Editor's note: In part one, F.J. focused on laying the foundation for an anti-spam strategy and he covered how to block most of your unwanted mail. Then in part two, he fine-tuned this strategy, plus he took a closer look at the technologies inside of Mail.app. Now in part three, the conclusion of this series, F.J. covers rules and additional tools and techniques you can use to avoid becoming buried in spam.
Many email applications base their spam filtering primarily on "rules." Luckily for Mac users, Mail uses more advanced technologies. However, let's not forget that rules do exist in Mail and that they can be extremely useful--especially since they can take advantage of AppleScript.
To add a rule, use the Rules preferences tab. Unless you've already added a few, you should see only one, from Apple, that adds a light blue color to mail it sends. Feel free to remove it if you want; it won't hurt your computer or prevent Apple from sending you messages.
To add rules, click on the "Add Rule" button. This will bring up a sheet on which you can define the conditions and the actions. Pay close attention when defining conditions to avoid flagging mail that you do not intend to flag: "Any" and "All", "Contains", and "Is" have very different meanings and results with regard to mail rules.
Finally, make sure you give your rule a meaningful name such as "Delete mail from Aunt Jane", and then click "OK" to save the rule.
One of the actions from which you can chose is "Stop evaluating rules." This action can be useful at times, but it can also interfere with regular email processing and slow performance. Avoid overusing it if you can.
The rule list itself has some useful functions. By grabbing rules with your mouse and dragging them up or down in the list, you actually can change the order in which Mail applies them. The rule in the first line will be applied first and the rule on the last line last, unless you have a "Stop" action in there somewhere. The positioning of rules can radically change the way your mail is processed.
You may see rules on some sites about how to delete messages using a specific language or charset. Sure, this can stop spam coming from certain areas of the globe where this specific charset is commonly used, but it will also stop legitimate emails, therefore greatly increasing the risk of false positives.
Rules are an entirely automated mail processing system and, like all logic-based computerized systems, they require you to be extremely precise. Rules that are defined too loosely are more likely to catch mail that you wouldn't want them to catch. In some cases, especially if you trigger some kind of quarantine or deletion process, it is better to have false negatives than false positives.
A common complaint about rules is that they cannot bounce mail. However, for reasons that we will see in a second, this is actually a good thing and was probably done on purpose by the Mail engineers.
Suppose that you are receiving an O'Reilly newsletter every month and that Mail constantly flags it as Junk Mail. You can set up a rule that checks the origin of the mail and flags messages coming from O'Reilly as "Not Junk" automatically. That way, you won't have to waste time on training the filter about this specific newsletter and can focus on more important and troublesome issues.
|
Related Reading 
Mac OS X: The Missing Manual, Panther Edition |
Keep in mind that, by using the "Any" condition, you can set up a rule that un-flags promotional mail from the companies you like. Of course, Mail's spam filter is extremely good at distinguishing polite newsletters from real spam, so you probably won't need to create such a rule too often.
Now that we have seen all the technical means by which you can effectively protect yourself against spam, it is time to look into the social ones. Indeed, most of the time, spam doesn't come from the ether but, instead, from a mistake we made at some point. Now, there's no need to blame yourself since everyone makes mistakes when it comes to spam.
As I recall, we left off with you having three email addresses and an unlimited number of dummy ones. Let's quickly review where we stand.
When you hear "be cautious", what do think I mean? How can you, in your normal online life, make sure that you are not making the infamous mistake that will cause spam to flood your inbox?
In the following paragraphs, you're going to see a few tricks that you can use to avoid spam--nothing too technical, but basic cautious advice that, applied carefully, should allow you to enjoy an almost spam-free email experience.
It sounds silly but our email address is so often requested on the Internet that we rarely think of what we are doing when we provide it to someone. Therefore, before doing so, you should ask yourself: "If this were real life, would I give my address to this person?"
Of course, in most cases, your reply would be "No." So this might be a good time to provide your dummy address.
But what if the reply is "Maybe?" Well, there are a few things to ask yourself before you enter your second or third address, depending on the level of trust you have in a site:
Unless you can answer these questions, you should exercise caution. Sometimes, I create a dummy address for a specific site and monitor it closely. If I don't receive spam for a few weeks, I change my contact information so that the site knows the third address. If things remain stable, I enter the second one--but remember, never enter the first.
I know this checklist may sound a bit paranoid, but it is just the beginning of all the questions you should ask yourself.
Some companies are members of certification networks like the TRUSTe privacy program (of which Apple is a member, for example), which provides you with certain guarantees. TRUSTe is "an independent, nonprofit organization whose mission is to build users' trust and confidence in the Internet by promoting the use of fair information practices." Good networks have a "watchdog" system that allows you to fill out an unofficial complaint against a site in case they don't comply with their privacy policy. Keep in mind, however, that there are bogus certification networks and that privacy policies can be very "well" written, giving a site all rights to use your information without actually breaking any laws, so be careful!
If you have a site, or post on forums, or join a mailing list, you probably want people to be able to contact you--or the owner of the site may require you to provide a valid email address.
This is all perfectly normal, but you should still be cautious. Indeed, web pages and forums are now read tirelessly by spambots that desperately look for email addresses to steal. Mailing lists, by definition, expose your email address for the world to see--most of them at least. On some, only the postmasters know your address. These are usually called "*-announce" or have similar names.
Therefore, additional measures are required in these situations.
|
<script language="JavaScript">
<!--
var name = "myname";
var domain = "myprovider.extension";
var subject = "";
document.write('<a href="mailto:' + name + '@'
+ domain + '?subject=' + subject + '">');
document.write(name + '@' + domain);
document.write('</a>');
// -->
</script>Of course, this requires your readers to have JavaScript support enabled in their browsers.
It is extremely tempting to print your email address on all your business papers and publications. However, it is at least as dangerous. So, make sure that you do not print your address unless it is absolutely necessary and only use your third address.
If you deal with a customer on a regular basis, you can always "escalate" him to the second address.
If you receive spam, all is not lost. Indeed, even though your filters should contain it efficiently, you can try to prevent it from reaching your inbox by using a few common tricks.
In the following paragraphs, we are going to see how you can fight back against existing spam. These methods are probably not 100 percent effective but they should help a great deal.
Replying to spam email is like asking to be sent more, even if you see an "unsubscribe" link. Indeed, in most cases, all it does is confirm that your address exists, therefore, encouraging the spammer to send you more and sell your address email--since a known "good address" is worth a lot.
Therefore, as a general rule, you should never reply to spam, regardless of the reply. Of course, this raises certain issues, since some "unsubscribe" links are in fact legitimate. For example, newsletters sent by a company you know almost certainly include a legitimate link. However, when in doubt, it's better not to confirm that you have received the mail and to let your filters delete it.
Mail has a great feature called "Bounce." What does it do? It simply sends the mail back to the sender, telling him that it could not be delivered because the address was incorrect.
Many spammers use software that checks for such replies and removes addresses that generate them, so that they can focus on the good ones. In order to use it, simply follow these steps.
If you use it often, you can, of course, add a bounce button to your toolbar. Its icon looks like a red stamp and is actually quite cool.
This method is great for ridding your inbox of unwanted correspondents who simply bother you and with whom you cannot deal in a more courteous way, or from whom you receive "legitimate spam" that you cannot deactivate manually.
You should be cautious, though! Unless the email specifically contains your address in the "To" field, don't use it. It could cause your mail provider to "fill in the blank" when the mail travels back and provide the spammer with your actual address.
It's up to you. Just keep in mind that this feature is great but may, under certain circumstances, have unwanted affects. Under some special circumstances, it could also generate a bounce war. What if the address you bounce too has been spoofed and the other correspondent bounces back too? You could well end up bouncing the same mail back and forth when deleting it would have been a much easier choice.
If your email provider maintains anti-spam filters, this mail should not have gone through them. Even the most well-configured servers cannot stop everything but you can make them better!
Simply contact your email provider and provide them with the complete header of the message, so that they can see from where it came. Most email providers have a specific address to which you should send such notifications.
They can then take appropriate steps and ensure that the same mail won't make it to you next time. This can range from simply adding a custom rule to their anti-spam server to contacting the spammer's provider, depending on how much information they have and how willing they are to fight back against spam.
Contacting your own provider is usually very effective since you have common interests--the less spam they let come into their network, the less their servers work and the happier their customers are. Modern server-side filtering technologies can be reconfigured in minutes, making the task easy. Of course, they will probably wait until a few users have reported the spam to them before adding it to their filters to avoid slowing their filtering servers down with one-of-a-kind messages. But they probably will react.
The email address to use will probably be something like "abuse @ your email provider" or "spam @ your email provider". However, since every company has its own policy, make sure that you check with them first.
When reporting spam, you'll be asked for the whole header of a message. Why? Because headers are the lines of information that are added by the various servers that handle the mail while it travels across the Internet, as well as by the email client used by the sender. Therefore, the header is extremely valuable when dealing with spam since it allows investigators to track the message's source.
Here's an example. The "From" header may indicate that a spam message comes from the .Mac domain, leading someone who only sees this header to think that it comes from .Mac and to complain to Apple. However, a look at the "Received" headers will probably reveal that this mail never traveled on the .Mac SMTP server, which probably means that it wasn't sent from .Mac but from another location. Like your computer when it is connected to a network, email servers have a domain name and an IP address, making them identifiable.
Of course, some virus-infected computers are used as spam relays by remote spammers, making even the information provided by the headers inaccurate or at least incomplete. This is, however, not always the case and headers remain the main source of information by which an investigation should begin.
The easiest way to grab all the information you need is to show a message's long headers. In order to do so, simply select the message and use the "View" menu to select "Message" and "Long headers." You can also chose "Raw source." This may reveal some interesting facts about the message since it strips all the nice rendering your email application does for you, exposing the actual code of the message (if applicable) as well as some technical information or requests that your client processed. Actually, using "Raw source" is the preferred method in most cases, so you normally can't go wrong with this option.
Copy all these headers and paste them in the notification mail you send. Headers contain very detailed information, so make sure that you do not unwittingly send confidential information to a third-party. Unfortunately, the catch is that altering headers might cause your email provider to reject the notification since it is no longer an accurate proof. But you never know. Some providers may accept altered headers, so its worth giving it a try if you must "x-out" certain information. Just make sure that you clearly state that you altered the headers so that they have all the information they need. Also, use "X" to mask information (or any other identifiable character) but do not enter bogus information that could interfere with the tracking process.
Some mail providers will also ask you to send the contents of the mail, depending on how their spam filter works, but this is less common. In that case, do not send them any infected attachments, HTML code, or scripts (JavaScript and the like). If you think that this is an essential element, discuss with your email provider what is the best way to proceed to avoid creating technical issues on their servers.
Again, keep in mind that the "From" field is probably spoofed by the spammer and that the person in question has probably never sent the mail you are receiving. This is why it is essential to include all the header information.
Many tutorials advise you to contact the spammer's provider or to report the spam to a third-party reporting site. While this might be done, you should keep in mind that the spammer's ISP may not be willing to close the spammer's account and may even work with the spammer, in which case your action may well cause you lots and lots of trouble.
In the following section, I'll outline the major steps to follow to do just that. However, I strongly recommend that you read them "for information purposes only" and really do think twice before actually following them since, again, they can have unwanted and damaging effects.
Look at the message's raw source: the "Received" headers actually describe which way the mail went while traveling over the Internet. Getting used to the way they are formulated may take a few minutes, but they are actually very logical. At the top, you'll find your email provider and its servers while at the bottom, you will see the provider of the spammer--at least, it should be the case since everything is spoofable.
What about the sites in the middle? Are they spammers too? Maybe, maybe not. Many servers accept "relay" mail from other services, effectively giving a hand to spammers as well as to legitimate users. In most cases, the administrators of these sites have no malicious intentions and simply made a configuration mistake or are not aware that their servers are used for such purposes.
Once you have isolated the originating domain name, it is time to do some serious research. What kind of organization is it? Is it an email provider? Does the company that sent you the mail manage its own servers? While doing your research, try to determine whether the site actually replies to complaints or not. You should also make sure that you can safely go further.
Now that you have located the provider, you can, if you really are willing to do so, send them your polite complaint, again with all the necessary headers so that they can process the information efficiently and take appropriate steps.
But what are you supposed to do if the site is not known to reply to requests? In that case, you can contact their "upstream provider." In other words, the company they are relying on to provide them with Internet access and email services. To locate it, you can use the "Traceroute" feature, available through the "Network Utility" located in your "Utilities" folder.
Traceroute will list all the places the data goes through to get from the original domain to you. These are the people that you can theoretically try to contact, by working from the bottom to the top. As usual, locate the contact information and send a detailed but courteous message.
The main problem with these steps is that you are entering into direct contact with companies that you do not know and to which you are providing your email address. That's why many spam-reporting services are available on the Internet, some bad, some excellent. Good reporting services will hide your address from the spammer as a security measure. But be aware that nothing is entirely secure. Your safest bet is to ask your email or Internet provider for a name they would recommend. They may even do all this themselves, allowing you to forget about it and to focus on your work instead of tracking unwanted email.
FJ de Kermadec is an author, stylist and entrepreneur in Paris, France.
Return to the Mac DevCenter
Copyright © 2007 O'Reilly Media, Inc.