By Erik J. Heels
What would happen if a really important e-mail from someone you know got lost in your spam defenses? In anti-spam speak, it would be a "false positive," namely the discarding of a wanted e-mail. A "false negative," on the other hand, is the nondisposal of an unwanted e-mail. By some estimates, more than 80 percent of all e-mail today is spam, so the chances of a mix-up in sifting the wheat from the chaff can be significant.
How do you configure your e-mail systems to deliver messages that you actually want while still disposing of the e-mails that you do not want? It's a complicated problem, but fortunately, there are a number of solutions that address it. Here are some top tips that you should consider implementing. (In his accompanying article, Rick Klau offers additional advice from the Web-based and Weblog sides.)
It is likely that your Internet service provider (ISP) offers some sort of anti-spam functionality as part of its e-mail services. If you don't know whether your ISP has anti-spam capabilities, then ask. Some ISPs offer server-side anti-spam features, to identify spam before it gets delivered to you; client-side anti-spam features, to identify spam after it gets delivered to you; or both types of protection.
Many ISPs, for example, offer users access to the server-side program SpamAssassin. This is free, open source software that uses a wide variety of tests to identify spam signatures. Plus, it is easily configurable so you can specify your own rules for how you would like the server to handle filtering your e-mails.
A good way to configure Spam-Assassin is to use "moderate" protection and automatically change the Subject line of—but not automatically delete—all e-mails that exhibit the characteristics of possible spam. You could, for example, have SpamAssassin identify each suspected junk message by adding "[Spam]" or the like at the start of the Subject line. By having suspected spam delivered to you rather than automatically deleted, you will minimize the chances of false positives. The downside to this approach is that you have to scan all incoming e-mails, including all of the spam.
Most e-mail client applications (the e-mail software that's installed on your desktop computer) provide some level of anti-spam features. For example, in Eudora, many e-mail management functions can be performed automatically by setting up filters. You can, say, filter any e-mail that contains "[Spam]" in the Subject line so that it is automatically transferred to a mailbox called "Junk."
Also, you can automatically transfer e-mail to special mailboxes based on whether someone you know is in the message's From, To or CC lines. Let's say you receive an e-mail from someone you've never heard of before, but the sender has cc'd someone you know—perhaps because a friend referred the sender to you for business. If you use this nifty filtering trick, then the e-mail from this unknown sender (a prospective client) won't get lost in your spam defenses.
You want to think very carefully before giving out your e-mail address to anyone. If you publish your e-mail address, in print or online, or give it away to any vendor, you should assume you will get spam at that address as a result. One solution to this problem is to have both a "public" and a "private" e-mail address and to give out only the former publicly.
Some people have domain names for their private or business purposes and use Web-based e-mail accounts (such as AOL, Earthlink, Gmail and My Yahoo) for their public e-mail addresses. An additional tactic is to publish separate addresses for separate purposes. For example, my firm, Clock Tower Law Group, divides its practice into five areas (administration, clients, law, marketing and technology) and uses a separate public address for each area. This helps both with filtering and filing e-mail and with cutting down on spam.
Among the beauties of the Internet is the fact that you can have one ISP to provide Internet access (dial-up or dedicated), another to host your Web site, another to host your e-mail, or any combination of these options. Some ISPs and Web site hosting providers provide dedicated servers or virtual servers that can be both Web servers and e-mail servers. If you have control of your own e-mail server, then you can install and configure a wide range of server-based anti-spam software, including SpamAssassin and BrightMail Antispam (enterprise software from Symantec). Clock Tower Law Group uses a local ISP for Internet access and a Verio virtual server for its Web server and e-mail server.
If managing your own e-mail server isn't your cup of tea, then you might want to consider an application service provider (ASP) that provides specialized e-mail services to meet your needs. ASPs such as NEDS, which serves small and medium-size businesses, will host your e-mail and provide all the anti-spam (and antivirus) processing for you.
In addition, your college or law school alumni association may offer e-mail services with built-in anti-spam features. One example is the MIT Alumni Association, which offers e-mail forwarding with spam defenses for life. If you use a service like this, you can add another layer of protection to your arsenal.
Finally, there are anti-spam appliances, such as the rack-mountable Barracuda Spam Firewall and the MXtreme Mail Firewall. These hardware-based, enterprise-level solutions are appropriate for larger organizations and help automate anti-spam tasks.