Personal Anti-spam recommendation?

[Holz]

Can anyone recommend a good personal Anti-spam software? I have one stand
alone and one connected to Exchange, however I do not want an Exchange
based solution.

 

[Diane Poremsky {MVP}]

http://www.slipstick.com/rules/junkmail.asp has a list - spam bayes is the
favorite of many.

 

[VanguardLH]

Try sunbel-software's 30 day trial of iHateSpam. Purchasing it was an
effort to say the least. I am using it for XP and Outlook 2003 and am
VERY impressed so far!

-pw

iHateSpam: A community voting scheme to determine what is and is not
spam. Spam is identified too late by the community for those that often
poll their mailboxes.

I was going to say that iHateSpam is yet another attempt to use users to
vote on spam; i.e., use humans instead of blocklists, bayesian filters,
DCC (how many received the same mail), greylisting, and other methods.
I was also going to say that is very much like Cloudmark's SpamNet
(renamed to Desktop after they yanked away the free version from all
their users that helped them test and debug their app) but then I saw
the following article which says that iHateSpam is just a different
front-end to Cloudmark:

http://www.pcmag.com/article2/0,1895,2280345,00.asp

Community voting of spam sounds great as described but it doesn't work
if you grab your e-mails almost as soon as they show up in your mailbox.
The idea is that users vote on the spam (by marking it as spam) and a
hash value (fingerprint) gets sent to their server to get updates to
other users. If they receive the spam and if they have gotten a
database update then the spam gets identified. If you poll your mailbox
at long enough intervals and if enough other users have voted on the
message as spam and if you have gotten a database update then you won't
see the spam. A lot of if's.

The voting scheme is very similar to use DCC to determine if an e-mail
is spam or not. A hash of the message is sent to their server to record
how many recipients got that message. The idea is that you can set a
threshold, say 20 or 50, after which if more than that many recipients
got that e-mail. What it really does is provide a measure of whether or
not an e-mail is bulk e-mail without it identifying itself as such (by
using the "Precedence: Bulk" header). Cloudmark takes it a step further
by having users vote on whether or not a message is spam to record the
hash for that message so others that get that same message (and the same
hash) might know it was voted as spam. Why do you think those spammers
adds paragraphs of nonense to their spam? Because changing just one
word will generate a different hash. Some of their spam source will
spew the same message and you might block that one that has already been
voted on sufficiently to identify it as spam, but the same spam from a
different spam source has a few words changed to change the hash value.
It's like when the captain on the Enterprise says to rotate frequencies
of their shields to thwart the Borg: the spammer just rotates
frequencies by generating a different hash for their same turds that
they're firing at you.

If you poll your mailbox at, say, 5- or 10-minute intervals, no one else
(or few others) have yet voted on the spam that just got started in
spewing out from the spam sources. There are no votes, or not enough of
them, to identify the message as spam. You haven't yet gotten an update
from their server so the message won't be identified as spam.

I participated in the SpamNet testing. When spam was fresh, oh joy, I
got to vote on it so *others* could take advantage of my voting to not
see that spam. I still saw it, though. So if you poll your mailbox
every hour, or longer, then you get to ride on the coattails of the
other users that voted the message was spam. But obviously those folks
that voted had to actually see the spam so the scheme obviously didn't
help them to get rid of the spam in their mailbox. Because I was
polling my accounts at under 15-minute intervals, almost all the spam
got through because no one had voted on it yet except me and maybe a few
others that just got the freshly spewed turd dumped in the mailbox.

Another big problem with community-driven "intelligence" in identifying
spam is that a large majority of users will claim something is spam when
it does meet the qualifications of UCE or UBE. They say something is
spam simply because it is e-mail that they don't want.

So if you use Cloudmark (via iHateSpam) then don't poll your mailbox
very often. Otherwise, you will see the spam and get the joy of voting
on it so *others* won't see it.

 

[Holz]

http://www.slipstick.com/rules/junkmail.asp has a list - spam bayes is
the favorite of many.

Thanks, great link.

 

[VanguardLH]

By polling, you have Outlook check and receive e-mail?

Yep, every 10 minutes. Actually I have a monitor program checking my
e-mail accounts and run Outlook only when I want to receive those
e-mails. The monitor program would grab the spam from my mailbox every
10 minutes and the fresh spam shows up (which means it didn't get
identified as spam yet) even if enough people later vote on that message
being spam (because the copy of the message as retrieved originally
wasn't yet marked as spam).

If you read the v5 manual on "Statistics and your rating", you'll see
Sunbelt allude to the "community" and your rating (which relies on you
hitting the IsSpam button when you *do* see fresh spam to help other
users but not you, and that sends info to Sunbelt/Cloudmark to update
their database).

Apparently Sunbelt decided to not bother with upgrading and improving
the code branch for which they were allowed to keep (with Microsoft
getting a code branch to use in Windows Defender), they decided to
abandon that code branch and go with being a front-end to Cloudmark's
service. See http://www.sunbelt-software.com/Press/releases/?id=103.

Interesting. I have to admit that I did not even know that iHateSpam
had this feature.

It looks like version 5 decided to go the community voting route (and
uses Cloudmark for the stats). So don't poll your mailbox very often,
like an hour or more apart, to ensure someone else had done the spam
identification so you don't have to do it.

I just bought it for it's filtering feature in Outlook - and it works
great.

But other users have done the filtering for you by voting on the spam
to identify it. So if you polled more often or were yourself the
target of fresh spam (i.e., their zombies targeted you first rather
than someone else) then you get the joy of seeing the spam to then vote
on it so someone else can ride on your efforts.

I am almost at the point where I don't even feel as though I have to
check it's spam folder any more. I have only seen one legitimate
e-mail in there.

You have legitimate e-mails getting moved into the spam folder? Those
would be false positives and something that anti-spam programs should
avoid. Losing one good e-mail is worse than getting one spam that
leaks past your filters.

 

[VanguardLH]

What program are you using to do this? Is it something a normal Joe
like me could benefit from?

I use an e-mail monitor because I've found that Outlook (well, up to
version 2002 since I haven't bothered doling more money to Microsoft
for unneeded "features" and problems in 2003 and 2007) would not
operate stabily if left continuous loaded (and then minimized to a tray
icon). Eventually it would start complaining that it couldn't connect
to a mail host and wouldn't do e-mail thereafter for that account until
I restarted Outlook. That's even with a fresh install of Outlook
(i.e., no add-ons). Outlook works great when left continuously loaded
for connecting to Exchange but not for SMTP. So I got an e-mail
monitor to help me out. Either Magic Mail Monitor or PopTray are my
choice because they let you define rules. So I can have the e-mail
monitor identify e-mails tagged as spam my SpamPal or even have them
deleted from the server so they never show up in my e-mail client
(Outlook). For some spam types, I have the e-mail monitor delete them
from the server. For others, I have them highlighted as a spam because
they are suspect, not definitely spam.

PopTray lets you define more complicated filters (rules) than in Magic
Mail Monitor. However, Magic lets me enable an option on a rule to
record when it deleted a message from the server. That way, if what
looked like spam got deleted from the server (which means I never get a
copy of it), there is somewhere that the message got logged (it only
identifies Subject and sender) so I could check occasionally if a good
e-mail got deleted and then tell the sender to resend their message
(and add a passcode to the Subject header that lets their message
bypass all my filters, or add them to my whitelist if I really want
them always whitelisted).

Both Magic and PopTray are POP3-only e-mail monitors. All my accounts
are POP3 (I gave up on the crappy Hotmail service) so they're all I
need. You can use YahooPOPs to get to freebie Yahoo Mail account or
FreePOPs to get at normally webmail-only accessible freebie accounts.
The latest version of Magic includes SSL support so I can use it with a
Gmail account. PopTray doesn't include SSL support and I couldn't get
their "Examples" plug-in to work to add SSL (so if I used PopTray with
Gmail which demands SSL connects then I would have to add the sTunnel
proxy to convert from POP3 to SSL POP3).

mmm3.sourceforge.net
www.poptray.org

Of course, if you find Outlook is stable enough for you to leave it
running all the time then you should probably go that route.

Just happened to me. Three made it into my Inbox. So, I will
postpone checking e-mail for every 1/2 hour or so (is that enough
time?).

Adding a longer poll interval is just increasing your chance that
someone else already received the spam and identified it (and that you
got an update from Cloudmark to get the hash code for that spam -
unless they've changed it now that you need to connect to Cloudmark to
poll their database for the hash code every time you receive a new
e-mail). You could wait 15, 30, 60, or 9000 minutes between mail polls
trying to increase your chance that someone did the work for you but
fresh spam spews out all the time so a spam source might've just
started spewing right before you did your mail poll and before anyone
else saw it (or not enough others have seen it yet to vote on it to get
beyond their ranking's threshold to mark the item as spam).

Just one so far.

If it is from someone you know, you should have them in your contacts
folder and use a rule to whitelist anyone in your contacts folder, or
create a whitelist rule that includes the good senders (but that can
become tedious to maintain).

I check that folder, so no biggie.

Make sure you turn the Preview pane off in whatever folder it is that
you are moving those suspect e-mails. That is not for security but
simply to eliminate seeing any of the spam's contents since that is the
point of the spam. You could, however, enable AutoPreview mode for
that folder which will show the first few lines of each message (3 or 4
lines, I believe) but which are only in plain text. If the Preview
pane is enabled, you'll end up rendering a spam when you select it to
delete it. Although Outlook should be configured to use the Restricted
Sites security zone for HTML-formatted e-mails (and with 2003+ versions
now having the option to block externally linked images, like web
beacons), there have been security breaches in the past. The last one
that I remember had to do with images. Outlook wasn't at fault but it
provided a vector to the image rendering libraries in the OS where the
fault lied. So it is possible that another breach could be found for
the Preview mode (whether in Outlook or to the OS). Since these are
suspect messages, and since you normally don't want to see their
content, turn off the Preview pane for that folder, and the Junk
folder, and the Deleted Items folder. Whether you then enable
AutoPreview is your choice but it is safe as only plain text is shown
and only a couple lines from each message.