Spam filters

I decided to build this page because spam continues to be a growing problem. If you include your real email address when you post to public newsgroups, if you send more than a minimum number of emails or give out your address to more than just a few select people, or if you have your email address published on people-finder services or web pages you know what I mean.

Programs available:

I tested Spam Killer back when it was free.

The filter controls in this program are better than the standard ones in my Netscape Messenger, allowing greater control over what is filtered. It also comes standard with a large selection of filters, plus you can get updates from McAfee on these filters making it a good tool for ongoing filtering.
That's the good news; the bad news is you have to check Spam Killer, then check your mail: now two places to check mail instead of just one.
It also isn't perfect, lots of spam still gets through - and some mail that I wanted was getting stopped as spam.

Ultra Spam Filter is software that works with most email programs. It's a separate program like Spam Killer.
I tested a program called Spam Inspector and found it to be about the best program around for automaticaly filtering spam. Instead of being a separate program it integrates right into your email program. Program updates and filter updates are free and automatic. There are versions for Outlook, Outlook Express and AOL. The latest news on this product is the company's been bought by Microsoft. The filter rules it uses seem to be about 60% effective, plus it has a couple of features I like:

It has a Bounce button. This sends an error message to the spammer which hopefully will convince them to take you off their list.
It has a pair of buttons called "Not Spam" and "Is Spam". Both of these provide feedback to the program's filter maintenance team including a copy of the email message in question so that they can further tweak their filters.

Another program that is similar to Spam Inspector is called I Hate Spam, a very appropriate name in my opinion. I haven't tried it myself so I can't tell you how well the filters work but it integrates into the Outlook/Outlook Express email program like Spam Inspector, has a Bounce button but lacks the Not Spam and Is Spam buttons.
SpamCop only works with Outlook.

It works by retrieving your POP mail on their server and filtering, then you get the mail that's left from your POP address on their system. This requires a change to the setup of your email program to point to the SpamCop mail server.
Management of filtered messages requires logging onto a web page on their server instead of messages being moved to your Deleted Items folder as with Spam Inspector.
It has one feature that is similar to Spam Inspector: the feedback from the users on identified spam messages is used to update their filters.

Despammed.com works like SpamCop.

It's free but ads are appended to your emails.

Mozilla, the open-source version of Netscape, now has automatic filtering built into the email program by the user identifying emails as spam or not. Presumably a future version of Netscape will include this. It's a free product.

This uses a standalone filter set so there is no feedback to a central server anywhere, so no hope of benefitting from other's filtering efforts. It starts with no filters at all. You train it by clicking the Junk button while you have a spam message open that it didn't identify as such and by clicking the Not Junk button while you have a message open that's not spam that it thought was spam. The way it automatically filters is smart enough it's pretty effective in only a short time, a couple weeks to a month is typical from what I have seen.
I compared Mozilla to Spam Inspector by having two computers get the same mail from the same account for a few months. (One computer was set to remove the messages from the server and the other one wasn't so it was the very same email they were both receiving.) I found Spam Inspector was about 60% effective from the beginning as it comes with a preloaded set of filter rules. Mozilla was 0% effective at the start because it had no rules. Over a period of a few weeks Mozilla learned and got to about 90 to 95% accurate - and Spam Inspector was still only 60% accurate. I think the reason SI is less accurate is because they're building their filters to work best for everyone who uses their product. When you train the filters yourself it can be very accurately tuned to your definition of spam. The downside is you have to do it yourself, whereas with SI the people who made the product take care of maintaining the filters for you. If you feel you must stay with Outlook or Outlook Express then I'd recommend this product to you but if you are willing to switch then Mozilla is what I recommend.
The type of automatic filtering Mozilla uses is called Bayesian; read more about it and efforts by Paul Graham using it to block spam.

Services available:

There are online filtering services that catch and delete the spam on your server before it ever gets to you. This eliminates the two-step mail check issue with Spam Killer and similar programs, but for most of these it's a monthly fee for the service so more costly. Many ISPs are now adding spam and virus filtering to the mail servers, often at now extra cost. I see this as a further indication of how much the spam problem is growing. My email and web hosting is through Blacksun, and they have added virus scanning and spam filtering to their accounts. Nothing is perfect in the field of spam filtering but I have noticed a dramatic reduction in received spam since this was added. (If you're looking for a good hosting service, I highly recommend them, and no, I don't get any monetary consideration from them for recommending them.)
Atqui requires that a user who is attempting to send you an email message verify themselves in an extra web page step. Spamming programs are completely blocked by this approach.

Works with any email program as no changes are made on the user's computer.
Annual or bi-annual fee.

Herbivore uses any mail client and existing accounts.

Uses feedback system to see if a particular message has been bulk sent to lots of users
Doesn't appear to have content filtering.
Annual fee.

What I did before on my Netscape mail program was just manually build filters. I was always adding to this because spammers are always coming up with new wording for their spam partly intentionally to avoid filters and partly to find new ways to say what they're saying in an effort to hook new people. I stopped updating these filters for awhile, however the percentage and total number of spam messages I receive has continued to rise so I have resorted to manually filtering again. The Thunderbird crew says this is redundant when using their automatic Baeysian filters, however I achieve a higher accuracy in dealing with spam in my own filters than the automatic filters in Thunderbird achieve, and since I receive between 7,000 and 10,000 emails total per month I need all the accuracy I can get just to keep from being overwhelmed. My manual spam filters also mark the message as read and move it directly to my trash folder so I don't have to do a thing to it, as opposed to always having to scroll through the spam folder, then manually mark them all as read, select them all and move them all to the trash folder with my delete key. I'm typically seeing at least 150 messages in my spam filter overnight, and sometimes it's twice that these days. Every time I scroll through the messages in my spam folder I'm looking for false positives (messages that aren't spam) and for patterns that I can manually filter on. I generally add at least one new entry to my existing spam filters per day. On only rare occasions now I also add a filter rule to spam that has come into my inbox.
I discovered how well my manual filters work recently when I was waiting for an email. My Thunderbird automatically checks for and downloads messages every 10 minutes, but I was impatient. I kept clicking my Get Mail button every 30 seconds or so. The interesting thing is, every time I did that I would see Thunderbird say it was downloading 10 or more messages. When it was done, there were no new messages in my inbox or some other folder, nor were there any in my spam folder. They were all spam being filtered by my manual filters! I'd guess I see about one spam message in my inbox each day, so that's about 30 per month. That means my manual filters and the Thunderbird filters combined give me a spam filtering accuracy of better than 99%.

The single most effective filter I used to use was a NotMe filter, that is, if my email address isn't in the the To: or CC: fields then it's bulk email and junk it. I say 'used to use' because spammers seem to be more and more using addressing methods that include my address - including some I've received that have my email address not only in the To: but also in the From: fields. This filter is general enough instead of deleting the message I move it into my Junk folder. I still have to deal with it, but my expectation is that it's spam when I look in this folder so it doesn't bug me as much as spam in my inbox. This filter I have put at the end of everything else so it is the last rule invoked.
Build filters to specifically keep group mailing list messages I want to receive. While I was building these filters I built various folders for the mailing list messages to go into, so the filters move them to those folders automatically. This means when I receive new mail lots of times the messages get automatically moved to various folders from these filters, making it easy for me to prioritize my reading emails: worthwhile for busy people like me in any case. I also have various filters not for spam but for other messages I receive regularly such as ones coming from certain email addresses. These also get placed into various folders for organizing.
My spam filters go first in my list so they are acted upon first. Messages filtered here are automatically marked as read and moved to the trash folder.

I have a filter to delete incoming messages with a date older than 30 days. For whatever reason, some bulk email messages have very old dates on them. I have even seen one or two with the impossible date of 1969! Perhaps the people sending the bulk email didn't set up their software correctly. I could set this rule to be much more current, since after all email usually is delivered anywhere in the world in seconds or perhaps as much as an hour (with all the spam filtering and antivirus checking that mail servers do these days) and I get my email daily, but I felt someone whom I wanted to receive email from might have a slow system clock or a messed up computer configuration or something so decided this would be the safest way. I used to have to manually update the date this filter used every once in awhile, however starting around version 2.0 of Thunderbird there is a choice to set it for a certain age. I don't have to do anything with this one now. This one is at the top of my filter list. I'd like to see Thunderbird also have the ability to select on messages that come in with a similarly impossible future date on them. I have found these are also, on all the ones I've checked, 100% spam.
I found the best is to build filters mostly based on the subject. Build the subject filters specific enough to catch the spam but not delete messages you want to read. This is a compromise because spam subject lines are always changing. If your filter is too broad it could delete valid non-spam messages too.

Examples I have built filters for are: "Accept credit cards", "Attention all Gamblers", "Best Cigars Ever", "Credit When You Need It", "double your money in 30 days", "Earn Money", "fire your boss", "Get into that summer look", "high mortgage rate", "let us pay your bills", "Modeling Jobs for You", "pay less interest", "Quit your job", "Ready to Save Money?", "Start Earning Today", "This really worked for me", "viagra", "work at home" and "Y O U are a W I N N E R here !"

I also have some filters based on sender's address. Outlook Express has a convenient function called Block Sender, but unfortunately very few spammers use the same email address twice so this is of limited use. Spammers also frequently use non-spammer's email addresses (I've had mine used by spammers, as evidenced by all the error reports I received from their messages) so it's better not to block some possible valid future messages from the real people associated with that address.

Examples I filter on are: "Airline Tickets", "Be Dept Free", "Credit Repair", "Great Deals", "HeyThisIs4u@","Investor Insights", "makemoneyathome@", "news@newafrica" and "smartbuys@"

I had one filter for invalid addresses, such as ones with no @ in them: an obviously fraudulent address meant not to provide the ability to communicate back to the sender. If the From: address doesn't contain an @ it's deleted. Update to this filter: I discovered this filter also automatically deletes error reports from my mail server, which has a return address of "Mail Delivery Subsystem". I've updated the filter to delete if no @ AND it's not from my mail server. (It just serves to show how you must take care when deleting with filters and also to use them sparingly.)
Finally, I had a few carefully chosen filters when certain phrases are contained in the body of the message. These are the filters most likely to delete valid messages on you, so if you decide to have any be careful how you make them. (I have also found this filter to not work now anyway: with Thunderbird 1.5 they added the ability to move each message to a temporary file in order to allow antivirus programs to catch a virus in an individual message rather than quarantine thw e whoel inbox. For some reason this means filters on message body no longer work. Hopefully this will work again in some future version of Thunderbird, but I'm using version 2.0 right now and it' not working yet.)

Examples are: "COPY ANY DVD MOVIE" and "READ THIS E-MAIL TO THE END!"

The way I build my filters was to look at spam messages that get through to my inbox and decide what if anything I can filter on that would be unique to spam and not to regular emails I might receive. Then I copy/pasted that portion to my filters. Feel free to use the examples I've given above, just copy the portion within the quotation marks (but not the quotation marks themselves) and paste them into your own filters.

Unfortunately, I am always having to add more filters. It takes time away from other things I'd rather be doing. It's really a matter of choice, to spend your time to make your own filters rather than use Mozilla or spend your money paying someone else to write a program or do the filters for me. It's your choice how you deal with spam you receive. I don't have much hope things will get better in the future with spam. Spamming has a very low response rate, but it's so incredibly cheap to send out literally millions of emails they will keep doing it. Even a response rate of .1% on a million emails sent is still 1,000 responses, for example. There are efforts in the works to make it illegal to spam, and indeed there are some laws on the books in various places for just that. Unfortunately, it's costly to pursue spammers as they intentionally make it difficult to find them because of these laws and because they don't want to receive masses of emails from irate people. I expect there will be progress in tracking down and prosecuting spammers but they will never be eliminated.
An idea I had was that more incentive is needed for the law enforcement agencies to pursue this more vigorously. My idea was that if spammers were required to pay for the spam they send out, that would mean they'd have to be registered and thus easily found if they weren't playing by the rules. If they had to pay to send, those who didn't pay at all would be pursued for taxes not paid. I expect this would be an effective incentive: it's all about money, as they say. The spammers would pay for their own enforcement. The down side is, as has been the trend in taxing of other forms, it would spread. I don't think it would take long for taxing of other non-spamming to be created, such as regular emails ordinary people like you and I send, and that would mean I'd be paying money for spam control, this time without a choice.

Update, November, 2007

    The number of spam emails have continued to rise since I last updated this page. Pretty much everyone with an email address is now receiving far more spam than legitimate email, and the increase appears to have no end in sight. Most email servers filter spam before the user even downloads it, and even Outlook Express has built-in filtering. Some places in the world have anti-spam laws in place, and there has actually been some court action. Unfortunately, though, that seems to have at best only incrementally reduced the meteroic rise in the number of spam messages.
    I continue to be amazed by how many spam messages are so obviously misleading. Before I do business with a company, I check them out to convice myself they are legitmate. I would never do business with a company online or otherwise that doesn't at least appear to be completely honest and operating in good faith. I can't imagine anyone else being any different. I will also never deal with a company that mangles their subject line so badly I have a hard time deciphering what it means, or a company that sends out messages that are composed of a paragraph or two of random words strung together and a link at the bottom. I'll never do business with a company who uses my email address as their from address. I think I'm far from unique on these issues either. The question then is, how can the spammers ever hope to have anyone at all respond? Could it be that they are so focused on getting past the filters arrayed against them that they lose sight of the fact that no one will ever respond unless they appear legitimate? In spite of my inablilty to find the logic in spam there does appear to contintue to be people who respond, people who send in their money only to receive junk products at best, people who keep the spammers rolling in money and rolling out yet more spam.
    I still have my manual filters and update them on occasion to augment the Mozilla (now Thunderbird) Baeysian filtering. Baeysian filtering is supposed to give accuracy at least as good as 95% and I'm inclined to agree it's around there. That still means I have to manually scan through the messages Thunderbird has marked as possible spam in case something was put in there that isn't spam. My process for this is to scroll through, deal with any that aren't spam, then mark all read and delete them from the folder. That way each time I go to check what's in the folder I know it's all new. Tbird does have an option to automaically purge messages after a set period of time, and if your spam volume is low enough that may be fine. For me, though, I get probably 95% spam and 5% legit email: not small volumes so this works best for me right now. Here is an example of my email. The other day my Tbird stopped automatically retreiving emails for a period of perhaps 4 hours. (Tbird had an automatic update window pop up and it stopped everything until I came back to the computer and answered it.) Tbird then started downloading emails. 683 of them. The accumulated backlog of just 4 hours. When it was finished, I had 118 messages in my spam folder (all correctly spam), 8 messages in my inbox and 4 or 5 scattered through various other folders (I have a lot of filters besides my spam filters, that keep me organized by moving new emails from various people or about certain subjecta into various folders). The other 80% or so of the emails were all caught by my manual spam filter rules, marked as read and deleted. I didn't have to do a thing with them.
    Before this incident I didn't realize how well my manual filters still were working and wasn't doing a lot to keep them up. I've since watched a little more closely as I go through my spam folder. I usually look for patterns, something that is obviously never going to be in a legitimate email, and add probably one new manual filter rule per week. Yes, Tbird is already catching them, but fewer messages I have to scroll through each day in the spam folder is still time not spent manually dealing with this electronic plague called spam. Actually, even if I'm breaking even - even if the time spent updating my manual filters equals the time saved by having them - I still feel like I'm Doing Something.

If you would like more information on how to configure mail filters, here is a basic set of instructions I found on Verizon's web site:
http://www.gte.net/announcements/spam.asp