Low End Mac Reviews

Sp@mX: Fighting Back Against the Spammers

Dan Knight - 2005.02.15

Spam has reached epidemic proportions, and it's time we did something more than just delete it.

Spamhaus estimates that 76% of all email is unsolicited bulk email (UBE or spam), and many ISPs offer some level of spam filtering before inbound messages reach your mailbox.

That helps, but it's far from enough. I have about a dozen email accounts - some with commercial ISPs, some free webmail accounts, and some on servers run by our site hosts. Several of these email addresses have never been posted anywhere on the Net, yet all of them receive spam.

I've used different approaches to deal with spam over the years. For quite a while, I used POPmonitor 2 to log into a dozen different email accounts, sort the stored messages several different ways (by spam flag, by date, by size, by sender, and by subject), deleting hundreds of emails from some mailboxes every day.

After that, I'd download my email and have Claris Emailer, PowerMail, and Apple's Mail filter the incoming messages. With the first two programs, I cobbled together my own spam filters. With Mail, I used Apple's junk mail filter, which took a while to train.

None of these approaches was more than about 98% effective in flagging spam.

SpamSieve

Some time ago I downloaded SpamSieve, installed it, configured it with Emailer and Mail, and turned off Apple's junk mail filter. Within a week it was filtering spam more effectively than Apple's filter had after months of use. Registering this $25 shareware app was a no-brainer.

I'm still using SpamSieve, and it's accurately identifying well over 99% of incoming spam - and it hardly ever identifies legitimate email as spam. That said, there are usually several new spams to teach it about each week. I'm using SpamSieve with Mail and GyazMail, a very nice $18 shareware alternative to Apple's Mail app that has replaced Emailer and PowerMail for me.

GyazMail is faster than Apple's Mail, and the interface is a bit more like Claris Emailer. Best of all, GyazMail is written to interface with SpamSieve. And it's really nice to be using only two email programs - both of them OS X native.

I still take a quick look through my mailboxes for missed spam and misidentified legitimate email, usually find a couple a day, and keep training SpamSieve.

Fighting Back

If I don't check my email over the weekend - and that used to be pretty common - one of my mailboxes could have 1,500 messages in it come Monday, and well over 1,200 of them would be spam. Between all of my accounts, I probably got 400 spams a day, and I was tired of it.

I'm not alone. Macs Only! looked for a solution, found Sp@mX, and has been sharing weekly reports. They were receiving over 4,000 spams a week before installing Sp@mX, and after four weeks of use they reduced incoming spam by over two-thirds.

Sp@mX is a different way of dealing with spam. While some ISPs filter out some (perhaps in some cases most) of it and most email programs can filter and label much of it, they do nothing to reduce the amount of spam on the Internet. Sp@mX does.

Sp@mX is a tool for reporting spam to the ISPs that allow it on the Internet in the first place. It will "parse the messages, and using the SMTP header information from each message, it will accurately trace the Internet Service Provider (ISP) of the spammer.

"It will then automatically compose and send an email abuse complaint to the ISP reporting the spammer's improper use of their service that contains a message defined by you, plus all of the technical information that the ISP needs to take action against the spammer!"

Here's a spam report sent out by Sp@mX (my listmom address is published and already gets lots of spam, so posting it here won't cause any further damage):

I believe this email either originated from your domain, your domain was involved in it's delivery, or you are the victim of a spammer abusing your domain. All of the information is included for you to take action.
 
Here is the SMTP information.
IP Address(es) traced through 221.231.56.211 -
Spamvertized Domain(s) ONLINEGENERICSHOP.COM -
Domain(s) traced through JSINFO.NET - NS.CHINANET.CN.NET -
Abuse address(es) traced to POSTMASTER@ONLINEGENERICSHOP.COM - ABUSE@JSINFO.NET - ABUSE@PUB.NT.JSINFO.NET - CTSUMMARY@SPECIAL.ABUSE.NET - POSTMASTER@CHINANET.CN.NET - ANTI-SPAM@CHINANET.CN.NET -
*** Email Contents *****
From marissa_jpeck83@jalasjarvi.fi Sat Jan 15 03:08:20 +0400 2005
X-Original-To: listmom@lemlists.com
Delivered-To: listmom@lemlists.com
Return-Path: marissa_jpeck83@jalasjarvi.fi
Received: from localhost (localhost [127.0.0.1])
by archipelago.cwis.biz (Postfix) with ESMTP id 9186ADB714;
Fri, 14 Jan 2005 17:06:08 -0600 (CST)
Received: from archipelago.cwis.biz ([127.0.0.1])
by localhost (archipelago.cwis.biz [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 83020-10; Fri, 14 Jan 2005 17:06:07 -0600 (CST)
Received: from traknet.co.uk (unknown [221.231.56.211])
by archipelago.cwis.biz (Postfix) with SMTP id D5A4BDB701
for <listmom@lemlists.com>; Fri, 14 Jan 2005 17:06:00 -0600 (CST)
Received: from 31.136.61.230 by smtp.jalasjarvi.fi;
Fri, 14 Jan 2005 23:08:42 +0000
Message-ID: <73b101c4fa8d$208d0b34$0b5d9cc4@traknet.co.uk>
From: "Marissa J. Peck" <marissa_jpeck83@jalasjarvi.fi>
To: listmom@lemlists.com
Subject: Tadalafil Soft Tabs - Great results!
Date: Sat, 15 Jan 2005 03:08:20 +0400
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: by amavisd-new at cwis.biz
X-UIDL: d0db15ad91deff44e0b9e00aa2596d50
Status: O
 
[body of email]
 
*** End ***********319

If you decide to use Sp@mX, be prepared to deal with a lot of additional email - bounce reports due to nonexistent or full mailboxes and abuse reports from the email providers you're reporting the spam to.

Out of the reports Sp@mX generated, I probably received automated replies from email providers half the time - and some of them do report closing down the account of the spammers.

I didn't keep close tabs on stats during the first week I was using Sp@mX while I was discovering the ins and outs of the program, but statistics from weeks two through five show that it helps.

How You Work with Sp@mX

To use Sp@mX, you first have to identify your spam. If you only receive a little, you can do that manually - but then you're probably not a candidate for Sp@mX. If you receive a lot, a tool like SpamSieve or Apple's junk mail filter does a pretty good job identifying spam. Just be sure to peruse the marked spam and delete any false positives (legitimate email identified as spam) before exporting your junk email to Sp@mX.

In Mail, put all your spam into one folder, select it all, and choose Save As... under the File menu. Save all of your messages as Raw Message Source in whatever folder you've configured Sp@mX to look into.

In GyazMail, put all your spam into one folder, select it all, and choose Export > Unix mbox under the file menu. Again, save this file to the folder Sp@mX uses.

Be sure you set your preferences to "Apple Mail (Mac)" before running Sp@mX with Mail or GyazMail files, which will extract all of the individual messages from your big file.

With one of my webmail accounts, my strategy is to open up each message in Firefox, view the source, and save the text file into the spam folder. Then delete it and move on to the next one - sometimes well over 100 in a day.

For email saved this way, be sure to set your preferences to "Process Email as Plain Text" before running Sp@mX.

When you run Sp@mX, it analyzes the entire email, paying particular attention to the header so it can identify both the point of origin and any mail server the message went through before reaching me. It then generates and sends out a message like the one above to each link in the email chain.

I haven't reduced my level of spam to virtually nothing because a lot of people along the email chain aren't doing their part to suspend spamming accounts or prevent relaying of spam email messages. Still, I've reduced my level of spam by over 30% in five weeks, which is a big step in the right direction.

Getting Better All the Time

Jeff Hendrickson keeps improving Sp@mX, and for a while there were improved versions available every few days. This first version I downloaded choked on some emails, but the next version fixed that problem. A later version added an online "white list" of domains that spam reports should not be sent to, and Sp@mX checks that list every time it's launched. The newest version (3.3.0) included reporting findings to a server as Hendrickson Software.

Users have made suggestions to improve the program, and many of them have already been implemented. The author is always looking for ways to make Sp@mX better.

If you're tired of spam and want to fight back, give Sp@mX a try. If it doesn't reduce your spam within a month, Hendrickson Software will refund your money.

I consider it $20 well spent and plan to continue using it to further reduce the amount of spam I receive. LEM

Manufacturers and distributors: Interested in having your product reviewed? Please read our review policy.

Join us on Facebook, follow us on Twitter or Google+, or subscribe to our RSS news feed

Today's Links

Recent Content

About LEM Support Usage Privacy Contact

Custom Search

Follow Low End Mac on Twitter
Join Low End Mac on Facebook

Favorite Sites

MacSurfer
Cult of Mac
Shrine of Apple
MacInTouch
MyAppleMenu
InfoMac
The Mac Observer
Accelerate Your Mac
RetroMacCast
The Vintage Mac Museum
Deal Brothers
DealMac
Mac2Sell
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End Mac FAQ

Affiliates

Amazon.com
The iTunes Store
PC Connection Express
Macgo Blu-ray Player
Parallels Desktop for Mac
eBay

Low End Mac's Amazon.com store

Advertise

Open Link