Spam update 1

Over the past several months, there has been a major increase in the volume of email spam. Apparently, the spammers are using larger and more sophisticated “botnets,” comprised of thousands of virus-compromised machines. They must also be coming up with better ways to avoid the Bayesian pattern-matching that most spam filters employ today, because I’ve found more and more spams getting through.

I’ve had the same primary email address (kevin@werbach.com) since 1995, with numerous aliases, and my address is widely distributed on the web. That’s a recipe for spam. My best guess is that I now receive 5,000-10,000 spams per day. That means roughly 99% of my incoming mail is junk. Without good spam filtering, email would simply be useless for me.

For several years, I’ve employed a multi-layered anti-spam strategy. I have filters on the web hosting server where my account is located, and more filters running on my own machine. Despite this, the recent uptick in spam volume was starting to overwhelm my defenses. So I looked around for better alternatives, that wouldn’t require too much of my time for configuration and installation. I’m unwilling to go to a challenge/response service, which blocks all mail unless authorized by me or the sender, because I’m worried about losing messages I might want to receive (from mailing lists, connected with my Supernova conference, etc.).

I’m now trying out a service called SpamSoap, a server-side spam filtering solution that intercepts mail as it comes into my ISP. It’s one of the few providers of this type that offer a consumer service — most others focus on businesses. With SpamSoap, I now have three layers of defense: before the mail hits my hosting server, at the hosting provider, and on my local machine. All three use a combination of techniques, including blacklists, greylisting, blackhole lists, content filters, and Bayesian classifiers.

So far, the results are good. Everything requires some tweaking, and the filtering will never be perfect. I’m pretty confident, though, that the false-positive rate is miniscule (especially for personal emails), and hardly any spams (no more than 1-2 per day) are able to run the gauntlet and make it to my inbox.

At $25/month, SpamSoap ain’t cheap. It’s odd to think that I’m paying more just to filter spam than I used to pay for my entire dial-up Internet account. On the other hand, email is now indispensable to my life, and to my business activities. $300/year doesn’t seem unreasonable to make it work.

I’ll see if the current good performance is transitory. I hope not!