* Can The Spam

Some practical solutions to the growing problem of spam in your inbox.

By Erik J. Heels

First published 7/1/2006; Law Practice magazine; American Bar Association

What would happen if a really important email from someone you know got lost in your anti-spam defenses? In anti-spam speak, it would be a “false positive,” namely the discarding of wanted email. A “false negative,” on the other hand, is non-disposal of unwanted email. How do you configure your email systems to deliver email that you want and dispose of email that you don’t want? Spam is a complicated problem, but I’ll try to outline some practical solutions to this growing problem.

What Is Spam?

By some estimates, over 80% of all email is spam. What is spam? One definition of spam is electronic communication (1) from someone with whom you have had no prior correspondence, (2) that is irrelevant to your personal or work interests and (3) that is unwanted. See Wikipedia’s definition of spam for other definitions (http://en.wikipedia.org/wiki/Spam_%28electronic%29).

And since many of you are lawyers, I thought you might like to know what Hormel (producers of SPAM food products) thinks about the use of the term “spam” to describe Unsolicited Commercial Email (UCE). Hormel’s “SPAM and the Internet” page (http://www.spam.com/ci/ci_in.htm) says that Hormel “do[es] not object to use of this slang term to describe UCE, although [Hormel] do[es] object to the use of the word ‘spam’ as a trademark and to the use of [Hormel’s] product image in association with that term. Also, if the term [‘spam’] is to be used, it should be used in all lower-case letters to distinguish it from [Hormel’s] trademark SPAM, which should be used with all uppercase letters.”

Tip 1: Use The Anti-Spam Features Provided By Your ISP

It is likely that your Internet Services Provider (ISP) provides some sort of anti-spam functionality as part of its email services. If you don’t know whether your ISP has anti-spam capabilities, then ask them. Some ISPs offer server-side anti-spam features (to identify spam before it gets delivered to you), client-side anti-spam features (to identify spam after it gets delivered to you), or both. For example, many ISPs offer access to the server-side program SpamAssassin (http://spamassassin.apache.org/). A good way to configure SpamAssassin is to use moderate protection and automatically change the subject of (but not automatically delete) all email to identify it as possible spam. You could, for example, have each suspected spam email message start with “[spam]” or the like. By having suspected spam delivered to you rather than automatically deleted, you will minimize the chance of false positives. The downside to this approach is that you have to scan all of your email, including all of the spam.

Tip 2: Use The Anti-Spam Features Provided By Your Email Client

Most email client applications provide some level of anti-spam features. For example, in Eudora (http://www.eudora.com/), you can filter email that contains “[spam]” in the subject and automatically transfer it to a mailbox called “Junk.”

Or you can automatically transfer all email to or cc someone you know to special mailboxes. Let’s say you have never received email from somebody before but that they cc somebody you know (perhaps because a friend referred them to you). If you use this nifty trick, then the sender’s email message won’t get lost in your spam defenses.

Eudora’s filter menu allows you to create rules for incoming or outgoing email and act on the email accordingly, by playing a sound, changing the color of the message, transferring it to a particular mailbox, and so on. The above example shows how any incoming email message from, to, or cc the Law Practice editor gets transferred to my ABA mailbox.

Firefox (above) allows you to automatically block pop-up windows, which are just as annoying as spam.

Tip 3: Use Multiple Email Addresses

You should think very carefully before giving out your email address to anyone. You should assume that if you publish your email address or give it away to any vendor, then you will get spam at that address. One solution to this problem is to have a “public” and a “private” email address and giving out only the former. Some people use web-based email accounts (such as Gmail and My Yahoo) for their “public” email address. For example, Clock Tower Law Group divides its practice into five areas (administration, clients, law, marketing, and technology) and uses a separate public email address for each area. This helps both with filtering/filing email and cutting down on spam.

Tip 4: Consider Third-Party Solutions

The beauty of the Internet is that you can have one ISP to provide Internet access (dial-up or dedicated), another to host your website, and another to host your email, or any combination of the above. Some ISPs and web hosting providers, such as Verio (http://www.verio.com/), provide dedicated servers or virtual servers that can be both web servers and email servers. If you have control of your own email server, then you can install and configure a wide range of server-based anti-spam software, SpamAssassin (http://spamassassin.apache.org/) (free, open source software) and BrightMail (http://www.brightmail.com/) (enterprise software from Symantec). Clock Tower Law Group uses a local ISP for Internet access and a Verio virtual server for its web server and email server.

If managing your own email server isn’t your cup of tea, then you might want to consider an Application Service Provider (ASP) that provides specialized email services, such as NEDS (http://www.neds.com/). ASPs such as NEDS can host your email and provide all of the anti-spam (and anti-virus) processing for you.

Your college or law school alumni association may offer email services with built-in anti-spam features. For example, the MIT Alumni Association (http://alum.mit.edu/) offers email forwarding for life that includes anti-spam features. So if you use a service like this, then you can add another layer of anti-spam protection to your arsenal.

Finally, anti-spam appliances, such as the rack-mountable Barracuda Spam Firewall (http://www.barracudanetworks.com/), are appropriate for larger organizations and can help automate anti-spam tasks.

Summary

There are a lot of anti-spam solutions available. Unfortunately, as long as a financial motivation exists for spammers, spam will persist. In other words, as long as spam recipients are spending money on products and services advertised by spammers, then we will have to spend money on products and services to stop them. Sometimes, our anti-spam solutions work too well (think “false positives”), preventing valid email from getting through. In fact, Rick Klau’s article almost didn’t get written, because Merrilyn’s initial email to Rick got lost in his anti-spam defenses. To quote Alanis Morissette, “Isn’t that ironic?”

Sidebar: Anti-Spam Resources

  1. The List – Directory of ISPs (http://www.thelist.com/)
  2. TheISPGuide.com – Directory of ISPs (http://www.theispguide.com/)
  3. The List – Directory of ASPs (http://asp.thelist.com/)
  4. AOL’s anti-spam features – for dial-up and broadband (http://discover.aol.com/aolfeatures.adp)
  5. Earthlink’s anti-spam features – for dial-up and broadband (http://www.earthlink.net/dialup/features/)
  6. Verio’s anti-spam features – for virtual/dedicated servers (http://www.verio.com/support/documents/view_article.cfm?doc_id=1048)
  7. NEDS PestFree – managed email service (ASP) (http://www.neds.com/)
  8. SpamHelp’s list of anti-spam appliances – hardware-based anti-spam products (http://www.spamhelp.org/appliances/)