…Without Having to Change My email Address
My email address has been around online for many, many years, and it gets a lot of spam — many hundreds per day. For most users, spam far outstrips legitimate mail. It was 1996 that I realized that spam would become a huge problem, which is why I wrote my Spam Primer to educate my readers about it. And sadly I was right: it’s estimated that more than 90 percent of all email transmitted is spam. And how many of them get to my inbox? Lately, I’m averaging less than one a day.
That’s right: I beat spam, and without changing my email address.
About this point, a lot of you are wondering “HOW?!” How much of my solution you can put into place depends on your setup, your access to filtering, and your technical expertise, but you can certainly do a lot of what I do. I’ll explain everything as best I can; if you’re fairly techie, you’ll perhaps find it simplistic, but I know even with full explanations (and some links for more information), some will find this over their heads. If that’s you, stick with it: you can still learn a good part of it; it’s not all that technical!
Part one I did years ago: the server company I was using didn’t support any spam filtering. If I wanted some sort of spam filtering package, I had to install it myself, configure it myself, and maintain it myself. If I screwed something up, they wouldn’t help. The only thing I felt qualified to do myself was “procmail recipes”, which is fairly nerdy but easy enough to do if you spend some time learning it. When you see a pattern in the spam, you can write a “recipe” to reject it or dump it. What I wanted was a more “intelligent” solution, and one was available: SpamAssassin.
Since my server provider wouldn’t support SpamAssassin, I left them for another provider that would, and life got better.
Step 1 was using SpamAssassin. Since it’s my own server, I have the ability to customize the “rules” that SpamAssassin uses, and what I learned in doing procmail (“regular expressions“) directly applies. So not only can I easily block all mail from specific domains (which is of only limited use), but I can, for instance, block mail that has that classic line, “If you believe this is spam, click…” — yeah: I believe it! If that phrase is in a message, it gets a few points toward “spam status”. If a message gets enough points — passes a threshold I can set myself — it’s dumped.
But I’m the author of the Spam Primer: what if someone wants to legitimately ask questions about spam, using examples to ask a question? I’d want to get that mail, so I have programmed a “password” that people can put in the subject line. It’s currently “hammer”: if that’s in the subject line, the message gets through even if there are dozens of “forbidden” phrases in there. (Turns out “hammer” isn’t the best word to use, since some porn spammers like to use it in the subject line, so I’ll be changing it when I get around to it. The current password is always shown on my Contact page.)
But SpamAssassin Isn’t Enough
After a few years of running SpamAssassin, my spam numbers were creeping up. The folks behind SA do revise it from time to time, but they really can’t keep up with the tactics that spammers use: they are always finding ways around its rules, and they can move faster than the SA volunteers. Clearly, it was time to up the ante.
I’ve long recommended Google’s Gmail to my readers as the best free webmail service. Not only does it not have ads that flash in your face (which I hate), but they have long been the best at spam filtering. If something does get filtered, it goes into a spam folder so you can recover it. Yes, other webmail services do this too, but I’ve found Gmail does it best.
But there are definitely problems with using free webmail services: they’re free, and if something goes wrong, you can lose all your mail and contacts (address book). I’ve heard the fewest bad reports about Gmail, though even they aren’t guaranteed to not screw up. Next is Yahoo — they do better that most, but I’ve heard a lot more reports of problems there than at Gmail. (And they have irritating ads, unlike Gmail’s simpler not-in-your-face ads.) But most of the horror stories I’ve heard center around Hotmail, which is run by Microsoft. (For more on the dangers of free webmail services, see Are free email services worth it? on Ask Leo!)
I not only run an online business, but it’s centered around legitimate email publishing — free and paid subscription newsletters. Thus email is extremely important to me: I need to get messages from readers, yet not be distracted by the huge flow of junk.
Gmail is great because there’s a full-time staff of smart people at Google constantly looking for new spammer tricks and patterns, and updating their filtering algorithms to keep that junk out of our inboxes. So I want to use Gmail, even though there’s a risk in using free webmail services, as Leo explains. What to do?
I’ve figured out a way to get the best of both — my own server’s filtering and Gmail’s benefits — without having to risk my business if something happens to Gmail.
My Hybrid Solution
I’ve long had a Gmail account for testing, playing, and to have an address to give online merchants I don’t trust a lot, but in April I switched all of my mail there. But I didn’t change my address to my Gmail account, I forward it there. Here’s how:
- Mail still comes to my thisistrue.com addresses, and still gets filtered by SpamAssassin, which gets most of the spam (but not all of it, for the reasons discussed above).
- After that filter pass, I’ve set my server to forward any mail that gets through to my Gmail address, but still keep a copy on my server — that latter step is important, as I’ll explain below.
- I’ve set my computer’s mailer software to get my mail from Gmail via POP, instead of my server. My Blackberry Android-based phone is also set up to get my mail from Gmail, rather than my server.
- I set up Gmail to delete mail from its inbox once it’s successfully downloaded to my regular mail program (Settings → Forwarding and POP/IMAP → choose “delete Gmail’s copy” on the line, “2. When messages are accessed with POP”.)
- Last, I set up Gmail to send mail “From” my regular thisistrue.com address. This is easy to do: Google’s instructions are here. Even if I use Gmail’s web interface, my regular thisistrue.com address is the default “From” address.
Google’s spam filtering is excellent, but it’s important — especially during the first few months — to “train” the filters according to your own mail flow. That is, if it lets spam into your inbox, click the “Report Spam” button on that message, and if it puts legitimate mail into the spam folder, open it and click the “Not Spam” button. It’s extremely important that you never use the “Report Spam” button on email you asked to get: that screws up the anti-spam formulas for others. Use the proper “unsubscribe” function and only mark it “spam” if that doesn’t work.
I’ve been very careful to properly “train” Gmail’s spam filters. The result? It’s now extremely rare to get spam in my inbox. It’s down to 2-4 per week. It’s also quite rare to get legitimate mail in my spam folder — that’s down to 4-6 per week. And it’s not a huge deal to go through the spam folder, since most of my spam is deleted by my server’s SpamAssassin long before it gets to Gmail.
I watch for patterns in the spam folder, too. I was noticing a lot of Cyrillic (Russian) subject lines. It’s all spam, and I didn’t want to have to wade through it again and again. I searched Google for help in filtering it, found a SpamAssassin rule to use, and added the two-line rule on my server — and the Russian spam was all gone, just like that.
In Case of Emergency
Last week Google had a well-publicized several-hour outage, which only affected a moderate percentage of its users. (It was well-publicized because it is so rare.) The point is clear: it happens, even to Google! And worse could happen, or your password may be stolen, or you otherwise get locked out of your account. If all you had was Gmail, you could be in real trouble. As I said, my mail is very important to me, so I want to ensure I don’t lose it, even if I lose access to my Gmail account permanently. It’s unlikely, true, but it would be catastrophic to me if I lost several days, or weeks, of mail. I just can’t risk that.
Remember I said that when I was setting this up, I set my server to forward all mail, but keep a copy? That’s in case of a problem like this. If I lost access to Gmail for any reason, all I have to do is set my computer’s mailing software (and my phone) to switch back to my server to get mail, and I’m instantly back in business again until Gmail fixes the problem.
Doesn’t my server-based mailbox get full? No. It has a huge quota, but even with that the server would eventually run out of disk space, so my server has a cron job that deletes all mail that’s more than a month old. In summary, I get all the benefits of Gmail’s excellent filtering without having to worry about the risks of using a free webmail service.
Gmail has one other advantage over other services, which makes it much less likely that crackers compromise your account (effectively, steal your password): two-factor authentication. I use that for another layer of security.
One Caveat, and a Summary
A tiny muss when using Gmail to send mail “from” your regular address: any mail sent through Gmail’s SMTP (outgoing mail) server has a header —
— which I can avoid by having my computer’s mail program use my server’s SMTP server to send mail, and thus I don’t have that header on my mail. But really, so what? I don’t really care if people who know how to view Internet routing headers see what my Gmail address is, since all my mail ends up there anyway now. And if it changes later? *shrug*! — they should send mail where I say, and if they don’t, any bounces should give them a clue.
So there you have it. I get well over 100 legitimate emails per day, and somewhere on the order of 300-500 spams. A good 90-95 percent of the spam is filtered out by SpamAssassin, and then all the remaining mail is forwarded over to Gmail, where it’s filtered again, leaving me a small number of spams to look through once a day. If I see something miscategorized, I “train” Gmail to do better. If I see spam patterns, I can add a rule to SpamAssassin to filter it before it gets to Gmail, so I don’t have to look through it anymore. The result: virtually no spam gets downloaded into my desktop mailer’s inbox anymore. And that, my friends, is how email should be!
If you’re completely non-technical, you can get most of the benefit by switching to Gmail and “training” it carefully with the “Report Spam” and “Not Spam” buttons. And remember: never buy anything from spammers: that just encourages them to send more. Be sure you’ve read my Spam Primer so you understand the dangers. If you don’t, you can fairly easily lose your savings, or allow your computer to be turned into a spammer’s robot to spam or attack others. It’s not something you can ignore.
– – –
Share This on Twitter: Click to Tweet a link to this page.
Last, if you’re a visitor here, you might want to scroll to the top of the page and subscribe to my weird news email newsletter. As you’ve already realized, it has a lot more than just amusing weird news stories! (Sample Issue)