Outwitting Spammers

Spam is getting worse, in part because the senders of unsolicited commercial email (UCE) are getting better at it. A few years ago, I devised a set of rules for Outlook's Rules Wizard that eliminated 95 percent of the spam from my mailbox. My rules basically defined junk email as messages that don't originate from a mailing list I subscribe to and aren't addressed directly to one of my active email addresses. This includes virtually all mailings, except discussion lists, that include me as a blind carbon copy (Bcc) recipient.

Today, these rules don't work as well because spammers' tools are more sophisticated. When I first devised my rules, most spam was sent as bulk mail to Bcc recipients. Now spammers are generating more individual messages, much as you'd expect from a mail merge. These unsolicited messages have my correct address in the To field, so they're much harder to identify as spam.

To combat this type of spam, I use a new feature in Outlook 2002 to add a "whitelisting" rule. Whitelisting is the opposite of blacklisting. Whereas the latter bans messages from certain senders, whitelisting accepts mail from specific senders.

The new feature is an additional Rules Wizard condition: "sender is in Address Book," where you choose the address book—I've chosen my Contacts folder. For a message from a sender found in my Contacts folder, the rule applies a "known sender" category and stops processing the message. The "stop processing" action ensures that the message stays in my Inbox. Another rule at the bottom of the list moves everything that previous rules didn't handle into my Junk Mail folder for later review.

The category lets me use Outlook's automatic-formatting feature to color-code items from known senders, both to monitor how well the rule is working and to distinguish mail from these known senders from other mail in my Inbox. So far, the "known sender" rule works fine and doesn't seem to drag on the system, though I'm concerned about what might happen if I receive 100 messages at once.

What about the efforts under way in the United States, the European Union, and elsewhere to enact laws against junk mail? Much of the debate centers on opt-in versus opt-out schemes. An opt-in system forces companies to get approval from recipients before they can send messages. In an opt-out system, it's OK to send messages unless the recipient has specifically asked not to receive them.

Putting aside the free speech issues involved, are anti-spam laws enforceable? I was skeptical about the usefulness of legislation to control unwanted mail until I read about several people who have been actively pursuing spammers under Washington state's law, considered to be the strongest on the books. Some have sued successfully in small claims court; others have simply threatened a suit and obtained a small out-of-court settlement, often $500 or less. The better news is that, in at least one case, the threat of legal action seemed to open the eyes of company decision makers to the possibility that their email marketing methods were harming the company's reputation.

Still, these successful antispam actions in Washington state don't necessarily correlate with fewer spam messages. The most annoying spam comes not from established companies that you can serve with legal papers, but from fly-by-night operators who spoof their return addresses and send through any open SMTP relay they can find. If states and countries tighten their email laws, these senders might simply move their operations offshore to ever-less-restrictive jurisdictions, if they haven't done so already.

For links to anti-spam laws around the world, visit http://www.spamlaws.com/index.html.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish