Protecting Yourself from Spam
Part 2: Filtering It Out

Last time, we covered how to keep your email address private. Too bad it was probably already public, because you inadvertently revealed it before you knew any better. That means some shmuck probably will send you some spam. How can you avoid having to slog through it? Filter it away, either permanently, or at least into a lower-priority "folder" that you can deal with when you darn well feel like it. (More on "dealing with it" in the next article, Striking Back.)

• Netscape Communicator/Messenger allows you to set up many filters, and it will apply them in the order you choose. A filter consists of one or more tests, and an action to perform if the email passes all the tests. A test can look at any of various parts of the message (assorted header fields, and even the body), and see if it does or doesn't begin with, end with, contain, or match, some string. If the email passes all the tests, you can move it to a designated folder, set its priority, delete it, mark it as read, and a few other options. Therefore, you could set up a filter to delete things that, based on those fields, you feel sufficiently confident is spam, and another filter to "sidetrack" anything else mentioning certain subjects, claiming to be from any "free email" site, or having other tipoffs. I have never used Eudora, nor Microsoft Internet Explorer, but I suspect they have similar capabilities.

• For those of you who read your email via QWK packets (a format common for offline reading from BBSes), there are tools such as QWKPRUNE.EXE (available from my BBS). This is primitive and cumbersome but fairly effective. I use it as a twit filter in Usenet newsgroups, so I can automagically skip over people or threads I don't want to read from, without censoring anyone else's reading.

• For those of you on Unix shell accounts, you can do wonders with procmail, especially if you're up to a little perl scripting. Procmail will let you inspect all header fields, so you can detect several kinds of invalid header lines and other definite tipoffs, and even automatically compose replies to the proper authorities. (More on "proper authorities" in the next article, Striking Back.) I won't get into the technical nitty-gritty of using procmail here, especially since I don't use it myself, but I will cover invalid header lines in a later article, Protecting Your System/Users From Spam.

• You can select an ISP, or a mail rerouter, that applies filters themselves. I don't know what ISPs filter inbound email (except that my BBS filters email for itself and for most other Washington DC Fidonet BBSes), but I believe that Bigfoot (a web-based redirector) does. I will cover system-level filtering more completely in a later article, Protecting Your System/Users From Spam. For now, suffice it to say that a lot of spam contains technical errors that give ISPs quite sufficient grounds to delete it regardless of content, and even aside from that, the Supreme Court (of the USA) has long held that commercials are not "protected speech" under the First Amendment.

• A twist on filtering is "whitelisting". This means that you set up filters to accept mail that fits certain criteria, and either sidetrack or "bounce" (i.e., return to sender) everything else. (Unfortunately, Netscape won't let you bounce email; I don't know about the other common readers.) One common way is to route mail into a lower-priority "sender unknown" folder if it is not from people you know and trust not to be a spammer. You can then weed through that folder, and see who needs to be added to your filter. Another way is to use a password: everything that includes the password in the subject line reaches you, but everything else bounces, with a notice what the password is. Since spammers usually forge the headers, it probably won't reach them, and even if it does, they wouldn't bother changing the subject line just for you. Unfortunately, many legitimate senders won't want to bother either, plus you run the risk of delaying something critical.

A common and effective combination of filters is:

1. Route into "read now" folder, anything from known non-spammers or with password.
2. Delete (or route into "spam" folder), anything that's definitely spam.
3. If desired, route into "suspected spam" folder, anything with certain tipoffs.
4. Let everything else stay in the "inbox", or bounce it if you can.

As implied by doing the deleting after the acceptance, you should be very careful any time you set up a filter to delete things. Even my BBS doesn't completely delete anything; all "definite spam" is at least put in a file for my review.

Next: Striking Back.