Spam Filtering Guide

or How To Make Your Own Spam Filter

Spam: ISPs unite to fend off spam tool, Wired News, 3/11

I hate spam, also known as junk email or unsolicited commercial email (UCE). In the past years, unsolicited email has reached epic proportions. The State of Washington has passed a strong anti-spam law; the federal government is still trying to choose a course.

Until someone steps in to make spam illegal, there's not much you can do to avoid it. If you post to a usenet newsgroup or have your email address anywhere on the web, someone will find and use it. Some internet service providers (ISP) offer to filter spam, but no system is perfect. Some email servers do a great job of eliminating spam, while others let everything through.

Some of the better email programs (including Claris Emailer and Eudora 3.0) can filter your email before you read it, whether your ISP filters for spam or not. I won't go into the specifics of how each program handles filtering, just provide some general guidelines.

First, no filter is perfect. Some spam will slip through. Worse, some genuine email may get filtered. For this reason, I suggest you send filtered out messages to a separate folder instead of having it deleted immediately. So before you make the filter, create a destination for the spam.

Second, the most common pattern I've seen for junk email domains ends with #.com or #.net, where # represents a digit 0-9. Next most common, those ending with 4u.com and 4u.net. So you create a filter where the first 22 entries filter out addresses ending with 0.com, 1.com, 2.com - all the way to 9.net, 4u.com, 4u.net. (Use "ends with" instead of "contains." This should speed up the search process since your emailer won't need to read the entire address.) I've only seen one spammer use #.org, but you might want to add that to play it safe.

Save your filter. (Claris Emailer will ask if the last command should or should not be applied to messages failing the last test. Select "don't apply actions.")

This could eliminate half the junk email you receive. From here on, add domains to your filter as you receive junk mail. And be sure to add any otherwise filtered domains that you want to receive email from (e.g., 14850.com) by using the "don't apply actions" option. Another useful trick is to filter by looking for key words and phrases in the body of the message, such as "email marketing works."

More Suggestions - from NetBITS

1 Just got NetBITS #004/16-Oct-97. It shares another suggestion: filtering any email where your name doesn't appear in the To: or cc: line. I just set one up in Claris Emailer that filters any email where the recipient address doesn't contain "dknigh" - since most of my email accounts begin that way.

The only danger of this is that messages bcc'd (blind carbon copied) to you may also end up in the spam box. If you receive these, it might be wisest not to set up this part of the spam filter. This can be particularly true if you are on email lists.

2 Jason Whong notes that one program that many spammers use has a bug that you can exploit in a filter - the forged headers use the time stamp of "-0600 (EST)". Eastern Standard Time is usually marked "-0500 (EST)" and Eastern Daylight Time is "-0400 (EDT)". Thus, filtering messages with the bad time stamp will catch either spam from this particular program or mail from incorrectly configured mail servers. NetBITS did a search on an archive of stored email and found that this filter worked well - it turned up only spam.

Fighting Bull's Eye Marketing

The worst offender for the past months has been WorldTouch Network, which sends out the "email marketing works" messages. I've had single days with over a dozen copies reaching me via my 5 email accounts. Because these always come in with fraudulent return addresses and typically (these days) with misleading subjects, you must filter based on the body of the message. In this case, any email containing the text "EMAIL MARKETING WORKS" goes into the spam folder. While this zaps every message from, it also puts email about the spam (e.g., from the spamspam email list) into the spam folder.

But I can live with that.

Warning

A lot of these messages say you can be removed from their lists. Don't you believe it. As often as not, your request will bounce. If they do get it, whose to say they won't keep you on the list now that they know this is a valid email address? Finally, odds are pretty good they bought the list from someone else, so having your address removed from their copy won't be a big help.

A better option is to fight upstream by notifying every email carrier between your server and the sender that they are transporting unwanted bulk email. If you use Claris Emailer, the "No more spam" AppleScript (available on the Fog City site) can quickly generate this email and move the original into your deleted mail folder.

Fighting at the Mail Server Level

The best ways to stop spam are to:

Use an ISP that carefully filters spam, but doesn't block legitimate email. (As an email administrator, I know this is a hard line to walk. The best will filter as soon as they discover spam or learn of a confirmed spammer; the worst will filter by theory, sometimes blocking legitimate email.)
If you live in Washington State, save your spam and consider bringing legal action against the spammer. The TidBITS gang has effectively shut down one bulk emailer this way. There's a link to the law below.
If you manage an email list with subscribers in the state of Washington, you can let anyone who spams the list know that by doing so they are violating state law. (It's a good idea to collect a few names of subscribers in the state to prove your point.)
If you don't live in Washington State, there is pending federal legislation to require a legitimate return address and and opt-out option. This would give you certain legal rights after the first spam.
You may also be able to use anti-junk fax laws against spammers, although I don't know if this has been tested in court.
Finally, you should let everyone that relayed the email between you and the original sender know that their mail server is being used to distribute junk email. Realize that most of them are victims, too. A script for Claris Emailer 2 (link below) extracts the address of each server and sends out the following inoffensive message, "I received this unsolicited message apparently by way of your system. Please take the appropriate actions to prevent this in the future. Thank you."

Don't take spam passively. Fight back so we can put an end to this insanity.

Other Anti-Spam Resources

Spam: Spam virgin, Lydia Lee, Salon, 4/18. Posting a new email address on a web page can result in spam within days.
Colorado vs. spammers, Dan Knight, Mac Musings, 2/21. "Any individual in Colorado may sue the sender for $10 per incident...."
Direct mail double-cross?, Salon, 11/12. Pro- and anti-spam can't agree. (And I will never trust my email address to any opt-out list.)
Hotmail fights spam (and so do I), Dan Knight, Mac Musings, 11/11/1999. "Although c|net finds it controversial, I'd like to welcome Microsoft's Hotmail service to the ranks of those using MAPS RBL."
MAPS Realtime Blackhole List
Panix.com
Addresses blocked by Erol's
State of Washington anti-spam law
California anti-spam law
No more spam script by David Cortright for Claris Emailer 2.
(You'll need to scroll quite a ways down for it. This filter automatically moves messages to the Deleted Mail folder. If you also plan legal action, you will want to archive spam, not delete it.)

About LEM Support Usage Privacy Contact

Entire Low End Mac site copyright ©1997-2016 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to the webmaster.
LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
Access our RSS news feed at http://lowendmac.com/feed.xml.
Email may be published at our discretion; email addresses will not be published without permission. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Computer. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, and PowerBook are registered trademarks of Apple Computer, Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged. Portions of this page ©1997 by TidBITS Electronic Publishing. All rights reserved.

Mac of the Day: Performa 630, introduced 1994.07.01. The first desktop Mac with an IDE hard drive could accept a TV or radio tuner.

List of the Day: PowerList for those using Power Computing Mac clones.

Channels
Power Macs
iMac Channel
iBook/PowerBook
MacInSchool
Computer Profiles
iMac
Power Mac
PowerBook/iBook
Performas
Mac Clones
Older Macs
Lisa • NeXT
Editorial Archive
Mac Daniel's Advice
Email Lists
LEMchat (uses AIM)
Online Tech Journal
Consumer
advice, reviews
guides, deals
Software
Apple History
Best of the Web
Best of the Mac Web surveys
Miscellaneous Links
Used Mac Dealers
Video Cards
Mac OS X
Mac Linux
Macspeak
RAM Upgrades
About Low End Mac
Site Contacts

Open Link

Support LEM

Affiliates

The Apple Store
The iTunes Store
MacMall
iResQ
ExperCom
eBay
Amazon.com
PayPal
PCMall
PC Zone
Crucial Memory

Our advertising is handled by BackBeat Media. For detailed price quotes and advertising information, please contactat BackBeat Media (646-546-5194). This number is for advertising only.