I have to switch email addresses again -- my current once's only seven years old -- because the volume of spam is such that I can't filter it any better without deleting the 0.5% legitimate emails.
I currently have four levels of things to address spam:
Background
My first email account was set up at my alma mata in 1986 -- as the naming structure changed from ARPA to the current *{.com,edu,net} -- and worked until a couple of years ago. It was pretty cool having a single address people could always reach me, and was especially convenient when I worked at [a large database vendor] in the very early 1990s. [The large database vendor] was totally clueless about the Internet (sorry, Larry), to the point where we weren't even allowed to access external sites from our corporate accounts. The workaround? Telnet to the modem pool, dial our favorite academic institution, and hack away. Since 1986, I've had academic accounts at: Rice, U of Nevada, U of Washington, and MIT. I've had pay accounts with five different companies and free accounts with Yahoo, Hotmail and my various employers. Each time I had to switch, it was a pain in the ass because the number of people I kept in touch with doubled. I finally bought my own domain -- I would have done this sooner but the "rules" required you have a place to put it, and I didn't know anywone. That domain has been in use since 1996, and until recently, worked fairly well. Unfortunately, the Internet has been open to the riff-raff and, with the removal of Network Solutions' monopoly, there are several domain sellers who tend to host spam domains. Godaddy is the worst one -- it seems like a third of the spammer domains originate from them -- followed by the various Chinese ISPs and temporary accounts created on the email.com name structure. I still have the yahoo account, because it's a good userid and Yahoo actually gives a flying flip about reducing spam to its customers. Hotmail's improved a lot, but I can never remember my userID there before they delete my account for lack of use. No worries.
The Good Things About the Internet Today
I currently have four levels of things to address spam:
- Installed a first-pass filter on my server. It automatically tosses email from certain domains and/or with keywords that I would never expect to use in a legitimate mail. It's very crude.
- Intalled a confirmation process. Active Spam Killer, requests a manual confirmation before forwarding the mail to me. I like for several reasons. First, I can create a whitelist for people I frequently correspond with. Second, it immediately blocks email from people I don't know. This filters out a considerable amount of spam from automatically generated accounts. However, there is an easy override if someone is genuinely trying to contact me, say because they liked my altitude profiles.
There are disadvantages. First, it's yet another layer of the spam-free onion. Second, email goes out for temporary/bogus accounts, further constipating the Internet. Third, I have to be careful with some of the stuff that wasn't pre-filled into my whitelist.
- Installed Spam Assassin, a freeware utility that does Bayesian filtering. It tags email that meets certain spamability criteria such as forged headers or spam come-ons.
- A pop-based client filter, spamweasel. It complements SpamAssassin.
Background
My first email account was set up at my alma mata in 1986 -- as the naming structure changed from ARPA to the current *{.com,edu,net} -- and worked until a couple of years ago. It was pretty cool having a single address people could always reach me, and was especially convenient when I worked at [a large database vendor] in the very early 1990s. [The large database vendor] was totally clueless about the Internet (sorry, Larry), to the point where we weren't even allowed to access external sites from our corporate accounts. The workaround? Telnet to the modem pool, dial our favorite academic institution, and hack away. Since 1986, I've had academic accounts at: Rice, U of Nevada, U of Washington, and MIT. I've had pay accounts with five different companies and free accounts with Yahoo, Hotmail and my various employers. Each time I had to switch, it was a pain in the ass because the number of people I kept in touch with doubled. I finally bought my own domain -- I would have done this sooner but the "rules" required you have a place to put it, and I didn't know anywone. That domain has been in use since 1996, and until recently, worked fairly well. Unfortunately, the Internet has been open to the riff-raff and, with the removal of Network Solutions' monopoly, there are several domain sellers who tend to host spam domains. Godaddy is the worst one -- it seems like a third of the spammer domains originate from them -- followed by the various Chinese ISPs and temporary accounts created on the email.com name structure. I still have the yahoo account, because it's a good userid and Yahoo actually gives a flying flip about reducing spam to its customers. Hotmail's improved a lot, but I can never remember my userID there before they delete my account for lack of use. No worries.
The Good Things About the Internet Today
- Connection speeds are a lot faster. -- right now I get about 500k on my broadband connection. Five years ago, 128k (ISDN); Seven years ago 56k baud; Ten years ago, 9.6k baud; twelve years ago 2.4k baud, fifteen years ago 1.2k baud.
- I can access my email from anywhere. Even when traveling, Internet cafe's are ubiquitous and inexpensive. Ironically, the only place I've consistently been unable to find a connection is San Jose, CA.
- I can find information on almost anything I want. -- I view this a good thing overall. For example, just today I wanted to learn more about getting a Ham Radio license, which minivan to buy(definitely Japanese -- a MPV, Sienna or Odyssey), dyeing hardboiled eggs and my U.S. Representatitive's recent votes.
- Consumers are empowered . My first experience with this was in setting up a set of Frequently Asked Questions about Austin, TX, including recommended Home Inspectors. A lot of these have popped up.
- Spam . My soon-to-be-former primary email address has been in use since 1996, when I realized that switching employers would mean that I'd have to update about a hundred people. Unfortunately, I've reached the point where so much of my current mail is spam that any further tweaking of my filtering will remove the 1% that isn't.
- Imagine how flooded your postal mail box would be if sending letter mail was free. This is the problem on steroids with email spam: there's no direct or obvious cost to the spammer. Rather, the cost is borne by the recipients in the form of infrastructure and lost time.
With paper mail, you've got paper cost ($.01 - $.10/sheet), printing costs ($.05 - $1.00/sheet, depending on amount of color) and distribution ($.08 - $.50/item, assuming the range is a bulk post card to a letter in an envelope). Since you can get an email address free (hotmail, angelfire, among others), the cost is just the connection fees. Because one email can go out to hundreds (or more) recipients, the per-contact cost is negligible. You don't care if the response rate is 0.01% because you can jack up the number of contacts at no incremental cost. - If you have a personal web site, remove all textual email addresses on it. It's been pretty fascinating to watch how my site will get scanned and, shortly thereafter, a fictitious "bait" email address will start to receive unsolicited messages. And I'm not even that popular. I'd still like to hear from folks, but instead of embedding an email address in text (and easy to click on), I'm trying an unlinked, email graphic. If I need to rotate aliases again, it's one change.
- Unless you have a relationship with a company sending you email, don't bother clicking on the link to unsubscribe or responding. Most of these emails are sent via open relays, and clicking on them only gets you subscribed to more lists.
- If you ever see an email saying "please forward this to everyone you know," please don't. But since some folks won't listen, at least check if it's a known chain letter or urban legend. (Most of the time it usually is.)
- No one is going to let you have part of that 10 million dollars in illicit/forgotten funds. As Monty Python said, "Every Sperm is Sacred," but what are the odds that a random ex-government official in a third-world nation is going to find you, Jane Reader, and offer to split the money? (Zero.) Still, it must have some success to warrant a mention by the Secret Service. :-o
- Imagine how flooded your postal mail box would be if sending letter mail was free. This is the problem on steroids with email spam: there's no direct or obvious cost to the spammer. Rather, the cost is borne by the recipients in the form of infrastructure and lost time.
- Pop-up ads and other browser hijinx. The ones that really piss me off are the domain squatters where, if you mistype something, you get this javascript goo that starts spawning off ads then tries to reprogram your browser's home page to itself.
A great, free, and easily reversible way to avoid a lot of the ads and pop-ups on your windows and Unix (and probably Mac, but I haven't tested) is shown at this page Essentially what it does is "tricks" your web browser machine into not fetching ad banners (or other content) from well-known b/ad sites. (Technically: it tells your machine to use localhost instead of fetching the ad content on the remote server.) I did find one site that I would comment out -- netflix.com -- but otherwise it's kind of cool to not get those atwola (AOL) and doubleclick counter bugs. It also speeds up surfing.
- Kiddie Scans. While sitting in a class at UW one morning, my firewall started going nuts because someone was trying to port scan my machine... I had a good firewall, but still was concerned not knowing what I don't know. I found Steve Gibson's web site, and specifically his Nanobot technology. This is especially important if you've got broadband access. Steve rules.
- Having powerful hardware bogged down by stuff to prevent impedance of normal computing. Most of my machine's horsepower is spent on virus prevention, spam filtering and web bug removal.
I've spent some time trying to understand how my address propagates and how to minimize the cruft. Some observations:
.