Those statistics are really horrible! Thanks for keeping us informed.

500 per day?! When my account hit ~20/day, I changed my address. This took some consideration -- I'd used the address since 1996. The spammers won that round.

I set up an autoresponder on the old address so that anyone who tries to send legitimate mail there gets back a notice with updated contact info (specifically, a temporary address that gets regenerated daily). Since the change, seven months ago, I've received zero spam messages at the new address.

Sure, it's only a matter of time... I'll get careless somewhere and use my real address on a web registration or mailing list. Until then, I'm enjoying my immunity from spam.

Temporary addresses are a potent weapon in this battle. I can publish a functional email address on my website without fear that it will get harvested by spambots. The address _does_ get harvested, but by the time spammers send junkmail there, the address has been disabled and a new one created.

To avoid harvesting spambots, try encoding your address beyond recognition by using javaScript. I.e.:

function noSpam(user,domain) {
locationstring = "mailto:" + user + "@" + domain;
window.location = locationstring;
}

You can also find tools such as SpamStopper:
http://www.railheaddesign.com/ (for Mac OS X)
that can render your address into garbage that bots will have a hard time to figure out. But I guess it's only until someone invents a bot that can sniff out those too. Sigh.

(My avg. is around 100/day.)

I feel ya brother ... my spam hit is about 100 per day. bastards.

I'm in the middle of changing jobs and will probably change my email address. I hate having to run and hide from these bastards.

fucktards.

wow, i feel your pain, my spam count is over 350 a day, and i run server side spam-assasin, cloudmark spamnet, and then deersoft's spamassasin client, so i filter 95% of it.

how do these temporary emails work? or are you referring to hotmail type accounts?

I run a two prong approach ...

1.) I, of course run SpamAssassin on my mail server along with Qmail-Scanner (for viruses), which filters most of my SPAM.

2.) As a defensive mechanism I NEVER use my real address when signing up for website subscriptions. I call it my email "firewall" - it requires a domain where there is only one catch all that forwards to you, but works great. Example: I sign up at expedia for an account and use expedia@example.com - when I start getting non-expedia spam at expedia@example.com I point that alias to /dev/null.

Cam, if you want realtime statistics from SpamAssassin you can always use my spam counter script that reports to my main db server. http://zebulon.miester.org/spam - over 100k SPAM caught in about 1.5 months!!

--Joe

Brian:

Regarding temporary addresses -- I have a PHP script that creates a new, temporary email address at midnight daily. The script runs via cron on my mail server. Addresses look like this: kqs3enj86vrsxwe@(domain).tld

The code currently works with qmail. It could be altered to work with any MTA, I'm sure; it simply manipulates an alias file (a dot-qmail file in this case). I'm happy to provide the code to anyone who is interested.

This is useful only when you want to publish an email address on your own server, and you control your own mail server. The basic idea is this: if you want to avoid spam, never publish your real address. Instead, publish addresses that expire regularly.

The other necessary piece of the "temporary address" approach is to never use your real address for website registrations, as Joe Stump illustrated. Ebay, for example, is a common target of spambots. I've had to change my registered ebay address twice in 3 years because spammers found it. But, because that address was used in only 1 place (on ebay.com), I was able to kill the old address, make a new one, and update my ebay account. Result: no more spam. I'll admit that being vigilant about this takes an effort, and I have over 100 dedicated aliases for various websites. But this affords me the possibility of disabling any address that gets abused.

I understand that filtering is a great tool for people who would otherwise suffer from a deluge of spam. But I dislike the idea of receiving-then-discarding spam. It seems to me like an ostrich solution (if I can't see it, maybe it's not there). I'd rather block the mail at the server... just my personal preference.

The sad thing is I haven't published a camworld.com email address on my site in nearly two years. The spammers are getting them from sites that I do not have control of, like bulletin boards, community sites, sites where I've been published, etc.

I also am seeing a large increase in dictionary-attack spam, where the spammer will send spam to a@example.com, b@example.com, etc. by applying a pre-set list of words against a domain name.

I'm also seeing a lot of spam addressed to email addresses at my domain name which were obviously used by someone surfing a webcam porn site and made up an email address (or mis-typed it) to use for temporary access. Sigh...

this is interesting, i am thinking of getting a domain taht i use just for emails, like you were saying to have aliases setup for everything, so i could do ebay@briansmail.org .....

btw, anyone have a good formmail script that i don't have to hide the email address in the html portion of the form? so that bots can't sift through the html and find it?

More spamming but nothing as useful as before.