News

One man's spam fight

• By Mike Gunderloy
• June 4, 2004

A while back, Microsoft announced the Coordinated Spam Reduction Initiative, which aims to severely reduce spam over the next several years. So far, the CSRI has put out a bunch of ideas, but hasn't actually released any software. Fortunately, it's possible to put a severe dent in your spam without waiting.

I'm probably some kind of poster child for spam. I started posting my e-mail address on various Web sites five years back, and now Google says it's on 1300 pages on the Web. As a result, it's been harvested by pretty much every slimy character who's ever compiled a mailing list. My wife also has a pretty public Web presence. Between the two of us, our main e-mail server (which I run in-house) gets somewhere between one and two thousand spam messages each day.

Faced with this onslaught, I've had to keep some eye on the solutions that are practical to implement now. At the moment, I'm running a three-step anti-spam program, with the net result that no spam makes it to my inbox and nearly no legitimate mail gets blocked. Here's how I'm doing it.

The first layer is the newly-released Exchange Intelligent Message Filter. This is Microsoft's implementation of keyword and other weighted filtering techniques on the server side. It's free (though it won't do you much good without an Exchange license) and easy to install. This layer catches the most obvious spam and archives it for me (I believe in archiving rather than discarding; disk space is cheap, and I may some day need to ferret out a message that got filtered by mistake.

The IMF lets you set a threshold from 1 to 9 indicating how much to filter. But it doesn't do a good job of letting you see what's getting caught at each level. Fortunately, there's the IMF Manager, a quick utility that James Webster whipped up. It lets you look at blocked messages together with their "spam confidence level" rating. In my case, an SCL of 7 on the server catches all the obvious junk without blocking legitimate mail.

The second step that I take is the most controversial: I use a couple of the spam blacklists to junk stuff that comes from known-bad senders. This is a controversial move simply because people sometimes end up on those lists by mistake. After trying a bunch, I've settled on the SpamCop and Spamhaus lists. They each catch spammers the other miss, and they don't have a lot of false positives.

Inevitably, though, these two layers of server filtering still miss things. That's why I run SpamBayes on my copy of Outlook. There's good mathematical theory behind SpamBayes, but in a nutshell you train it by showing it what your legitimate e-mail looks like, and what your spam looks like. Then it monitors incoming messages and categorizes them accordingly. After six months of so of training, SpamBayes nearly always makes the same decisions I would; I have a handful of borderline messages to look at each day and that's it.

The best thing about this combination of layers is that they're all free. Exchange Server supports both the blacklists and the Intelligent Message Filter. SpamBayes is an open source project that anyone can download (or contribute to). If you're getting deluged by spam yourself, I recommend that you check out these resources yourself.