spacer spacer spacer


Canning Spam

I’ve been around the net a while (we did have both 1’s and 0’s in my day — I’m not that old), so unfortunately my email address has found it’s way onto many a spammer’s mailing list and I probably get more than the usual amount of spam, which has driven me to find some tools to deal with spam.

One of the biggest misunderstandings with spam is how email works: Email is a lot like postal mail, in that it consists of both an envelope and a message. The envelope tells where to deliver the message. The message includes an inside address, which purports to be the source of the message, but is easily forged. (Just imagine writing a letter to your Aunt Jo, but you accidentally put it in an envelope to pay your electric bill. The electric company will get your letter, even though the inside address is for your Aunt Jo. Spammers do the same thing, intentionally. They write a nice letter that appears to be from your Aunt Jo, telling you how to enlarge your bank account, then make a zillion copies and stick it in a zillion different envelopes and send it to zillions of people.)

Unfortunately, most email clients, in an attempt to be helpful, open all your mail, discard the envelopes, and just show you the message. As a result, you don’t notice that the message from your Aunt Jo came in a bulk mail envelope — the one’s you would normally drop right into the trash if they came in your postal mail.

After a bunch of research, I decided to try a service called SpamCop.NET (not spamcop.COM — a cheap imitation, and not spamcop.ORG — who are actually spammers). Here’s how SpamCop works: it encourages people to report spam and analyzes the full spam message, looking at the internal postmarks (these are the Received: lines in the envelope of an email message that you can see if you ask your mail client to show the internet headers, or full headers of the message). By analyzing these postmarks1, SpamCop can trace the actual origin of the message. By accumulating spam reports, SpamCop develops a database of known spam sources. It then uses this database to analyze new messages, and marks those coming from known spam sources as likely to also be spam.

The technique that SpamCop uses is known as DNS blacklisting2, which some find controversial because they feel it could block legitimate mail that happens to originate at the same computer the spammer is using. SpamCop gets around that issue by only holding mail from suspected spammers — it leaves it up to you to choose to accept or reject the suspected spam, and if you like, to mark a particular address as being okay to always pass through (by putting it on your whitelist).

So, how do you use SpamCop.NET? After you sign up for an account, you can either arrange to have your old email address forward to your new SpamCop address, or you can configure SpamCop to pick up your mail from your old address. You have a choice of reading your mail using SpamCop’s web-based mail reader, or you can forward all unblocked mail to a new, private, email address (it can’t be your old address, or the mail will just go round and round in a loop). Keep this new address completely private — only SpamCop should know about it and only SpamCop should ever deliver mail there. You’ll need an email client that can be configured to pick up mail at your private address, but send mail using your public address to make this work best. (Unfortunately, AOL is not that flexible.)

Yes, it’s a bit contorted, but that is only if you want to keep your old public address around. If you are just as happy to discard your old public address, you can just use your SpamCop address as your public address. If you have a number of public addresses, like a free one from your alma mater, or a professional society, you can forward those to your SpamCop account too, and pick up all your mail in one place.

Recently, SpamCop has added two new features, virus scanning and a filter that analyzes email for spam-like content (the particular filter SpamCop is using is called SpamAssassin (again not to be confused with or, two commercial sites trying to capitalize on’s success). The virus filter simply discards messages with viruses in them. They never reach your inbox. SpamAssassin uses a number of heuristics including Vipul’s Razor to score messages, and messages with a high spam-like score will be held for your approval before being sent to your inbox.

SpamCop.NET isn’t a perfect solution. I don’t think there is one. But it is the best I’ve found to date. I’m not associated with them in any way, just a happy customer. If you are as inundated with spam as I am, you might want to have a look.

1. Postmarks can be forged too, but SpamCop.NET is careful to trace the postmarks backwards from known trustworthy sources and to discard any that could be forged. If you want the gory details — the postmark is applied by the computer that receives the message (hence the Received: moniker), and records the IP address of the sending computer. This address cannot be forged, since the two computers have to carry on a two-way conversation to deliver the message.

2. Blacklists and whitelists use the traditional definition of good and evil. Addresses on a blacklist are considered evil, those on the whitelist are considered good.

Post a comment

Thanks for signing in, . Now you can comment. (sign out)

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Remember me?

You are not signed in. You need to be registered to comment on this site. Sign in