PhotoDude.com

I don't like this system either, but on the plus side of it, at least with similar systems I've seen, you can enter your "whitelist" ahead of time, so your regular correspondents won't ever see that challenge e-mail. On the other hand, we're using SpamAssassin at my office (with the latest Bayesian filtering), and it's catching 99.9% of the spam coming in with a ZERO false positive rate in three months.

I'm not sure what the solution is, but this new plan from Earthlink won't work for me. Since late 1996, I've been using my domain for my e-mail address. That mailbox is then forwarded to my Mindspring, er, I mean, Earthlink mailbox. So if I signed up for this new plan, someone who e-mails me at the usual photodude.com address will get a challenge e-mail asking if they'd sent a message to XXXXXX@mindspring.com. They are not likely to respond to that challenge, as they haven't e-mailed that address ... directly. And there are lots of people who have their published addresses (spammer harvested) forwarded to a hopefully more private mailbox (unharvested). Personally, I use MailWasher to check my mail while it's still on the server. It marks 90% of the spam on its own, points to potential viruses (and indicates all attachments), and also allows you to view the majority of the e-mail (including headers) right off the server). I mark some others for deletion, and with one click it will delete them from the server, and bounce the spams as if the address didn't exist. Spam and unsolicited attachments never even make the transit to my computer, they are deleted/bounced from the server. It's the most effective and least time consuming way I've been able to figure out. Also keeps me from having to start up my memory hungry mail app as often. I think the only way the spam problem will be solved is when the penalties outweigh the benefit. That may require either some large companies ... or the government ... to pursue some kind of legal remedy. We're already seeing companies like Earthlink sue the pants off spammers they can catch ... and win. But the major providers admit that 50% of the load on their e-mail servers is from unsolicited spam. If that's not theft of services, I don't know what is.

SpamAssassin works at the server level. The spam never reaches our desktops. Why major service providers don't use it -- or something similar -- I don't know. I don't believe a legislative (or legal) approach will ultimately work. I think the technological approach has a much better chance of working. Check out the article by Paul Graham that convinced me.

SpamAssassin, the new version with the Bayesian filtering is quite good. My ISP uses it and occasionally I get an email from them asking if I want any of the drek that's listed below. No false positives yet. Mail Washer is also very good. Anything that deals with it on the server. I couldn't use the email-responder thing because most of my mail is biz-related to my domain. That said, I don't really get just a couple of spam attempts per day. I've had my domain since 1994 and all my domain mail gets filtered by procmail before it gets sent on to my ISP. I have a log that I check daily to make sure that nothing valuable is getting bounced or deleted. My log file used to have about 500 spam attempts per day, with about 50 legit emails. Recently, the log file had become too big to read and I calculated I was getting close to 6000 attempts per day. That's getting into mailbomb territory. It turned out most of them were dictionary attacks against my domain, which I was able to deal with before they even got to my logs. Now I'm back to ~500 attempts per day again, which I can deal with. I remember a couple of years ago whenever a spam discussion ensued, some character would say, "quit whining! Just hit the delete key." O--kay.... 6000 times a day? There have been Congressional hearings for the past month and it's hard to imagine, but they might actually pass something that works this time. I'll still believe it when I see it.