Out damned spam! Out I say!

Blognosticator Head

I don’t use Gmail. I have nothing against Google or their e-mail offering, but I just don’t use it. I use the Mail application provided as part of the Macintosh operating system. I have done this for years (decades?). Several people, including my son Patrick, have told me “Just use Gmail. It will solve your problems.”

Mail Icon

But I don’t use it. I continue to use the Apple Mail program. And for a mail server, I host my own as a part of my web site and business strategy. I can control the size of attachments, I can issue new e-mail addresses and delete them as I need.

The reason my son and others suggest that I use Gmail is that is has such spectacular spam filters. It kills almost all incoming junk mail, leaving only the mail you intend to receive, and that’s great. There is a service offered by Google for those like me who host their own e-mail servers. This service will filter your e-mail, killing spam on the fly, and then forwarding it to your mail server. This service was once available under the trade name Postini, but that service has now been absorbed into the Google Business services.

I plan to try that soon because my level of frustration has risen to the boiling point. I really must find a way to stop the junk mail, and I will – soon.

In the meantime I use Apple’s Mail software and its very powerful Rules to eliminate gazillions (perhaps quintillions) of unwanted e-mail messages.

These filters work quite well, and they are easy to configure.

Example: you are receiving spams every day, or several times a day, from a bulk e-mailer who does not run an honest business. There are many of these out in the world, one of which is currently making me crazy. The e-mailer is clever. They use a different (usually hijacked) domain as the “sender” of each spam message, and they have an “unsubscribe” button at the bottom, but checking it doesn’t unsubscribe you, it makes matters worse. Many spammers do this; when you click “unsubscribe,” it confirms that your e-mail address is valid, and they then sell your address to other spammers who start sending unwanted mail to you.

For a few days last week I was getting about 25 spams a day from this e-mail spammer. They all sported different sender addresses (one appeared to come from me!), and they all have the same general appearance. At the bottom is a message from the “sender” which is not text, but a GIF image of text. If I examine the HTML code of the e-mail, I discover that my e-mail address is embedded in the HTML code. Clicking it would send my response to the spammer, indicating which e-mail I had clicked on, and confirming that I am here. I don’t want to do that.

When I open the raw source of one of these spam e-mails, it contains a bunch of seeming gibberish, like this:

<!--
<div><span><p><i>
individuals involved, he was taken into custody tonight about 9 p.m. and charged with murder.
"He said Aliahna's body was discovered shortly after the interview.
Fries would not disclose the motive for the killing or the manner of death in Aliahna's murder, only that Aliahna's body was discovered in northern Allen County.
Aliahna was reported missing on December 23 and investigators believe the crime occurred sometime before that time.
Investigators do not believe any other individuals have knowledge as to what happened to Aliahna.
Earlier Monday, The Journal Gazette reported that Aliahna and her sisters were staying with Plumadore because their mother had been sick with the flu and Aliahna's stepfather works at night and sleeps during the day.
Plumadore told the newspaper Sunday that he left the three girls in his mobile home about 6 a.m. Friday and went to a gas station about a mile away to buy a cigar. Authorities have said the store's surveillance video shows him 
</i></p></span><div>
-->

As you can see, the entire block of copy is “commented-out” ( <– and –> ) inside the HTML code. Its purpose is to perplex spam filters. With what appears to be real text, this e-mail might slip through a spam filter, and arrive in your in-box (it landed in mine this morning).

If Subject menu

This is Mail’s Rules menu (it’s in Preferences). Notice that you can select from a long list of criteria related to the incoming mail: To, From, Subject, etc.

With Mail’s Rules, I can search for anything in the incoming message: the sender, the addressee, the Title, the content, and more. When there is something common in these spams, like a block of hidden text (like the above) that is the same from spam to spam, I can search for it, and delete the message.

What to do screen

I call this the “what to do” screen that indicates to Mail what you want it to do once it identifies a spam e-mail. In this example I have selected “Delete Message” from the available actions. It’s equally easy to do something positive with incoming mail, for example, highlight every mail from your mom with red, or move every message from the office into a different folder.

There are, though, messages that don’t respond to Mail’s Rules. I cannot figure out why. If I can read the text in the Raw Source of an HTML e-mail, and I can search for it when reading the Raw Source, then I should be able to automate the find, and do it automatically. But, some just won’t be scrutinized by Mail.

Here’s how I handle a typical spam: I look for something that is consistent in all of the incoming spams. I recently discovered that the sender was making a small typographical error in each one. They put a space in front of a comma in one line of all the spams. It was something like this: “To unsubscribe , click here.” It was the space after “unsubscribe” and before the comma that allowed me to delete every incoming e-mail that had that characteristic. It worked for several weeks, then the spammer changed the copy and removed the unintentional typo.

Now I’m getting them again.

At least in the short run I was able to delete the offensive e-mails. Now I have to look for another vulnerability.

I wish I didn’t have to do this.

About Brian Lawler

Brian Lawler is an Emeritus Professor of Graphic Communication at California Polytechnic State University, San Luis Obispo. He writes about graphic arts processes and technologies for various industry publications, and on his blog, The Blognosticator.
This entry was posted in Business, Software and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.