Three weeks ago, after reading a PC Magazine article suggesting that Norton Antispam was currently the best out there, I threw down $39.95 and put Antispam to work on mail sent to (and from) two of our domains. One has been around since June of 1999 and the other February of 2000. The following picture should be the poster child for email currently being on the brink of death:



A mere 7.09% (1028) of the mail received to these two domains was legitimate, prompting an anemic 62 (0.004%) out of a possible of 14,493 that merited a response. The mail correctly identified as spam was 1023 of the 1028 (99.51%) which was outstanding as far as spam filtering goes. Also, we tag teamed this product with Outlook 2003 and the improved Junk Mail functionality. All in all, not much spam was getting through. Unfortunately, this doesn't bode well for folks who aren't using any sort of spam filtering in today's "we'll spam you to death" e-society.

The fact that 92.72% of the mail sent to these two domains was spam makes it clear to me that as a business tool, email is dying a painful death as a useful medium. It has become almost completely polluted by spam. These anti-spam programs aren't the solution because one still has to sift through the filtered folders and determine if there are any false positives (legitimate email that was incorrectly identified as spam). Even with Norton's excellent Antispam product in use, it still isn't 100% accurate. The sad part to me is that out of all that email, all that wasted time sifting through the thousands of emails less than 1/2 of 1% was something that actually generated a response. This is a good ratio to spammers though. They would love to send out 100,000 emails and get .005% reaction. That's 500 responses! 500 people interested in all that garbage shifting around the web. I'm not against newsletters or marketing by mail to interested parties, but the unsolicited email has made it so that the legitimate mail is being buried by the onslaught.

Solutions. That's the part that always brings great debate. Bill Gates has boldly stated that he will rid the web of spam within the next two years through the use of three possible solutions (or others he didn't mention):

1) Human interaction. This would provide some sort of puzzle challenge requiring a human sender to solve.
2) Computational. Requiring a processing payload for the sender such that if a huge volume of unsolicited email was sent it would consume prohibitive CPU usage.
3) Monetary. The sender would be required to pay a fee to the recipient, which the recipient could waive if it was legitimate email. As I've mentioned before: This approach is intriguing and could lead to higher customer support fees and/or internal messaging systems. If it hit the spammers in the pocketbook I agree with Mr. Gates that this would dramatically reduce the spam inflow, but of course this opens a sea of considerations like: how would this electronic postage be charged? Who would collect? How would it prevent folks from setting up their own SMTP servers? The system would need to be overhauled and customer adoption would need to be high to change the current system. Customer adoption is one of the biggest problems for any new technical solution. It's the foundation that the majority of virus creators prey upon; those who don't update/patch issues become virus magnets. That is another reason I've never been excited about all these security firms who operate under the well-intentioned guise of spreading helpful information. The rub is that these same helpful bulletins and notices help educate virus creators and malicious hackers.

Here's my list of solutions, not in order of importance, for webmasters (some are also for netizens) to reduce their time spent dealing with spam:

1) establish an internal messaging system that requires double-optin email registration. Send correspondences relating to your website to these internal messaging boxes and only use email for referring registered users to this internal email box or important messages.
2) auto delete accounts with inactivity over XX amount of time. 90-180 days might be a good amount of time. If the user hasn't visited your website and logged in within the last 3-6 months than the likelihood increases that they are no longer interested in your website (or could possibly use a friendly reminder that your website is still there). This also keeps accounts fresh in the database and helps eliminate claims from folks who said they never signed up and claim that you are spamming them.
3) Start using RSS feeds as an alternative source for website news. Newsletters by email aren't completely dead for marketing but if you look at the numbers above for only two of our domains, how easy would it be for a legitimate newsletter to reach me? However, if it were an RSS feed then I could subscribe or unsubscribe any time I wanted to the feed. RSS feeds give the choice back to the user with online subscriptions, which is where the options should be. If the newsletter is just a clever front for spamming then the subscribers will be greatly reduced, and rightfully so in my opinion. We are in the process of adopting this structure creating custom RSS feeds — sending user specific information — for one of our sites that has a double opt-in subscriber base of over 5,000. User customizable RSS feeds is something that has an enormous amount of potential.
4) Get some sort of anti-spam filtering in place. Norton Antispam is the best I've tried and I've tried many, many different programs, but Antispam is also a commercial product and there are some more inexpensive alternatives. Outlook 2003 has much improved built-in junk filtering, but a large majority of attacks are made against users of Outlook, so be extra cautious if using Outlook.
5) notify important contacts that you filter all your email and provide a whitelist-only email address. We use multiple email programs and have created several safe whitelist-only email addresses for corresponding with customers and legitimate contacts. Once you establish a whitelist, don't forget to backup the list (burn to CD) so that you can update additional computers or if the system should crash. These addresses should block any incoming email that isn't on the whitelist.
6) Use pictures for contact email addresses instead of text links on your websites. Creating a small graphic of your email address is a piece of cake in just about any graphics program and this will stymie the harvesting programs. Something like this:
7) If you must supply an email address, tie the email address to one of your domain names like this: makeyougohmm at tdscripts dot com. If the spam threshold becomes too high for this address, just block that email address and start using a new one at the harvested website. Yes, you may lose some legitimate email that sends to the old address but if the email bounces, hopefully they will visit your website domain and find your contact info there.
8) At random times, turn off and on wildcards. While this contradicts #7, if you periodically turn off wildcard delivery of email addresses you'll cut down spam that is sent to anything at your domain dot com. Most email that bounces is taken off lists either manually or automatically, so this is one of the easiest ways to get removed from mailing lists.
9) Ask websites that you visit that require your email address to please mask your email either through the use of a graphic (see #6) or through some scrambling code. This could be the single most helpful action that your favorite website could take to help your email box not look like ours.

It can easily get depressing looking at the current email situation, but I don't think the Government stepping in will be the answer. Technology got us into this current problem and I believe technology can just as easily provide a resolution. May The Force be with your inbox!

TDavid regularly contributes articles, reviews and opinions to the blog: Things that ... make you go hmm. This entry originally appeared here