Discuss SPAM Traps?

[The Gorn]

The thread about SPAM makes me pose the following question: How do you guys handle incoming SPAM, either at your personal account level, the business/corporate level, or both? (I don't mean, how do you keep from getting spammed in the first place. This is an entirely separate topic.)

I can enumerate the following strategies for fighting SPAM at the receiver end:

1) Nothing special. Manually hand pick valid emails from the spam. Delete the spam manually.

2) Identify SPAM-receiving "dirty" email addresses and phase them out: re-register a new "clean" address at any sites that *must*  have a current address for you. Eventually, ignore dirty addresses.

3) Use a custom domain name of your own choice and use with it a mail server that allows all emails that end in that domain name to go to a designated mailbox. (This allows you to "create" new email addresses ad hoc by simply inventing a new name prefix.) Create a "new" custom address in that domain for every single purpose for which you need an email address. IE, an Amazon account would have amazon@me.com; Ezboard, ezboard1@me.com; etc.

4) Direct "dirty" SPAM receiving email addresses that are no longer used, to generate a bounce back to the sender.

5) Direct "dirty" SPAM receiving email addresses that are no longer used, to a "black hole".

6) Baysian filters at either the email server end or the POP client end.

7) Any of the "whitelist" based or challenge/response based email systems that generate an authentication message back to the sender in order to confirm whether there is a human behind the enter key. Examples: Choicemail, MailGuard, BrightMail.

My personal choices: 2, 3, 4. Reasons: simplicity and ease of management. The use of a custom domain name to identify usages of email addresses is a keystone of my approach. I don't need to "register" a new address anywhere, each address is invented by me for a role or a purpose.

I don't "believe" in Baysian filters. Anecdote: I recently had an experience where a business card had the person's personal email address printed on it, but he didn't get an email I sent to that address. When I finally called him on the phone he said that my message was trapped by anti-spam measures soo he added me to the whitelist and finally replied to my message. The header of my message (in his reply) said "Baysian Filter Caught Suspected SPAM". So in other words, a Baysian filter stupidly flagged a human written email as SPAM...

And I don't buy into challenge/response systems. I used to rely on a "bounce" message that contained instructions to resend to a correct address, a rudimentary form of challenge. I had a few people who received this message who were just computer illiterate enough (AOL users ) that they just didn't bother again because they were too confused. That's my objection: challenge/response is not intelligible to many end users.

Any thoughts?

[John Masterson]

I don't get many unsolicited emails from prospective customers, so I use ChoiceMail.

I was DROWNING in SPAM. I had to do something.

[jbucks]

At the Corp level,
  - Linux based, sendmail.
  - Blocking almost of all of asia, central europe, south america, portugal, etc. at the firewall running on the mail server.
  - Make heavy use of black lists (ORB, SpamCop, DNSBL, etc.).
  - On top of that,  running procmail and sanitizer with some fairly agressive rulesets.
  - Enforce the user of older (dumber) Web Browser and mail clients (Netscape Communicator 4.79) to prevent the harvesting via modern "smart" mail messages on all user workstations.

   The above catches a *LOT* of the spam crap.  My users get 0 - 5 spam messages a day in their mailboxes.  But, my mail server still processes and discards thousands a day.

I've noticed a definite uptick on the quantity of spam since Jan 1 (i seem to recall new laws went into effect then) from the likes of yahoo.


At the personal level:
  - I am currently using Spam Inspector on Outlook 2000.  I was manually maintaining spam rules, but this little goodie does a pretty good job of letting the right stuff in (after a day or two of training it).  I have to manually process / reject  / report about 5 - 10 a day now.
  - I also use an email naming convention for my domain whenever I must provide an email address on line that allows me to add a local rule and automatically reject / report any suspicious use of them address.  For instance, if I'm signing up for an on-line mag subscription to the Wall Street Journal, I would use jbucks_wsj@procci.com.  Once I start getting UCE from anyone BUT SWJ, I file a complaint to them and then start bouncing the messages to the originator AND SWJ (since they obviously sold my address without my permission).
The above is automated with rules in Outlook.

Jim