Seeking Alternative to KnowSpam (75,000 Spam; Supplemental to Spam Assassin)?
December 2, 2004 10:00 AM Subscribe
My Knowspam.net subscription expired, good riddance. The lack of updates to the system made it rather annoying to use for most of this past year. I got about 75k spam emails this past year including the ones Knowspam couldn't catch, and spam assassin on it's own is not enough. Is there a better alternative?
Best answer: Change your e-mail address now. If you are getting 75,000 spams a year your e-mail address is no longer useful.
Get your own domain and your own mail server and use a separate e-mail address for trusted contacts and for giving out to the public. In fact, use several public e-mail addresses -- one for each untrusted contact -- and periodically deactivate the ones that have begun collecting spam. Use a catch-all address so you don't have to create all these mailboxes separately.
I suggest using different filtering for some of your public e-mail addresses: for example, most of my public e-mail addresses require that the message have my domain name in the message To line, have a message ID, be plain text, and be less than 32K in length. E-mail sent to the address I use for domain registrations MUST be from my registrar. I also reject all e-mail with a content-encoding for a language I can't read (e.g. BIG-5 is a common Asian encoding, all the BIG-5 mail I get is spam). Any rejected mail is bounced with a message containing an unfiltered address, so the original sender can resend if it was rejected erroneously. (This unfiltered e-mail address might eventually start collecting spam, if spammers start harvesting addresses from bounces, so be prepared to deactivate it -- but this hasn't happened to me yet.) All this happens on the server, so I never see it in my client.
Use a spamtrap. A spamtrap is a special e-mail address that you make public, which is alphabetically close to your real e-mail address. You put this address on your Web site so it will be harvested by spammers, but not in a place anyone would think to actually click on it. Any e-mail sent to that address is rejected as spam, even if it is also sent to other valid addresses at your domain. Since spammers tend to use a number of recipients for each messages (it's faster to send one message with 50 recipients than to send 50 separate messages), this will catch a good amount of spam. You can forward any e-mail addresses you have to deactivate to the spamtrap, so they also become red flags for spam.
Encode your contact e-mail address on your Web site, or don't post one at all, or use a contact form. If you post on Usenet, put an invalid or spamtrap address in your From line and put a public address in your Reply-To line. (Address harvesters for Usenet tend to use XOVER to get headers from their Usenet server, which typically contains From but not Reply-To.) The account you use for Usenet responses should include filtering that verifies it is being sent as a response to a Usenet message: subject begins with Re:, AND a header such as In-Reply-To or Newsgroups or User-Agent or X-Newsreader exists, AND your address is in the To line. Stuff like that.
I see between 3-5 spams a day, and my client-side Bayesian filter catches all of those. I recommend SpamSieve for Mac or SpamBayes for Windows.
posted by kindall at 10:44 AM on December 2, 2004
Get your own domain and your own mail server and use a separate e-mail address for trusted contacts and for giving out to the public. In fact, use several public e-mail addresses -- one for each untrusted contact -- and periodically deactivate the ones that have begun collecting spam. Use a catch-all address so you don't have to create all these mailboxes separately.
I suggest using different filtering for some of your public e-mail addresses: for example, most of my public e-mail addresses require that the message have my domain name in the message To line, have a message ID, be plain text, and be less than 32K in length. E-mail sent to the address I use for domain registrations MUST be from my registrar. I also reject all e-mail with a content-encoding for a language I can't read (e.g. BIG-5 is a common Asian encoding, all the BIG-5 mail I get is spam). Any rejected mail is bounced with a message containing an unfiltered address, so the original sender can resend if it was rejected erroneously. (This unfiltered e-mail address might eventually start collecting spam, if spammers start harvesting addresses from bounces, so be prepared to deactivate it -- but this hasn't happened to me yet.) All this happens on the server, so I never see it in my client.
Use a spamtrap. A spamtrap is a special e-mail address that you make public, which is alphabetically close to your real e-mail address. You put this address on your Web site so it will be harvested by spammers, but not in a place anyone would think to actually click on it. Any e-mail sent to that address is rejected as spam, even if it is also sent to other valid addresses at your domain. Since spammers tend to use a number of recipients for each messages (it's faster to send one message with 50 recipients than to send 50 separate messages), this will catch a good amount of spam. You can forward any e-mail addresses you have to deactivate to the spamtrap, so they also become red flags for spam.
Encode your contact e-mail address on your Web site, or don't post one at all, or use a contact form. If you post on Usenet, put an invalid or spamtrap address in your From line and put a public address in your Reply-To line. (Address harvesters for Usenet tend to use XOVER to get headers from their Usenet server, which typically contains From but not Reply-To.) The account you use for Usenet responses should include filtering that verifies it is being sent as a response to a Usenet message: subject begins with Re:, AND a header such as In-Reply-To or Newsgroups or User-Agent or X-Newsreader exists, AND your address is in the To line. Stuff like that.
I see between 3-5 spams a day, and my client-side Bayesian filter catches all of those. I recommend SpamSieve for Mac or SpamBayes for Windows.
posted by kindall at 10:44 AM on December 2, 2004
Best answer: I've had great sucess with a combination of SpamAssassin and setting the mail server up to use the SpamHaus SBL.
posted by cmonkey at 11:47 AM on December 2, 2004
posted by cmonkey at 11:47 AM on December 2, 2004
I've heard a lot of frustrated knowspam users (I, too, am annoyed) have gone to mailblocks.com, which is another whitelist challenge/response service but has better uptime and more features.
I'm seriously considering just moving to gmail next year though.
posted by mathowie at 11:55 AM on December 2, 2004
I'm seriously considering just moving to gmail next year though.
posted by mathowie at 11:55 AM on December 2, 2004
Best answer: I have changed my primary email address four times over the last 5-6 years. Its a pain in the ass. I just discovered that my current private email address is in the hands of spammers. I'm sure some not-so-internet-savy friend or relative probably group mailed to the wrong person who forwarded on without removing addresses, etc . . . I use all the tricks advised of above and it makes no difference. When I register for anything I use domainname.com@mydomain.com, and yet they still find my primary email address.
My point? Changing your email address is a band-aid solution for a much bigger problem. I would advise the poster NOT to change your email address. Of course I haven't found a good alternative yet. But it just seems like you're letting the spammers win if you change over your email address every time it gets on their lists.
Oh yeah, and I've been joe jobbed twice from leaving my domain with catch all email addresses, so having your own domain with a catch all isn't exactly a perfect solution either. There is nothing like waking up to several thousand bounced emails in your in box.
posted by [insert clever name here] at 12:04 PM on December 2, 2004
My point? Changing your email address is a band-aid solution for a much bigger problem. I would advise the poster NOT to change your email address. Of course I haven't found a good alternative yet. But it just seems like you're letting the spammers win if you change over your email address every time it gets on their lists.
Oh yeah, and I've been joe jobbed twice from leaving my domain with catch all email addresses, so having your own domain with a catch all isn't exactly a perfect solution either. There is nothing like waking up to several thousand bounced emails in your in box.
posted by [insert clever name here] at 12:04 PM on December 2, 2004
DSPAM works wonders. It has eliminated almost every bit of SPAM for us. And it is open source. If you don't like it, the cost is only the time it took to install it.
It's very very accurate, and is being updated constantly. I highly recommend it.
posted by stovenator at 12:25 PM on December 2, 2004
It's very very accurate, and is being updated constantly. I highly recommend it.
posted by stovenator at 12:25 PM on December 2, 2004
Mailblocks got gobbled up by AOL and isn't taking new signups.
http://support.mailblocks.com/signup.aspx
posted by rschroed at 12:44 PM on December 2, 2004
http://support.mailblocks.com/signup.aspx
posted by rschroed at 12:44 PM on December 2, 2004
Response by poster: I have a hosted site, so the email receiving and sending is done via someone else's server. DSPAM looks cool but I've no clue if I can get it to work with my host. Mailblocks.com looks like just what I'd use but they stopped offering sign ups since AOL bought 'em.
I feel handicapped because I pay for co-hosting, but on the plus side it's cheap, and I don't have to run and maintain a server at home for the other cheap way of doing things.
Getting a new email address is not really something that matters because I already do have a seperate email address for friends and family which gets hardly any spam. The email address in question is my very public riffola (AT) riffola (.) com one.
posted by riffola at 12:51 PM on December 2, 2004
I feel handicapped because I pay for co-hosting, but on the plus side it's cheap, and I don't have to run and maintain a server at home for the other cheap way of doing things.
Getting a new email address is not really something that matters because I already do have a seperate email address for friends and family which gets hardly any spam. The email address in question is my very public riffola (AT) riffola (.) com one.
posted by riffola at 12:51 PM on December 2, 2004
Yeah, change the address. Seriously. It's a pain, but the best way to stop the spam. Then don't use it anywhere, and have it just for friends, not mailing lists or anything.
posted by adampsyche at 2:08 PM on December 2, 2004
posted by adampsyche at 2:08 PM on December 2, 2004
I find Cloudmark a good answer to this problem.
changing email is not an option for me
posted by adamvasco at 2:24 PM on December 2, 2004
changing email is not an option for me
posted by adamvasco at 2:24 PM on December 2, 2004
Change it to something similar: the.riffola@riffola.com | riff@riffola.com. Then set up your server to only allow that stuff through to you...
posted by humuhumu at 2:26 PM on December 2, 2004
posted by humuhumu at 2:26 PM on December 2, 2004
popfile. Been running it since August, 2004 ... 99.75% accuracy at detecting spam. 69,131 spams since then, 167 mistakes. FREE.
posted by crunchland at 2:56 PM on December 2, 2004
posted by crunchland at 2:56 PM on December 2, 2004
spamassassin works a lot better if you train its Bayesian filter.
posted by Nelson at 4:15 PM on December 2, 2004
posted by Nelson at 4:15 PM on December 2, 2004
I get even less than kindall, at least in terms of number of pieces that actually get through the shell accounts. I use mailshell.com for infinite disposable shell accounts. Highly recommended.
posted by stavrosthewonderchicken at 4:22 PM on December 2, 2004
posted by stavrosthewonderchicken at 4:22 PM on December 2, 2004
I've been joe jobbed twice from leaving my domain with catch all email addresses ... There is nothing like waking up to several thousand bounced emails in your in box
Oh yeah. This is pretty easy to filter for too... Return-Path = <> and To does NOT contain your domain name. I just throw those out entirely. Poof.
posted by kindall at 5:33 PM on December 2, 2004
Oh yeah. This is pretty easy to filter for too... Return-Path = <> and To does NOT contain your domain name. I just throw those out entirely. Poof.
posted by kindall at 5:33 PM on December 2, 2004
Er, sorry, you filter on To contains your regular e-mail address for the bounces. I only ever send from one address so bounces that come to any other address at my domain are bogus.
posted by kindall at 5:37 PM on December 2, 2004
posted by kindall at 5:37 PM on December 2, 2004
« Older Jazz music recommendations beyond Miles and... | I Don't Love My Partner's Children as Much as My... Newer »
This thread is closed to new comments.
posted by humuhumu at 10:39 AM on December 2, 2004