Stop Spam!

Take control of your inbox.
Eliminate SPAM from your life forever.

Stop Spam with Good Tools
and Techniques

You don't have to be a slave to your inbox.

With good, common sense techniques and a good spam filter,
you can turn spam from a major problem into, at worst,
a minor annoyance.

Many people incorrectly believe that the only way to fight spam is to get a good spam filter. But, you need to do something more. Granted, a good spam filter is an absolute necessity (see the sidebar below on "The Best Spam Filters"), but of almost as much importance is good procedure, on your part, before the spammer ever clicks "Send".

The Best
Spam Filters

Over the years, we have tested a wide variety of spam filter software for our clients and found two that stand out from the crowd - one for PC and one for Mac.

On the PC side, we strongly recommend SpamBully.

On the Mac side, the clear winner is SpamSieve.

Primary Criteria -

There are four criteria that a good spam filter must fulfill.

1) As the term implies, it must be extremely accurate at correctly identifying and quarantining spam.

2) But, it must be even more accurate at keeping good email out of the spam folder. After all, the only thing worse than spam, is losing a whole bunch of sales leads or an email from a long lost friend to an overly aggressive spam filter.

3) It must be native to your computer and work seamlessly with your computer's email program. For a PC, that probably means Outlook Express or one of the versions of Outlook. For a Mac, it must work seamlessly with Apple Mail and Entourage. It would be nice if it also worked well with Eudora, Mailsmith and PowerMail. Internet or server based spam filters are notoriously inaccurate or hard and time-consumming to deal with.

4) And last, but not least, it must NOT require any the sender to take special steps, such as Challenge/Response. Challenge/Response will absolutely keep spam out of your inbox - no doubt about it. But you will lose much more good email and maybe even customers to such a filter. Automated billing and banking software won't respond to challenges. Also, many people find such challenges annoying. I'm one of them. If I receive a challenge back from one of my emails, I remove that person/company from my address book. I just don't have time for such unnecessary nonsense. There are better solutions.

The market -

Unfortunately, some spam filters that do a very good job of correctly identifying spam, also block a lot of good email. When good email is blocked, this is called a false positive. It's the one thing that you don't want. Then, there are other filters that seldom ever block good email, but let too much spam get through. When spam is identified as good email, this is referred to as a false negative. It is not as bad as a false positive, but frustrating, nonetheless. After all, you expect a spam filter to block spam.

Some people think that it's not possible to have both and that you just have to settle for a good balance. Not so. It is possible to have the best of both worlds.

Accuracy -

A good spam filter will not only block more than 95% of spam, it will let more than 98% of good email pass. I have seen SpamBully function on many client machines. It starts off pretty well, but learns what you consider smam and gets more accurate, the longer you use it.

As for SpamSieve, on the Mac, it works pretty much the same. As I am writing this, my lifetime accuracy for properly identified spam on all of our Macs is 96.2% and the total for correctly identified good email is 99.8%. In fact, I can't remember the last time that a good email ended up in my spam folder or that someone sent me an email that I never received.

If your spam filter does not exhibit those kinds of statistics, then you need a better one.

Both SpamBully for PCs and SpamSieve for Macs offer the option to purchase now or to download a FREE full functioning trial version. If spam is getting through your filter or good email is getting quarantined, then we encourage you to try one of these excellent products. It won't cost a thing and you'll be glad you did.

Additional Criteria -

There are other things that we should expect of a good spam filter, besides accuracy. These are items that let you personalize the spam filter.

For example, it should also give you intuitive controls to enable you to tweak the settings and sensitivity of the filter, to fit your individual needs. In particular, you should be able to easily change the sensitivity (threshold), to meet your needs.

It should also use personalized blacklists and whitelists that you define. Under no circumstance should it use some general blacklist that is found somewhere on the Internet, maintained by some faceless blacklist Gestapo. Those blacklists are known to be terribly inaccurate and have caused serious problems for many reputable companies. Besides, if those internet blacklists worked, there would be no spam.

Another positive, is the ability to add personalized rules to the filter. Among the ways that such a filter can be used, is to trigger a form trap, as discussed in the main section of this page.

Finally, a good spam filter should have the ability to bypass the normal email notification method of your email program and notify you only when good email arrives.

Don't Rely on ISP Filtering -

Here is a final point that we strongly recommend. If your ISP implements spam filtering, turn it off. If it can't be turned off, change ISPs. Those ISP-based filters are very general and some are even based upon one or more of those Internet blacklists. Their false positive percentage is almost always totally unacceptable. If people send you emails that you never receive, it could be because your ISP's spam filter is blocking it.

If you remember only one thing from this page, remember this. Keep your spam filtering on your computer, where you can control it.

Our Recommendations -

Of all of the products that we have tested and that fit all of our criteria, two spam filters clearly stand out from the crowd. Both of them are highly effective at identifying and segregating spam, while almost never flagging a good email as spam. This is partly because they are easily tailored to meet the user's specific needs. Both also rely upon internal, personal whitelists and blacklists and will allow the user to define custom rules, to improve accuracy. Of course, they work well with the major email applications for their respective platforms.

For PCs -

For PCs, the product that we recommend is SpamBully. It stands out largely because of its Bayesian statistical analysis of your email and partly because it will, if you choose, provide the same analysis of web sites linked to in your emails. Bayesian analysis allows SpamBully to actually learn and get more accurate over time. Their Bayesian filter is not yet up to the level of the best on the market. But if you want a better Bayesian filter, you have to be running a Mac. Spam Bully is certainly the best on a PC. But SpamBully offers one more thing that I dearly love. It implements a "Filter that fights back" option, in that it will repeatedly hit the web sites of spammers who send you email, potentially running up their web hosting costs, if enough users implement this feature. We encourage PC users to Stop spam cold, with SpamBully! The download is FREE and full functioning for 14 days. Try it now.

For Macs -

For Macs, the product that we recommend is actually shareware. We use it on all of our Macs. No other spam filter for Macs compares, including the filter in Mac Mail. It's just the best spam filter available anywhere, at any price, for any system. SpamSieve was actually one of the first spam filters to make use of Bayesian statistical analysis to analyze email traffic. That's probably why it's a leader in this technology, today. It works with all major email programs for Mac. Take control of your inbox with SpamSieve! You can buy it now or a FREE, full functioning download is available. Try it now.

Stop Spam NOW!

Don't wait another moment. Get one of these free downloads now and take control of your inbox! You'll be glad you did.

The Best Technique

The technique that I'm talking about is the way that you use your email address, on the Internet. The reason why this is important is because spammers use email address "harvesters," that work much like the search engines, to scour the Internet for address that have been posted on web sites and forums.

We will take each one as a separate issue.

Forums and Chat Sessions

Every time you post your email address on a public forum or even on your own web site, you are effectively making it available to those harvesters. It's like shouting to the spammers, "Hey! Here's my email address."

"But, I obfuscate my email address every time I post it," you say. "So, the harvesters can't find me?"

Well, that's good, but it may no longer be true, since the spammers have made their harvesters smarter.

Of course, if you don't know what email address obfuscation is and you post to forums, then you are a prime target for harvesters and you probably get a ton of spam.

But, don't worry. There are ways to post your email address, so even the most advanced harvesters won't see it. Most people have seen some of the old ways of obfuscating email addresses and some of you may even use some of them. But, as I said above, the harvesters are getting smarter. Therefore, what you have been doing for the past few years, may no longer be effective at fighting spam.

When harvesters first appeared on the scene, people who were used to posting their email addresses on forums, simply began "obfuscating" their email address, whenever they posted it. In other words, they changed from posting their real email address, to posting an equivalent, non-operative version of that address. So,

myname@my-domain.com

then became,

myname at my dash domain dot com

Such simple "obfuscation" worked for a while. But, the spammers caught on and the harvesters began getting smarter. Most were quickly able to see through such simple obfuscation. The next step was to add special characters to the obfuscation. So, the above email address becomes something like,

myname "at" my "dash" domain *dot* com

or even,

myname / at \ my / domain \ dot / com

But, once again, the spammers caught on, the harvesters got smarter and those tricks became useless.

The newest method of obfuscation uses instructions to the reader that the harvesters are not likely to defeat any time soon. The result is and email address that may look like,

mynyellowame@my-dogreenmain.com
forget the colors

or maybe,

mynzme@my-domzin.com
swap z for a

These are instructions that a human reader can easily decipher, but because the variations are so limitless that, until real artificial intelligence becomes reality, this technique should work against the harvesters.

Web Site Contact Info

(Note: This section applies only if you have your own web site. If you don't have your own web site, then you can skip over the section in this green text. On the other hand, if you do business on the internet, then pay close attention to this section.)

If you are doing business on the Internet, you need a way for customers and potential customers to contact you. But, you don't want to display your email address like you would in one of those forums, as described above. So, what do you do?

Many web sites don't include an email address, but instead, use a feedback form. The form acts as a front-end for a Perl script that actually sends an email to your designated email address, while obscuring that email address from the user. This is generally very effective.

It should be noted, however, that some spammers now have tools that work along the lines of the email address harvesters, but aimed at feedback forms. They crawl the Internet, looking for feedback forms and then attempt to post their spam into the form.

It's generally pretty easy to defeat such form spammers. If you are really concerned about misuse of your form, you can create and elaborate Javascript challenge/response device, to stop them from posting their spam to your form. But, it's much easier to just set a trap in your form, to stop the spam from reaching your inbox.

Such a form trap would be designed to trigger a rule in your email program or spam filter. It would depend upon what the visitor sees and what the robot sees. You would have to tailor your trap to fit the requirements of your form. Here is one idea of how to set a spam trap in your form.

Set the form to send only those fields that are filled out. Near the top of the form, include instructions to the visitor, that as an anti-spam device, the second address line must have something in it, even if it is only an "x", if the form is to be received. Your human visitors will understand that. The robots will not. Since the robots generally only fill in certain fields, this means that any form submission that has an empty field is spam.

If you or your web designer knows enough Perl, then you can stop the mail right there. But, let's assume that you don't have that ability and don't want to spend the money to have it done.

All that you need to do is to set up a rule in your email program, that will look for any email that has a "Subject" that matches the form's subject line and that does not include in the message body, the text "Address2:". Since your form is set to only send fields that were filled out and the "Address2" field was not filled out by the robot, the spammed form will not include the text, "Address2". Simple.

In fact, this may be too simple. Eventually, the spammers will learn to fill in all of the form fields. But, this gives you an idea of the kind of easy things that you can do, to trick the form spammers. Just learn to use your email program or spam filter rule editor and use your imagination.

Do you need your email address visible?

But, what if you still want to post your email address to your web site? There are ways to do that, too.

One way is to do it with JavaScript and that can be very effective and it is virtually impossible for the harvesters to collect your email address, when it is hidden this way. But, I tend to avoid basing anything important upon JavaScript or any plugin, since not all visitors will have JavaScript enabled or have the relevant plugin. Therefore, some visitors may not be able to see your JavaScript generated email address.

Another way is to place your email address in an image (JPG or GIF) file and display it on your web site, without a link. Of course, this means that visitors will have to manually open up a new email window and type in your email address. In my opinion, that's just not user-friendly enough.

Obfuscating an HTML email address

Instead, I prefer to use plain old HTML to obfuscate my email address. This is similar to what you do with forum postings, but the obfuscation is visible only to the robot and not to the visitor. For this, we will use three different techniques - HTML codes, ASCII codes and HTML commenting.

There are two ways that you can specify the entire alphabet in an email address. One uses what is called ASCII codes and it looks something like this.

%6e%6f%73%70%61%6d

The number after each percent sign (%) represents a letter or number. In this case, it spells "nospam". The other method uses HTML codes and it looks something like this.

nospa
m

This method can also be used for displaying characters on the screen. For your information, the above representation also spells "nospam".

We are going to combine these two methods, with plain text and HTML commenting, to obfuscate our email address. Commenting takes the form

<!-- this is a comment -->

So let's obfuscate our email address that we used above, "myname@my-domain.com". For this, we supply you with a table of both ASCII and HTML codes. It can be found at http://GurusInc.com/html_ascii_charts.shtml. To make it easy, in the example, I have extracted codes from the larger table, to make a table containing just the letters in the email address, along with the two other forms of expressing those characters.

Obfuscating the Obfuscation

To obfuscate the email address, we won't replace the whole address with code. To make it more difficult, we will use pieces of each column (including the plain text letters), for the operative part of the address and pieces from just the Letters and HTML columns, for the display part. We will also include some some HTML comments that contain a bogus email address, just for good measure and add line breaks in the comments, on top of all that. I call it obfuscating the obfuscation. It produces some pretty grotesque code, but it seems to work.

Here, we have created a table of the letters in the email address and their ASCII and HTML equivalents.

m

%6d

&#109;

y

%79

&#121;

n

%6e

&#110;

a

%61

&#97;

m

%6d

&#109;

e

%65

&#101;

@

%40

&#64;

m

%6d

&#109;

y

%79

&#121;

-

%2D

&#45;

d

%64

&#100;

o

%6f

&#111;

m

%6d

&#109;

a

%61

&#97;

i

%69

&#105;

n

%6e

&#110;

.

%2e

&#46;

c

%63

&#99;

o

%6f

&#111;

m

%6d

&#109;

Now let's randomly pick from the above columns and add in some comments, to obfuscate the address. This is what the code ends up looking like. Notice the phony email address in the comments and the line breaks. We don't know what will break the harvesters, so we throw them every permutation that we can think of.

<a href="mailto:%6dy&#110;<!-- moron@gmrfq.com
   -->%61m&#101;%40&#109;%79%2Dd<!-- moron@gmrfq.com
   -->%6f%6dai&#110;%2e&#99;%6f%6d">&#109;&#121;n<!-- moron@gmrfq.com
   -->&#97;&#109;e&#64;m&#121;-&#100;o<!-- moron@gmrfq.com
   -->m&#97;&#105;n&#46;&#99;o&#109;</a>

It looks like garbage, doesn't it? That's what we hope the harvesters will think. Yet, this is what the visitor sees.

myname@my-domain.com

If you click on that link, your email program should open a new mail window, with that email address in the "To" line. You have just obfuscated your email address. There is no doubt that some harvester will come along that will decipher all that garbage. There may already be such a harvester. But, based upon some bait email addresses that I have out there that are obfuscated in this manner and that cannot be seen by human visitors, I feel comfortable in concluding that if such harvesters exist, they are not in broad use, since none of those email addresses have ever received any email. But, that could change tomorrow.

Stopping Spam Can be Easy

Fighting spam can be a constant battle, but you can make it an easy win. Just remember to be careful with how you post your email address. Of course, you should be aware that if your email address is already plastered across the Internet, in plain text, then the only way that these suggestions will help, is if you start with a new email address. The idea is to make it difficult for the spammers to get your email address, in the first place. Then, of course, make sure that you have a good spam filter. Our recommendations for the best spam filters are:

Download iHateSpam
SpamBully for PCs
 
SpamSieve for Macs

Download the one you need NOW!

Both offer FREE Fully Functioning trial versions.

 

Top of Page


Copyright 2006 John Gaver
Privacy PolicyOffsite Privacy Commentary