"Lanwench [MVP - Exchange]"
The easiest way, in my book, is to get third party antispam software
such as that found at
www.cloudmark.com or
www.giantcompany.com
The builtin junkmail features have never worked all that well for me,
but your mileage may vary.
Cloudmark's SpamNet used to be free but that's when it was a beta
version. Now that it is released and gone commercial, you get 30 days
to trial it and then you have to pay for it. The GiantCompany product
is also a trial that after 15 days you have to pay for.
I use SpamPal. It's free. Instead of relying on bad word or bad
phrase lists or spammer tricks used in headers or e-mail addresses,
it relies on *where* the e-mail originated. Lots of spam comes from
known sources. SpamPal uses the lists of these known sources and
will mark e-mails from them as suspect; SpamPal marks the suspect
e-mail and you use a rule in Outlook to move it, permanently delete
it, color it, or whatever is your fancy. You can get plug-ins (also
free) to add Bayesian filtering which uses statistics to weight the
words within an e-mail to determine if it is spam instead of just
noticing that one or more of them are there. A RegEx plug-in lets
you define criteria to search for that goes beyond what the rules in
Outlook allow. An HTML-Modify plug-in will remove all the HTML
nasties that spammers try to use, like web bugs to force you to
download graphics in the HTML-formatted e-mail which then gets your
IP address because TCP/IP requires it so the spammer's server knows
where to send their images, or like getting rid of scripts within
HTML-formatted e-mails, and more. For free, you can get SpamPal and
lots of plug-ins that give you a very potent weapon against spam.
There are other products, like MailWasher, that let you preview your
e-mails before downloading them, and also assists in marking the
suspect e-mails that might be spam. Just do NOT use its Bounce
feature (that only identifies your e-mail account is valid and
monitored to a spammer). You can then delete them while they are
still on your ISP's mail server without having to waste the time and
bandwidth to download them and then delete them. I suppose the
feature to mark suspect e-mails as spam would help some users, but I
can usually discern 90%+ of the spam just by their Subject line. So
I just use POP Peeper (which also works with some webmail providers)
to alert me to pending new e-mails and let me delete them without
downloading them. I can even download them into POP Peeper to read
the message without it ever getting into my e-mail client.
You might want to check with your ISP and look into your e-mail
account settings (if they provide a webmail interface) to see if they
have anti-spam filtering available. If so, enable that option so you
don't even have to waste time analyzing those detected spam e-mails
since the ISP will have already detected them.
You can even go more extreme and buy challenge-response products, like
Choicemail, Vanquish, and CruelMail, that require the sender to
respond to a challenge sent to an e-mail they sent you. Spammers
won't respond likely because they never receive the challenge e-mail.
The problem with the challenge-response scheme is that is will
generate a spam whiplash against innocents that were never involved
in the spam. Spammers do not use their real e-mail address. They use
bogus e-mail addresses, or they may use someone else's valid e-mail
address. All the challenges sent in response to the spammer's e-mail
get sent to this valid-but-not-spammer's e-mail address and some
innocent gets deluged with thousands of challenge e-mails for an
e-mail they never sent. In fact, the spammer could retaliate against
these challenge-response schemes by setting up listservers, and when
the challenge came back to that e-mail address to the listserver then
the listserver would spew out a copy of the challenge to a whole
bunch of valid e-mails for innocents. I've contacted Choicemail,
Vanquish, and CruelMail and all have recognized their products are a
stop-gap solution and could be easily abused. To me, these are
solutions still in the the early portion of the development curve.
You can still define some general rules to help catch any spam that
the filters or software might miss, such as:
- Apply this rule after the message arrives
sender is in <contacts> Address Book
stop processing more rules
= If they are known to you (i.e., in your Contacts) then you probably
want their e-mails.
- Apply this rule after the message arrives
move it to <junk/spam> folder
except if my name is in the To or Cc box
= If it wasn't addressed to me then I probably don't want it. This
will miss e-mails in which you are specified in the BCC field, which
are often for newsletters (so I just define a rule farther up in the
list that catches the newsletters and keeps them; i.e., I have
"whitelist" rules near the top of the rules list).
- Apply this rule after the message arrives
with <email1> or <email2> or ... in the sender's address
move to <junk/spam> folder
= Spammers often are required to put something in the From header to
ensure their spam gets through to you, so they may put your e-mail
address in the From field (i.e., they want to pretend that you sent
yourself the e-mail). I don't talk to myself via e-mail.
- Apply this rule after the message arrives
move it to <junk/spam> folder
except if the message header contains "Message-ID:" or
"Message-Id:" = Spammers like to hide. Spam-friendly ISPs will let
their spammer buddies hide. That means they will not or would like
not to identify themselves. This means that the Message-ID field is
missing in their spam e-mails. Legit non-spamming users almost
always have a Message-ID header although it is optional. Newsletters
or broadcast messages often do not but then I catch the ones that I
want in my whitelist rules executed earlier.
Other users probably have their favorite rules on how to catch spam.
Between SpamPal, its Bayesian, RegEx, and HTML-Modify plugins - all
free - and a few rules in Outlook, along with enabling the e-mail
screener in my ISP e-mail account, I end up with very few spams
getting through. The effort to squeeze out that last few rare spam
that get through far outweighs the effort to just hit the delete key
and move on with your life.