Challenge/Response system knocks spam out
I'm sick and tired of spam. It's gotten to the point that I'm receiving several hundred spam messages a day, and there seems to be no end in sight. What's a guy to do?
I could turn on Spam Assassin at my hosting provider, but I risk missing important messages due to false positives (good messages marked as spam). I could use a rules-based filter like Spamfire, but after using that for almost two years I find that it, too, suffers from false positives—unless the sender is in my Friends list (a whitelist)—as well as false negatives (spam messages marked as good), even with an extremely low threshold.
It seems to me that the best way to stop spam is to simply have a list of people that I will accept messages from and another list of people that I won't accept messages from. And wouldn't it make sense to have the sender of a message tell me what list they want to be on?
Enter SpamSlam, a challenge/response spam filter that runs on your desktop. At its most basic level it works like this:
- SpamSlam downloads all your email.
- It checks the senders of the messages against a whitelist and a blacklist.
- If the sender is on your whitelist, it releases the message.
- If the sender is on your blacklist, it blocks the message.
- If the sender is on neither list, SpamSlam sends a challenge message, asking the sender to confirm their message by replying with a phrase found in the challenge.
- If the sender confirms the message, their message is released and they are added to the whitelist.
- If the sender doesn't confirm the message, their message is blocked and they are added to the blacklist.
- Your email client gets your mail from SpamSlam's local POP server.
(The idea isn't new; Spam Arrest does this as well, except that Spam Arrest requires you to read all your mail on the web. What a pain! And it's much more expensive than SpamSlam.)
Version two of SpamSlam added some very basic rules filtering and a statistical filter, but I rely mostly upon the challenge/response system. The rules, which can be global (for all accounts) or per account, are great for whitelisting mailing lists or an entire domain.
My ISP mailbox receives mostly spam, so I turned on the statistical filter for that account. As a result, very few challenges are sent out for messages on that account and spam is blocked immediately.
Your challenge settings are configurable for each account you want to filter, including the type of challenge messages (image or ID), the format (HTML or text), the content of the messages, and the challenge phrase. The content of the challenge messages, however, is not configured within the program, but in a text editor.
Another version two feature is the addition of an SMTP proxy server. If you send a message through SpamSlam's local SMTP server, it passes the message to your usual outgoing server and adds the recipient(s) to your whitelist. This also reduces the number of challenge messages sent out.
Version one of SpamSlam was pretty buggy, but the latest version has wiped out most of those critters. I still have problems with the program occasionally refusing to download from an account until I exit and relaunch it (Windows version), and I've found some minor interface glitches. There also seems to be a problem with some valid responses generating a new challenge. My biggest complaint is that SpamSlam does not have an export feature for its address and rules lists.
Having used SpamSlam for nearly a year, I can can say that I'm very pleased. I've not received one single, solitary spam message that SpamSlam didn't catch, and I can now spend my time working or playing instead of pruning spam.
SpamSlam is available for both Windows and Mac OS X, and comes in versions that will filter two, five, ten, or an unlimited number of accounts. A thirty-day, full-featured demo is available.