Evolution of an Antispam Strategy

Over the years, the increasing volume of spam has forced me to change my strategy for dealing with email. Here is its evolution, presented in four stages.

Stage 1: Accept everything

Initially I accepted all email, and published my email address on my Web site. The little spam I received was discarded manually.

Stage 2: Blacklist spammers

The volume of spam started to increase. This led me to take a series of actions, in chronological order:

  1. Remove the mailto: link from Web site.
  2. Block individual accounts sending spam.
  3. Block domains known to harbor spammers.
  4. Block domains one hop upstream from spammers.

Stage 3: Create a pass word

My filters were aggressive, sometimes overly so. To allow people in blocked domains to reach me, I created a pass word that, when included in a message, would allow that message to bypass the filters. I posted the pass word (a single, uncommon English word) on my Web site. I change the word occasionally.

(The pass word is a primitive contact token.)

Stage 4: Whitelist

Eventually, the blacklists failed. Spam now arrives from too many domains to block individually. I changed to a whitelist, accepting email only from familiar senders and discarding everything else, unless it included the pass word.

Eventually I automated the processing of mail with the pass word. Now the senders of messages with the pass word are automatically added to the whitelist.

There are two substages to this stage:

  1. Check trash for false positives and create the filters required to prevent further messages from the sender from being trashed.

  2. Stop checking the trash and let false positives be deleted unread. I'm now at this stage.


Anticipated Stage 5: Participate in Collaborative Filtering. If everyone hates spam, why must everyone fight it individually? Collaborative filtering systems such as SpamAssassin and Vipul's Razor use the collective filtering power of many people to identify spam before it reaches your mailbox. As of this writing, such systems are gaining popularity. However, their impact on the volume of spam remains to be seen.

Anticipated Stage 6: Use Hash Cash. Filtering email you've already received does nothing to discourage spammers from flooding the Internet's already burdened email transport network. Instead, we must find a way to reduce the amount of spam sent. One solution is hash cash, which adds a recipient-defined cost to each message. Spam will only disappear when it's no longer worth the cost, and widespread use of hash cash will hasten that day.


Last updated 15 January 2004
http://www.rdrop.com/~half/Creations/Writings/TechNotes/evolution.of.an.antispam.strategy.html
All contents ©2002 Mark L. Irons

Previous: CSS Tip #2: Making Your Site Modifiable ··· Next: CSS Hack: Floated Sidebar