1. Have a disposable email address that you can use for websites and other registrations.

Setup a mailbox at GMail, Hotmail, Yahoo or any other free mail services. Use this on any web forms for things like software downloads or temporary registrations. The key is to only use it when you won’t care about email sent more than a couple days later. Check the mailbox occassionally but when spam becomes a problem just delete the account and create a new one.

If you ISP allows you to create email aliases you can create and alias to be used as the disposable address. Both .Mac and Yahoo mail allow alias creation which can serve as disposable addresses. You can create a rule to just put any email sent to that address into a folder of its own.

Here on the Spam Chronicles I display counts of spam ent to my Gmail account. This is the disposable account that I use. I found GMail good for the type of spam I’m receiving and very little gets through.

2. Don’t respond to spam

Don’t respond to spam. Not even to unsubscribe. That just tells them the email address is valid.

3. Obscure your address if you need to post it on a website or forum.

If you must post an email address on a website or forum make it so a human could understand it but not so a spam robot would find it. For example, myemail@spam[deletethis]chronicles.com.

If you register for a forum or website make sure they won’t display your email address. There may be an option to do so, make sure it’s off.

If you have your own website and want to post a contact email address you can create an image with the email address in it. For the Spam Chronicles, I use a WordPress plugin that obscures the address to robots. Even so, I follow rule #1 so if it does start getting spammed I can just replace it.

4. Use complex email addresses.

If you can pick your own email address put some complexity into it. People who use it all the time will pick it from an address book or other list so they won’t need to type it. It’s common practice to add and ‘dot’ between the first and last name so you probably want to avoid doing the same thing. But adding a dot or other non-alpha character someplace would help. Mixing in some numbers would help, although adding numbers at the end is a little too common. An example might be john-2smith@spamchronicles.com. This will help against spammers who just blast out a series of email names to the big ISPs.

5. Don’t forward chain email such as news stories, “calls to action”, funny jokes or urban legands. This spreads your email address, along with all the others in the chain, to people and places where you have no control. If you must forward it then cut and paste the joke into a new email, use your disposable email address to send it, and BCC (blind carbon-copy) all the recipients so that not addresses get forwarded.

6. Tell friends and family to follow rule #5 for your address. If you can’t rust them to comply, or just want to avoid the headache, then create another displosable address (like in tip #1) and use it for them and others like them. Keep track of the few you give it and change it when spam becomes a problem. Also tell them not to use your address at greeting card and other sites on the web.

7. Use an email client like Thunderbird that blocks images. Images can be used by spammers to see who gets their emails. Most web based email will also block images.

8. Don’t buy anything from spam and don’t click on any links in spam, not even to unsubscribe.Don’t open attachments. If you want to go to a link in any email either type the address into your browser manually. What you see in the email may not be where you go when it’s clicked. In some email clients you can hold the mouse over the url in the email and the real/target url will be displayed in the bottom status bar.

Bonus Tips

B1. If your ISP allows you to use aliases or add-on mailboxes then create at least one and use it. Never use the root email address provided by your ISP. Usually the initial addess provided by your ISP can’t be changed. If it starts getting spam there’s not much you can do. If you’ve used an alias or add on mailbox you can change the address, although it may still be a painful process.

B2. Simiar to B1, the address your ISP gave you by default may be easy to guess and you may not be able to change it. If this is s, create an add-on mailbox and us it.

When I had Comcast as my ISP they created a default, non-changeable address based on my name. I never used it, ever, anywhere. By the time I left Comcast it was getting over a thousand spam emails every month. Luckily I used one of the five available add-on mailboxes for my primary email and followed the rules listed above. It got spam, but not nearly the level of the default account.

B3. Use a secret email address that you only give to close friends or business partners who can also be trusted to practivce “safe email”. Use a mail service that either doesn’t have a spam filter or has one you can turn off.

B4. Consider using AOL My eAddress for email addresses for your family, freinds or club. You can pick your own domain so you won’t be on a popular domain where spammers blast out spam to millions of email address guesses. AOL says they’ll also make websites available at these domains sometime in the future. But if you want to remain spam free don’t but up a website at the domain. Spammers may catch the domain in a search engine and start blasting spam to addresses it’s trying to guess.

Do you have any tips of your own? Do you like or dislike these tips? Feel free to comment.

On Monday they announced a QuickLinks feature to allow anyone to participate in Project Honey Pot. Quicklinks are for people who don’t have administrator access to their webserver. You hide the link on a web page (such as in a one pixel image). Spam robots that are searching websites for email addresses follow the link and end up in the honeypot.

Tuesday brought an announcement that Project Honey Pot is now tracking comment spammers. No change to existing Honeypots are needed, they’ve modified things on their end.

On Wednesday they announced the availability of http:BL. This is a service that allows you to use the data collected by Project Honey Pot to keep malicious robots off your server. An API and a Apache 2 module are available.

On Thursday it was an announcement about a $1B lawsuit they filed against spammers. You can see a copy of the compaint here (pdf). This one got talked about in the press.

Friday brought the last annoucement of a free service to allow you to monitor your IP space. You configure the montor with the IP ranges you control and Project Honey Pot will tell you if any of them get hijacked by spammers.

I decided to download and try it out so I setup Outlook Express 6 on a Windows XP Home Edition PC (Actually a VM in Parallels but that shouldn’t matter).

The install language options are English, Russion, Dutch, Spanish and French. When the install started it noticed that Outlook Express 6 was open and told me to close it. The install was pretty straight foward. only needing to click through the screens. One interesting note in the license agreement was that the license was governed by the laws of Cyprus although Agnitum is a Russian company. I’m not sure what that means, if anything. Just found it interesting. Once the install itself finished the following screen appeared.

I provide my name, e-mail and leave the newsletters checked. (I’m curious to see how much e-mail they send.) This is where it got interesting, They were sending a license key via e-mail. A typical user would probably have only one PC and one e-mail client so I started Outlook Express and I got the following prompt:

In one window I have a screen telling me to paste in the license key. When I try to open my e-mail to get the key I get prompted again, Not a big deal, just annoying. Along with the license key are some e-mails asking for confirmation to the e-mail newsletters which is a good thing. Clicking a link is all that’s needed to confirm. I need to restart my mail client.

After restarting Outlook Express I get the following prompt:

Since this is an empty mailbox I don’t expect much from training but I tell it to do so immediately and get the following message:

I accept the defaults and click Next. I then asked to select only folder that contain ‘spam” so I pick the spamn folder (which is empty) followed by a prompt to pick folders that contain only “not spam” messages.

So now we’re ready to go.

The first change I notice are new folders under the inbox:

And a new toolbar with these buttons:

How It Works

Spam Terrier uses a Bayesian filter to identify spam. It needs to be trained to be optimized. The best way to do this is to mark both spam and non-spam messages. So when it’s first being used it’s best to start marking both spam and non-spam even though the impulse is to just mark spam. Spam Terrier does provide the ability to scan entier directories which is a nice touch which avoids a lot of button clicking if you have a lot of mail already available.

The filter assigns a number to non-neutral words in the e-mail By default if the total is above 85 the message is marked as spam. If the total is 75-84 then it’s marked probable spam. These values are configurable.

There’s also the ability to create a whiletilst of e-mail addresses, ip addresses, domain names or keywords for mail that should always be considered good. Likewise there’s the ability to create a blacklist for messages to always be treated as spam.

There’s also these options for dealing with the spam messages:

I find the default to mark “probable spam” as read as strange, especially when actual spam is marked as unread. I would think either mark both as read so they can be ignored or mark spam as read and “probable spam” as unread so it can be checked. I change the settings to mark “spam” as read, “probable spam” as unread, to change the subject and to delete spam messages after 30 days.

The Bottom Line

Spam Terrier has a nice feature set , especially when considering that it’s free. But what really matters is how well it works. In this case it’s a bad thing that I don’t get any spam. Time to collect some spam.

If you ever receive an e-mail from an unwanted sender arrive at your computer we will give you the entire months usage completely free of charge.

So it sounds like they put their money where their mouth is. If the service fails in the month then you don’t pay.

Seems to good to be true. Usually anything so tightly wound to catch all spam also gets a lot of false positives. I couldn’t find anything on their website to indicate what the 100% guarantee actually meant if spam got through. Refund? Free service? Over the weekend I sent off a query through the contact form on their wensite to ask what the guarantee meant. I’ll post an update when (or if) I get an answer.

Their service is priced ay $6/mth for pay as you go down to $64.95 for a two-year subscription. They’ll quote prices for more than one mailbox. There’s also a 30-day free trial.

Paying additional for anti-spam protection goes against the grain for me. For personal accounts I’d say look for an ISP that does a good job if possible. Or use two (or more mail accounts). One for friends and family, the other for everything else and use something with a pretty good spam filter (like GMail) for the everything else mailbox. But sometimes that’s not the best solution and if you e-mail address is business related you probably don’t want to change it. If that’s the case then something like ClearMyMail may be worth the cost.

Curiosity will probably have me try out the 30-day trial, but having just eliminated most of my spam by changing e-mail addresses it’s not something I’d be looking to subscribe to. Even if I hadn’t changed addresses I found that Yahoo, GMail and Pobox.com all did a good job of blocking the spam I was getting.