Email spam getting to me [Telecom]

I know that John Levine reads this group and is also involved with the whole spam issue. Maybe he, and others, can provide some therapeutic responses for the following ramblings on solutions for email spam.

The email spam problem on my university email account (which is the only personal email account I have or ever want to have) is at this point really getting to me.

Despite pre-filtering by the best filters that Stanford IT can provide for its university servers, followed by further filtering by numerous filters I've created in my own Eudora POP client and years of training of Eudora's Junk filter, an ever-growing amount of egregious spam has been showing up in my IN box in recent months.

After looking at a lot of online discussions of this issue, I've come to believe that (a) searching for ever more intelligent recipient-end filtering methods to cope with every more ingenious spam attacks, or (b) waiting for global solutions to this problem to emerge from higher management levels in the Internet or from governmental agencies, are both equally hopeless endeavors.

Given this, I'm seriously thinking of a ruthless two-part response which will not depend on any actions by anyone else:

1) I'll discard any and all of these intelligent filtering techniques and convert to a ruthless "pure whitelist" filtering approach: nothing gets through to my IN box that doesn't come from a sending address that's already in my address book, or otherwise on my whitelist. (I do realize that this will still be vulnerable to some extent, but at least it's simple and straightforward).

2) But at the same time, I'd still like to be reachable, at least once, by distant or unknown colleagues, students at distant universities, and other potential new correspondents who aren't already on my whitelist.

So, I'll also post prominently on my university web page a code phrase which, if put in the Subject: line of an email message or somewhere similar, will ensure that a email message will also get through to me. This code phrase will change from time to time, may be described in a way that will hinder robotic capture, may even be Captcha-protected. Pretty much anyone who wants to reach me (or whom I want to reach) is likely to know how to search for my personal or institutional web page to get my email address. If this technique of adding a code phrase on your web site or FaceBook page become a widespread email convention, it could go a long way to solving the "initial contact" problem for those of us who use whitelist filtering.

Reactions to this? Is there any better way?

[ Moderator Note: If you implement your 'whitelist only' approach, realize that Telecom Digest/comp.dcom.telecom readers will _not_ be able to send you responses to anything you post. Please consider including a way to let those messages in. :) ]
Reply to
Loading thread data ...

May I suggest you get a Gmail account and pop the mail off your university email server with that? Gmail will filter out the spam, and does so in a remarkable way. When using pop, there is a small time lag, and if that bothers you, forward the university mail instead of popping it. You can set up the university email address as a "from" address within Gmail, and filter as needed with Gmail's filters. I've found that Google's spam filters are remarkable, with few false positives.

Reply to

Thanks for suggestion. Haven't tried Gmail -- and, to be honest, probably won't want to expend enough free time and effort to give it a fair trial. But, I guess I'm also skeptical that the good guys (filter designers) will ever be able to keep ahead of the bad guys (spammers) over time. Nonetheless, thanks -- that wasn't an approach that I'd encountered previously

Reply to

I concur with the suggestion that you use gmail. You can either set up your Stanford account to forward to your gmail account, or you can tell gmail to poll your Stanford mailbox with POP. Either way, you can configure gmail to put your Stanford address on outgoing mail if you want.

Gmail's filtering is likely to be better than Stanford's for two reasons. One is that the more mail you can look at, the better a job of filtering you can do, since you can look for more interesting patterns as well as just looking for lots of copies of stuff. The other is that university mail systems tend to do a fairly lame job of filtering, partly because they're small mail systems with limited budgets, partly because faculty members who know nothing about computers are paranoid about their mail being "censored" so it's politically hard to do the kind of hard blocks they need to do.

You can demand a magic word in your incoming mail if you want, but I think you will find that you overestimate how many people are willing to jump through hoops to send you mail, so they just won't bother.

R's, John

Reply to
John Levine
[[ Moderatr note: Its time to call this subject closed. ]]

Suit yourself. My email addresses have been posted on the Internet for years, and so attract a lot of email, which all gets delivered to Gmail. One recent 48-hour period saw 1244 pieces of spam caught by Gmail, and only two pieces of spam made its way through Gmail's filters, with no false positives (I looked). Those two pieces were unusual --- ordinarily I don't see any spam. I've got a few filters in place that label mail based on sender, but unlike when I used Yahoo Mail, with Gmail, I don't need to institute filters for spam, unless it's real email that I just don't want to get.

As John said, Gmail is much better than a magic word (or the irritating email processing services which demand your correspondents go to a website and whitelist their email address). People rarely are going to bother with either if they're trying to communicate with you.

If you really want to be old-school, you can forward all your Stanford email to a Gmail account, and then use Eudora to pop it off Gmail, sans spam. Sort of a silly way to do it, particularly with all the benefits that a Google account brings (photo storage, G+, personalized news, etc.), but it can be done, and Gmail wouldn't care if you read it with Eudora, since they allow POP both in and out of Gmail, and IMAP for messages housed on Gmail.

It'll take just a few minutes to set up, and then you're spam-free. Tuning it to your own personal preferences may take a little longer if you use labels, but not that long.


Reply to

I might presume that Stanford is using something based on SpamAssassin for spam filtering.

We use SpamAssassin here, have for several years, and have discovered a few tricks to make in incredibly effective. You may have to work with the IT folks if you don't have shell access to the machine hosting your e-mail account.

The real trick to get SpamAssassin to work is to properly train it to recognize ham and spam from your personal perspective. This typically takes a few months of normal e-mail, and SpamAssassin will not use the Bayesian filtering until it's been properly trained.

You need to train this on samples of YOUR ham and spam.

Some make the mistake of feeding well-known spam corpora to it, and the results are ineffective. Likewise, it needs a good dose of your ham as well as your spam.

For some users we've created batches to routinely feed their spam and ham to the sa-learn utility, and for some very troublesome accounts it's been quite effective.

Hope this helps.

Reply to

I can confirm that Gmail's spam filters are preternaturally effective. Over several years, the three Fmail accounts I have dominion over have seen precisely *one* mis-characterized email -- a non-spam deemed spam

-- and that was it.

There's a collateral issue, though, of whether you want google sifting through your university emails for interesting Search-relevant details.

Cheers, -- tlvp -- Avant de repondre, jeter la poubelle, SVP.

***** Moderator's Note *****

I'm closing this thread: the subject is too far outside the Digest's core.

Bill Horne Moderator

Reply to
tlvp Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.