On Sat, 2007-08-25 at 20:53 -0400, Simetrical wrote:
And if you use Gmail, you can use plus-addressing
instead (see my
e-mail address, for instance).
There's always dspam.
I've been running it for years on our production servers, and I probably
get... maybe 1-2 spams slipping through to my Inbox _every few months_,
max (after its trained up, which takes about 1-2 months at the onset).
After 5+ years of running dspam, I never even have to worry about
getting spam in my Inbox, because it simply doesn't happen. There may be
a burst or two when a new spam technique comes out that dspam isn't
aware of, but a few clicks in the web-ui, and I never see them again.
Throw graymilter or postgrey in there and it drops further:
http://code.gnu-designs.com/graymilter_results.png
http://code.gnu-designs.com/dspam+graymilter-gnu.png
The side-benefit of graymilter/postgrey is that you're no longer
accepting connections and spam emails which you'll quarantine and
discard anyway. You save on bandwidth, storage space and reduce the
number of connections necessary to process "real" emails.
For those who can't or won't use dspam, here's some other ideas:
<a
href="mailto:foo@domain.com">feedback</a>
This semi-obfuscates the three main things spam harvesters look for to
find email addresses:
- Splitting on a mailto string
- Finding word at word.word and testing it as an email
- Reverse split on .com.* to find the parent domain to spider
Spammers are getting smarter all the time, and they'll eventually figure
out how to decode the entities, but for now, it reduces a HUGE amount of
spammable public mailto links (and it does not break in a browser).
I haven't recieved a single SPAM after moving to using this (and
similar) obfuscation methods, down from about 30/day previously without
it (using SpamAssassin at the time), per address.
I also use a very strong offensive technique, which I've talked about
before (and finally got around to posting on perlmonks[1] back in May of
2003). This has become more than just a defensive maneuver now, avoiding
and blocking SPAM.
There are other ways as well, here are some examples:
# Yes, this is actually a valid email address
- @yourdomain.com
- foo()(a)yourdomain.com # Also valid
- foo&bar at
yourdomain.com # Valid
- foo(localpart)@(domain
is)yourdomain.com # Yes, also 100% valid
- foo(a)(domain)yourdomain.com
I've been proactively and defensively fighting spam for the better part
of a decade, and at this point, I think I've won. Not only do I simply
no longer get spam, but neither do my users or anyone I middleman mail
or mailing lists for.
Spam really is a non-issue, once you set up the right tools.
[1] Can-o-Raid:
http://www.perlmonks.org/index.pl?node_id=258370
--
David A. Desrosiers
desrod(a)gnu-designs.com
setuid(a)gmail.com
http://projects.plkr.org/
Skype...: 860-967-3820