if i ever receive spam to this address (which i don't need to configure anywhere, i get feedback to that address via my catch-all), i just stop using it, filter any messages sent to it out, and have an idea who might be responsible for giving it to a spammer. this also greatly simplifies emptying your inbox and sorting the messages therein into appropriate folders! 4. whatever filters i have in place, you can always bypass them all by encrypting your message to my public PGP/GPG key. a spammer wants to send out tens of thousands of messages in one go, as cheaply as possible. he simply can't afford encrypting them all. (since this has to be done once for every recipient, which isn't true for signing, so merely signing won't bypass my filters.)

oh, and: dear mr. mann, i hate the new 'live comment preview' feature you have here. on my fairly new computer, under one of the fastest browsers available, it still runs soooooo sssssssssssllllllloooooooowwwwwwwllyyy, it makes typing a comment almost impossible. maybe it works marvelously under safari, but in firefox, in computer-scientifically correct technical terms, it sucks. do i have to disable javascript every time i want to post a comment here, or could you maybe provide a quick&simple way to disable that? it's really user-hostile.




An Oblique Strategy:
Honor thy error as a hidden intention


Subscribe with Google Reader

Subscribe on Netvibes

Add to Technorati Favorites

Subscribe on Pageflakes

Add RSS feed

The Podcast Feed


Merlin used to crank. He’s not cranking any more.

This is an essay about family, priorities, and Shakey’s Pizza, and it’s probably the best thing he’s written. »

Scared Shitless

Merlin’s scared. You’re scared. Everybody is scared.

This is the video of Merlin’s keynote at Webstock 2011. The one where he cried. You should watch it. »