A good email whitelist service?
August 28, 2007 10:03 AM Subscribe
Can anyone recommend an email whitelist system that works with my existing hosting service? I want to defeat the spam.
The spammers won't stop! Months after switching my address, the penis enlargement ads are rolling in yet again. I've decided I want to switch my incoming personal emails to a whitelist system, which challenges the sender before allowing delivery.
Is there a good whitelist service that will work with my existing domain and my existing hosting? (Currently I have Dreamhost; mail forwarding and multiple accounts are a piece of cake)
Ideally I'd like to forward email sight-unseen from publicaddress@mydreamhostsite.com to a whitelist service, and it will forward only the trusted emails to me at secretemailaddress@mydreamhostsite.com.
Will I be paying for a good whitelist service, or are there good free options? Any comments, thoughts, or criticisms of the whitelisting approach are welcomed. Might a lot of people not bother with confirmation and give up? Which confirmation methods are list intrusive and most effective?
The spammers won't stop! Months after switching my address, the penis enlargement ads are rolling in yet again. I've decided I want to switch my incoming personal emails to a whitelist system, which challenges the sender before allowing delivery.
Is there a good whitelist service that will work with my existing domain and my existing hosting? (Currently I have Dreamhost; mail forwarding and multiple accounts are a piece of cake)
Ideally I'd like to forward email sight-unseen from publicaddress@mydreamhostsite.com to a whitelist service, and it will forward only the trusted emails to me at secretemailaddress@mydreamhostsite.com.
Will I be paying for a good whitelist service, or are there good free options? Any comments, thoughts, or criticisms of the whitelisting approach are welcomed. Might a lot of people not bother with confirmation and give up? Which confirmation methods are list intrusive and most effective?
This might help:
https://www.vqme.com/pk/
It's a subscription service but will filter multiple email accts. They claim to have an improvement on the challenge/response system of filtering out automated email spam. I've got no connection with them, but if my Yahoo filters don't start working more effectively, I might give them a try.
Also, wouldn't setting up filters in Outlook Express or Mozilla's Thunderbird suit your spam elimination needs?
posted by bbranden1 at 10:40 AM on August 28, 2007
https://www.vqme.com/pk/
It's a subscription service but will filter multiple email accts. They claim to have an improvement on the challenge/response system of filtering out automated email spam. I've got no connection with them, but if my Yahoo filters don't start working more effectively, I might give them a try.
Also, wouldn't setting up filters in Outlook Express or Mozilla's Thunderbird suit your spam elimination needs?
posted by bbranden1 at 10:40 AM on August 28, 2007
Response by poster: Also, wouldn't setting up filters in Outlook Express or Mozilla's Thunderbird suit your spam elimination needs?
No, been there, done that. The spams I'm getting these days are very short and fragmented, bad for pattern matching, or contain a lot of flowery language to defeat the Bayesian filters. There's the false positive concern.
posted by rolypolyman at 10:57 AM on August 28, 2007
No, been there, done that. The spams I'm getting these days are very short and fragmented, bad for pattern matching, or contain a lot of flowery language to defeat the Bayesian filters. There's the false positive concern.
posted by rolypolyman at 10:57 AM on August 28, 2007
One problem with the confirmation approach is that the poor schmucks whose e-mail addresses were used in the forged headers get swamped with confirmation messages.
Personally, I've always been annoyed when I've sent mail to people who have some sort of challenge required. It always seems to happen when I'm going to be away from e-mail for a while, and so I find out days later that my e-mail didn't go through.
What spam filtering does Dreamhost offer? Have you made full use of the available options?
With some other hosting arrangements I've found that using SpamAssassin and turning on some of the non-standard network tests (like various blacklists - make sure they are consulted as part of the SA scoring, not before) and occasionally monthly training on misidentified mails can do a great job of catching spam and letting the "ham" through, even on >10 year old e-mail addresses.
Throw in greylisting and it gets even better if you are willing to risk 30-90 minute delays the first time someone e-mails you from a given address (there are actually ways of only greylisting messages that SA thinks look spammy anyway, but you need control over the SMTP MTA config).
posted by Good Brain at 11:01 AM on August 28, 2007
Personally, I've always been annoyed when I've sent mail to people who have some sort of challenge required. It always seems to happen when I'm going to be away from e-mail for a while, and so I find out days later that my e-mail didn't go through.
What spam filtering does Dreamhost offer? Have you made full use of the available options?
With some other hosting arrangements I've found that using SpamAssassin and turning on some of the non-standard network tests (like various blacklists - make sure they are consulted as part of the SA scoring, not before) and occasionally monthly training on misidentified mails can do a great job of catching spam and letting the "ham" through, even on >10 year old e-mail addresses.
Throw in greylisting and it gets even better if you are willing to risk 30-90 minute delays the first time someone e-mails you from a given address (there are actually ways of only greylisting messages that SA thinks look spammy anyway, but you need control over the SMTP MTA config).
posted by Good Brain at 11:01 AM on August 28, 2007
I've decided I want to switch my incoming personal emails to a whitelist system, which challenges the sender before allowing delivery.
Challenge-Response Anti-spam systems considered harmful
I am very happy with my bayesian filter -- it even does a pretty good job catching PDF, word salad, phishing, etc. And I guarantee that your "false positive" rate will be lower than the "aw fuck it" rate of people who just don't care to jump through a C-R filter's hoops. Way lower.
posted by jepler at 12:30 PM on August 28, 2007
Challenge-Response Anti-spam systems considered harmful
I am very happy with my bayesian filter -- it even does a pretty good job catching PDF, word salad, phishing, etc. And I guarantee that your "false positive" rate will be lower than the "aw fuck it" rate of people who just don't care to jump through a C-R filter's hoops. Way lower.
posted by jepler at 12:30 PM on August 28, 2007
So full disclaimer, I work for Boxbe.com, a site that will soon offer the service that you are looking for.
Currently, we offer protection for Gmail, Yahoo! Mail and a forwarding "x@boxbe.com" addresses. We are currently beta testing a domain level service that will protect all addresses at a given domain.
We're different than other services that use whitelisting in many different ways.
First, our service is free of charge.
Second, even challenge response systems won't work well when the "response" portion is outsourced, so we use payment as a mechanism to keep out unwanted email. 75% of that payment goes to you.
This is largely designed for legitimate marketers trying to get your attention. Spammers will never pay you to read Cialis ads.
Addressing the "backscatter" issue (backscatter is the term used for challenge messages sent back to forged addresses).
We use DKIM and SPF to verify the identity of senders. This limits messages to the "the poor schmucks whose e-mail addresses were used in the forged headers." Not everyone is using this yet, but both standards are rapidly being adopted.
http://www.ironport.com/company/ironport_pr_2006-04-19-1.html
Additionally, we don't send messages that SpamAssassin marks as definitely spam. This covers a fair percentage of email, but like any filter based system, it's not perfect.
Send an email to me at randy@boxbe.com. You'll get a preview of what unknown senders will see and I can get you included in the beta.
Cheers,
Randy Stewart
Boxbe Product Manager
posted by randy_stewart at 1:52 PM on August 28, 2007
Currently, we offer protection for Gmail, Yahoo! Mail and a forwarding "x@boxbe.com" addresses. We are currently beta testing a domain level service that will protect all addresses at a given domain.
We're different than other services that use whitelisting in many different ways.
First, our service is free of charge.
Second, even challenge response systems won't work well when the "response" portion is outsourced, so we use payment as a mechanism to keep out unwanted email. 75% of that payment goes to you.
This is largely designed for legitimate marketers trying to get your attention. Spammers will never pay you to read Cialis ads.
Addressing the "backscatter" issue (backscatter is the term used for challenge messages sent back to forged addresses).
We use DKIM and SPF to verify the identity of senders. This limits messages to the "the poor schmucks whose e-mail addresses were used in the forged headers." Not everyone is using this yet, but both standards are rapidly being adopted.
http://www.ironport.com/company/ironport_pr_2006-04-19-1.html
Additionally, we don't send messages that SpamAssassin marks as definitely spam. This covers a fair percentage of email, but like any filter based system, it's not perfect.
Send an email to me at randy@boxbe.com. You'll get a preview of what unknown senders will see and I can get you included in the beta.
Cheers,
Randy Stewart
Boxbe Product Manager
posted by randy_stewart at 1:52 PM on August 28, 2007
This thread is closed to new comments.
posted by rolypolyman at 10:06 AM on August 28, 2007