On Sat, 2007-08-25 at 20:53 -0400, Simetrical wrote:
And if you use Gmail, you can use plus-addressing instead (see my e-mail address, for instance).
There's always dspam.
I've been running it for years on our production servers, and I probably get... maybe 1-2 spams slipping through to my Inbox _every few months_, max (after its trained up, which takes about 1-2 months at the onset).
After 5+ years of running dspam, I never even have to worry about getting spam in my Inbox, because it simply doesn't happen. There may be a burst or two when a new spam technique comes out that dspam isn't aware of, but a few clicks in the web-ui, and I never see them again.
Throw graymilter or postgrey in there and it drops further:
http://code.gnu-designs.com/graymilter_results.png http://code.gnu-designs.com/dspam+graymilter-gnu.png
The side-benefit of graymilter/postgrey is that you're no longer accepting connections and spam emails which you'll quarantine and discard anyway. You save on bandwidth, storage space and reduce the number of connections necessary to process "real" emails.
For those who can't or won't use dspam, here's some other ideas:
<a href="mailto:foo@domain.com">feedback</a>
This semi-obfuscates the three main things spam harvesters look for to find email addresses:
- Splitting on a mailto string - Finding word at word.word and testing it as an email - Reverse split on .com.* to find the parent domain to spider
Spammers are getting smarter all the time, and they'll eventually figure out how to decode the entities, but for now, it reduces a HUGE amount of spammable public mailto links (and it does not break in a browser).
I haven't recieved a single SPAM after moving to using this (and similar) obfuscation methods, down from about 30/day previously without it (using SpamAssassin at the time), per address.
I also use a very strong offensive technique, which I've talked about before (and finally got around to posting on perlmonks[1] back in May of 2003). This has become more than just a defensive maneuver now, avoiding and blocking SPAM.
There are other ways as well, here are some examples:
# Yes, this is actually a valid email address - @yourdomain.com - foo()@yourdomain.com # Also valid - foo&bar at yourdomain.com # Valid - foo(localpart)@(domain is)yourdomain.com # Yes, also 100% valid - foo@(domain)yourdomain.com
I've been proactively and defensively fighting spam for the better part of a decade, and at this point, I think I've won. Not only do I simply no longer get spam, but neither do my users or anyone I middleman mail or mailing lists for.
Spam really is a non-issue, once you set up the right tools.
[1] Can-o-Raid: http://www.perlmonks.org/index.pl?node_id=258370