Anyone who has launched an e-mail client to discover a glut of offers for dubious nostrums, bogus diplomas, and indelicate physical congress is well aware that spam —the junk mail that fills our inboxes in ever increasing amounts—is a huge problem.
The U.S. federal and state governments have made some efforts to curb the proliferation of spam, but these have been diluted by competing interests concerned with preserving and promoting free speech and allowing marketers to reach potential customers. Even the toughest antispam laws do little to stem the tide of spam—particularly spam that originates overseas, where American law holds no sway. Internet Service Providers (ISPs) have also stepped up efforts to snare the spam that slithers through their gateways, but these efforts are ineffective in most cases.
We looked at seven spam utilities:
We examined each utility’s interface, ease of use, and mode of operation, and made some general judgments about its comparative effectiveness at eliminating spam—we say “general” because good spam filters get better with time and adapt to spam’s changing nature. We then fed each program the same bucket of junk, to see how it dealt with some egregious forms of spam, right out of the box. In addition, we considered the following key questions:
Technology and techniques
These utilities interact with your e-mail client in different ways and use a variety of techniques for separating good messages from spam.
EmailCRX, MailWasher Pro, Spamfire, and SpamSweep download your incoming messages (or enough of each message to judge its content) and then filter and rate them. Once you’ve verified your mail, these utilities can delete the spam from the server and send the good messages to your e-mail client. EmailCRX and Spamfire act as proxy servers for your e-mail client; this means that when you ask your e-mail client to download your mail, it passes that task along to the spam catcher—which retrieves your good messages and passes them along—rather than going to your ISP’s POP server.
While Personal Antispam X4 and SpamSieve are each full-fledged programs, they’re integrated into your e-mail program. All your messages are delivered to your e-mail client; as they arrive, these utilities sort them into your inbox or into a spam folder, depending on their contents.
SpamX can allegedly either act as a proxy server or deal with your POP server as any e-mail client would. Regrettably, the proxy-server setup doesn’t work with Apple Mail or the latest version of Microsoft Entourage.
Each of these utilities uses a variety of common techniques to filter spam. Nearly all include blacklists, whitelists, and a variety of statistical-learning filtering schemes. Some also have a “revenge” feature that lets you report spam to antispam agencies or to what the program believes is the spammer’s ISP. (For definitions of some important spam-fighting terms, see How Do Spam Busters Work?.)
Designed for ease of use, SpamSweep—which installs an IP and domain-name blacklist, builds a whitelist of your approved senders, and offers Bayesian filtering—is the least configurable of the lot. The program provides no access to its blacklist, its spam corpus (the collection of words the Bayesian filter uses to identify spam), or its filters. Like other utilities that include Bayesian filters, it learns as it goes. Other than correcting it when it wrongly identifies messages as spam, you have no options for adjusting its behavior.
Personal Antispam X4 gives you a little more control. You can view the contents of its spam corpus (called the Lexical Dictionary in this program) and delete individual entries or the entire contents of the corpus (to reset it, for example). You can add, edit, and remove blacklist and whitelist entries. Likewise, you can edit the list of attachment types that cause a message to be identified as spam (the program filters messages with .bat, .cpl, .pif, and .scr attachments by default). The program also uses URLs to decide whether a message is spam—Intego updates a database of spammy URLs once a month. After 12 months of ownership, Intego asks that you pay $30 to renew your subscription for another year.
Spamfire offers editable blacklists and whitelists as part of its Senders preference, as well as Bayesian filters (the corpus of which can be reset but not edited), and it includes a renewable 12-month subscription ($13) to updates to its URL database. Additionally, you can create conditional rules much like the rules in Mail and Entourage: If Body Text Contains Cialis Mark As Spam, for example. Spamfire also includes a revenge feature that lets you report spam and phishing schemes to SpamCrime (a Web-based service where you can report spam), the spammer’s ISP, the Federal Trade Commission, PayPal, and eBay (you can add additional reporting authorities).
SpamSieve has a blacklist (called a blocklist in the program) and a whitelist as well—mark a message as spam, and the sender is sent to the blocklist. Entries in your OS X Address Book or your Qualcomm Eudora or Entourage address book are automatically entered in the whitelist, as are the senders of mail you accept. You can delete and edit these lists’ entries and add new entries, as well as create rules within the lists. SpamSieve uses a form of Bayesian filtering and can use the Habeas SafeList—a list of senders who agree to send only legitimate e-mail. You can train SpamSieve with groups of selected spam and good messages. If you’ve got a few hundred spam messages and good messages archived in your e-mail client, you can make SpamSieve acceptably accurate within a matter of minutes rather than the days it can take to train other programs. Personal Antispam X4 works the same way.
EmailCRX doesn’t use statistical learning filters. Instead it relies on blacklist and whitelist entries of user-defined phrases, a whitelist of friends (you can import your OS X Address Book contacts), country filters that allow you to reject e-mail from specified countries, an optional challenge-response system that requires that correspondents verify their identity, and a reverse-DNS system that looks for valid entries in message headers. EmailCRX also has a Report Abuse feature that attempts to contact the spammer’s ISP. Satisfying as it may be to rat out spammers, doing so means that you could get a lot of return messages either acknowledging the report or bounced back to you as undeliverable.
MailWasher Pro has a Friends List that includes contacts you’ve added (you can add a contact directly to the list or add many contacts at once by choosing a group of messages and selecting E-mail: Add To Friends List), a blacklist derived from messages you’ve deemed spam, a Bayesian filter, a feature that blocks e-mail from known spam DNS servers, customizable rules, and a unique feature that checks your mail against messages that other MailWasher Pro users have added to the company’s spam database. You can opt to report spam to SpamCop, a spam-reporting service.
SpamX’s mode of operation is something of an intentional mystery. The program’s developer doesn’t want to reveal how SpamX goes about its business—because he believes that doing so will help spammers defeat the program’s protection. It consults real-time black-hole lists (collections of the IP addresses of known spammers), and you can import and add contacts to a whitelist. The program also focuses on reporting spam. As with EmailCRX’s abuse reports, sending these things can result in confirmation and undeliverable-mail messages.Checking Content: EmailCRX’s preview pane makes it easy to view a message’s content.