June 18, 2008

Spam

Posted by Scott at 10:34 PM

Email spam is laying so much waste to computers and the internet in general. Even if your provider is shielding it from you, trust me. They are spending a lot of resources receiving it, filtering it, and trying to make you think it isn't really a problem.

For the longest time my domain didn't have much of a problem with email. The server that hosted the website also handled the email and life was good. A few times per week I'd get a spam email, but since we were such a low profile website (by design), email spam wasn't a major issue. But in the past two years, things have done such a 180, it's hard to know where to rant first.

Slowly, the amount of spam began to build up. The Mac's Mail application does a great job of detecting it and moving it into a junk folder. Over time though, I started getting a lot of false email notification sounds. The program would see that there was a new message, download it, chime a little "ding", then detect it was spam, and put it in a separate "Junk" folder. I'd go to see what new mail I had and find nothing in my Inbox.

So I decided to shift things around and do what is known as server side spam filtering. This means that as the server for this domain receives the email, it does the first level of spam detection and moves the message into the Junk folder before it goes into the Inbox.

Before long the number of messages per day began to skyrocket. I currently get between 100 and 200 pieces of Junk email per day. I only recently told it not to bother with filing it into a Junk folder. I took the risky move of just having it deleted immediately.

The other issue with having your own domain is that some spammers use your domain as the "From:" line in their emails. When they hit an address that's no longer valid, you end up with the email bounce message. This can be several messages per minute. The first thing I had to do was disable the email "catchall" rule so that if the name@bilikfamily was not one of a few names, it would not be recognized as valid. The second thing I did was to setup an SPF record. An SPF record publicly establishes who may claim to be from your domain so that spoofing your email is more difficult. Between removing the "catchall" and establishing the SPF record, I've received very little spam bounce messages.

Lately though, I may have hit the last straw. Major ISP's are simply blocking email from my domain. Our system administrator goes daily to places like Comcast, Verizon, SBC and requests to be unblocked. All of the sites hosted on the server I'm on get a temporary reprieve and then days later, we're being blocked again. The big ISPs tend to filter spam aggressively and assume that if you're not from a major recognized email provider, you're likely incoming spam.

So I'm thinking it's time to put Michelle and I on a well recognized email provider that isn't so easily blocked — gmail.com, mac.com (soon to be me.com), who knows. I'll keep the incoming email to this domain forwarded for a few months during the transition. But don't be surprised if soon you stop seeing the familiar "From:" scott or michelle at bilikfamily dot com.

Comments

It's hard to beat gmail's spam filtering. When you combine their heuristics with hand-tuning by thousands (millions?) of users every day, you get an awesome anti-spam weapon. Sometimes I suspect that's why they set up gmail.

Posted by: Bill White at June 19, 2008 12:29 AM

Hi Bill,

SpamAssassin is doing a great job of server side spam filtering for me. I don't have any complaints about that. It's a great Open Source filter.

My main complaint now is that I can't send *to* mainline ISPs like comcast, verizon, and sbcglobal without them rejecting my legitimate email. If I was sending from gmail.com, they would likely say, "oh gmail.com, that's okay". Instead they say, "bilikfamily.com? what the heck is that?! We have a user who once claimed that they got spam from that server so we're blocking you" The ISPs all have online ways to request to be unblocked, but it takes a while and is only temporary before you get blocked again.

Posted by: Scott at June 19, 2008 06:23 AM