J. Silva said:
Hello, everybody, this is my first post here. I'm a newbie on these
issues. Can anybody, please, tell me what to do about SPAM ? I have
e-mail accounts at YAHOO, EXCITE and G-MAIL and sometimes i get too
much SPAM. What should i do ? Is there any anti-spam software
worthwhile ?
First, enable the spam filter at Yahoo. Presumably Gmail also includes
a spam filter option (I haven't bothered using Gmail since it is still
in beta). Don't know about Excite so it is not discussed in my reply.
That way, you use server-side filtering to eliminate the spam so you
don't waste the bandwidth, disk space, CPU cycles, and time to download
the crap only to delete it locally. It's better to delete it in your
mailbox on the mail server. Yahoo lets you delete spam immediately, or
to move it into the Bulk folder and keep it for 1, 2, or 4 weeks (I use
1 week to give me a chance to retrieve a false positive, especially when
I'm expecting a message, like a registration confirmation e-mail that
requires me to click on a link in the message to complete the
registration). I don't know what options Gmail or Excite have. I also
define some simplistic filter rules on Yahoo (so they are server-side
rules), like:
- Look for a passcode string in the Subject header. This skips all
other rules so senders that know the passcode can ensure their message
gets received. If it ever gets abused, tis easy 'nuff to change.
- Trash if no "@" in From header. Checks if there is an e-mail address
in the From header (along with ensuring it isn't blank).
- Trash if my e-mail address is in the From header. I don't send
e-mails to myself although spammers would like me to believe that I do
(I use my passcode to send myself test messages).
- Trash if my e-mail is not in either the To or Cc headers. Some bulk
mailers and newsletters won't include you in the To or Cc headers, and
some senders may put you in their Bcc field (which you don't get), so
you need to whitelist those senders.
Outlook 2003 has Bayesian filtering although Microsoft likes to belie
that fact by hiding it in a paragraph of description. I doubt it is
very configurable and it comes with a preset database of weighted words
that might not match your e-mail experience (so it needs training whose
duration depends on your traffic level). If you use Outlook, you can
use the SpamBayes plug-in (
http://spambayes.sourceforge.net/) but it
only works with Outlook (since OE doesn't support plug-ins). I believe
it can also be configured to run as a proxy so any POP3 client could use
it. Some folks use Mailwasher (but NEVER use its bounceback feature
since it won't fool spammers and generates superfluous traffic which is
itself considered spam), it uses DNSBLs (see below) but doesn't
contribute to those blocklists although it promotes a commercial version
of its product that uses those blocklists, and it is just a mail monitor
utility rather than a proxy or inline filter. I've tried Norton
SpamAlert (came with Norton Internet Security 2003) but it sucked for
spam detection, and I haven't seen great results from their later Norton
AntiSpam, either. I use SpamPal, a POP3-to-HTTP protocol converter
proxy, for spam filtering because it provides all of the following:
- Bayesian filter (and configurable by the user to fit their usage
and traffic level). Rather than rely just on its database and
occasional corrections from the user for false positives/negatives, it
can also learn from SpamPal (for the DNSBLs) and plug-ins when those
detect a message is spam.
- Uses DNSBLs (DNS blocklists) of known spam sources. I use lists
from SpamCop, SpamHaus, Composite Blocking List, ORDB, NJABL, and
blitzed.org. I won't use SPEWS because they are overly vigilante and I
got too many false positives (i.e., SPEWS is too aggressive and
unresponsive to correction), and I had to quit using SORBS when they
decided to incorporate SPEWS.
- Whitelists (manual list of e-mail addresses, and optional
automatic e-mail list of those to whom you correspond).
- Blacklists (by e-mail or IP address).
- Blacklists by country (USA, Japan, Brazil, Argentina, Hong Kong,
China, Korea, Russia, and more). If you don't correspond with senders
in those countries then e-mails from there are more likely to be spam.
- RegEx plug-in (for regular expressions to test on any header).
- HTML-Modify plug-in (removes HTML nasties, linked images which
could be web bugs, counts bogus HTML tags to weight a message as spammy,
disables scripts, change bad extensions for executable attachments to
..txt and also in hyperlinks, can trigger on multipart messages which can
be used to slice up an infected message to avoid AV detection, remove
hi- and low-priority flags, can remove delivery notification requests,
correct spam-like hyperlinks, etc.).
- URLbody plug-in (looks for URL in body for a known spam source
since eventually the spammer wants you to get to their site).
- MXBlocking plug-in (blocks mail sent directly from dialup/dynamic
addresses to receiving mail servers, a fairly common form of abuse by
spammers or trojanized PCs running mail daemons).
There are more plug-ins. SpamPal and all plug-ins are freeware (not
crippleware, demoware, bannerware, adware, shareware, or expireware).
Setup of SpamPal is not automatic: you configure your accounts in your
e-mail client to point at SpamPal. This isn't hard if you follow the
instructions plus the authors regularly visit their support forums. For
those that want the convenience of a setup wizard, the commercial
"SpamSpector" product provides one (the core of their product is
SpamPal) along with tech support. The latest version of SpamPal now
includes a setup wizard but it's so easy for me to setup that I haven't
used it yet (and the forums provide plenty of support for newbies so you
really don't need to pay for tech support).
I've been told that Gmail has POP3 access. For paid Yahoo, you get POP3
and SMTP server access. For freebie Yahoo accounts, you can use
YahooPOPs to give you POP3 and SMTP access (see
http://yahoopops.sourceforge.net/). You can then use SpamPal to detect
spam messages (
http://www.spampal.org/). SpamPal is a proxy so you need
to chain through it in your account definition in your e-mail client
(i.e., you point your e-mail account at SpamPal for incoming messages).
SpamPal connects to POP3 servers and why you need YahooPOPs if you want
to use SpamPal on your freebie Yahoo webmail accounts; else, skip
YahooPOPs for a paid Yahoo account. YahooPOPs is also a proxy so you
need to chain it in the incoming mail path. You would set them up as
follows (listening ports are in brackets):
Your ISP's POP3 e-mail:
POP3 client <-- [110] SpamPal <-- [110] ISP POP3 server
SMTP client --------------------> [25] ISP SMTP server
Your Gmail account:
POP3 client <-- [110] SpamPal <-- [110] Gmail POP3 server
SMTP client --------------------> [25] Gmail SMTP server
Your Yahoo account:
POP3 client <-- [110] SpamPal <-- [8110] YahooPOPs <-- [80,443] Yahoo
SMTP client --------------------> [8025] YahooPOPs --> [80,443] Yahoo
YahooPOPs can use the default plain-text for logins (which is the same
as your e-mail client), or it can use an MD5 hash to encrypt the login
credentials (username and password) or it can use HTTPS for a secure
login (Yahoo has both HTTP and HTTPS login pages). The MD5 or HTTPS
login is secure but the rest of the mail session is in plain text (just
like it is with your POP3/SMTP e-mail client; you need to use a digital
certificate if you want to encrypt your content, too). Since YahooPOPs
can use plain text or MD5 (HTTP on port 80) or HTTPS (port 443), both
ports are listed above when using YahooPOPs. You configure YahooPOPs to
login using: plain-text (HTTP, port 80), MD5 hashed (HTTP, port 80), or
SSL (HTTPS, port 443). Because SpamPal, by default, will listen on port
110 for POP3 connections and port 25 for SMTP connections, YahooPOPs has
to use different listening ports (I use 8110 for POP3 and 8025 for
SMTP).
If you use Yahoo for outbound e-mails (whether by using YahooPOPs SMTP
interface or by using Yahoo's webmail interface), they append their
promo spam signature to the end of your messages. This makes your
e-mails look amateurish. Hotmail does the same. I don't know if Gmail
also tacks on a spam signature. If they do and you want to eliminate
it, use your ISP's SMTP server instead, so you would have:
Your Gmail account:
POP3 client <-- SpamPal <-- Gmail POP3 server
SMTP client --------------> ISP SMTP server
Your Yahoo account:
POP3 client <-- SpamPal <-- YahooPOPs <-- Yahoo webmail
SMTP client ----------------------------> ISP SMTP server
I setup my Yahoo accounts using this latter scenario to eliminate the
spam signature when using freebie Yahoo accounts (the paid Yahoo
accounts don't add the spam signature, but then you wouldn't need to use
YahooPOPs for a paid Yahoo account since POP3 & SMTP access gets
included for the paid account). For those that think Yahoo (and
Hotmail) are anonymous e-mail services, they add the X-Originating-IP
header which shows your IP address. I don't hide when I send e-mails.
If you want anonymous e-mail services, look somewhere other than Yahoo,
Excite, Hotmail, and [probably] Gmail. They're providing a free e-mail
service, not an anonymous one. So I see no point in using their webmail
outbound message server when my ISP's SMTP server is faster, more
reliable, and adds no spam signature. If I was an unlucky dial-up user
whose cheapie provider didn't include e-mail service then I'd be stuck
with having to use freebie Yahoo's webmail outbound server and get stuck
with the promo spam signature at the end of my outbound messages, or I'd
get a paid Yahoo account.
Be aware that some anti-virus software also runs as a [transparent]
proxy so you might end up with conflicts with SpamPal, YahooPOPs, and
anti-virus proxies trying to use the same ports. Since anti-virus
software typically defaults to intercepting local traffic on ports 110
(POP3) and 25 (SMTP), and since YahooPOPs already had to be configured
to use some other ports to avoid conflicts with SpamPal, just change the
listening port for SpamPal (I use 7110 for POP3, and 7025 for SMTP
although it is disabled in SpamPal since I use my ISP's SMTP server).
The more proxies you insert into your mail path, the less stable is that
path. So if you use Yahoo as your primary e-mail account and want to
reduce proxies (to improve stability), pay for it and get their POP3 and
SMTP access, or use Gmail's POP3 and SMTP servers (if Gmail is a robust
enough service to stay up more than, say, flaky Hotmail). YahooPOPs can
sometimes go unresponsive which means you have to unload and reload it.
This happens to me about once every 8 to 10 days, but then my system use
isn't typical. Use the older version 0.5 of YahooPOPs as the latest 0.6
version has some bugs, especially regarding HTTPS connections (they
won't work, but plain-text and MD5 hash still work), and is
experimenting with running as a transparent proxy (to make it easier to
configure for users that don't know how to or want to bother with
chaining proxies).
