Is it possible to stop all spam without losing emails?

First, systems that don't work, and why:

  • Accepting all email and let the customers figure out which ones are real: No good as humans miss identify spam/not spam at a high rate 1-2%
  • Filters: Content filtering also starts to fail at a rate of about 1% without continuous tuning. Partly because an email 'about spam' looks very similar to a spam message.
  • Sorting/Tagging: Here the computer/human are both doing the sorting, the problem is it doesn't improve the accuracy, only the speed, so again failures occur and real email is lost.
  • Simple SPF: The spammers can always send while forging domains that don't have SPF records.

We believe the best approach is two fold, first using SPF. With the default SPF setting, 90-95% of spam is blocked before it reaches your users. This is important as it saves them time, and means that they can spend sufficient time examining any messages that do get through to make a good decision and not accidentally delete real email.

Second, turn on friends mode for anything rating above '4'. This will send anything suspect back to the sender with instructions for the sender to bypass the filter.

Now lets examine how SurgeMail can stop spam if your settings are adjusted correctly.

  • Default SPF checking - by checking domains that don't have an SPF record with a default SPF record 95-98% of spam is stopped before it enters your system.
  • Friends system - this stops any email getting to you that is not 'from' a person you know.
  • Rule file - a rule file marks messages which 'might' be spam, you can set friends to only intercept messages that look like spam so emails from most people will never get even 'one' friends bounce.
  • Private addresses - By setting a private address, you can bypass all the spam/spf filtering when you need to, for automated robots, banks, etc. anything where you need to be sure you get the email and you trust the sender with your 'private' email address.

What you need to do

  1. Install SurgeMail or SurgeWall in front of an existing mail server. :-)
  2. The surgemail administrator should upgrade and press the button to check config settings (on the global settings page)
  3. Go to user self management page, and define a 'private' address.
  4. Turn on friends mode, for anything rating above '4'

Lets now examine the problems you might still face.

Putting your address on a web page.

You can still do this, but consider using a web form instead as it will reduce spam. We provide a simple utility to do this if you don't already have one:

Filling out a web form at a trusted web site.

Any trusted reputable site (e.g. bank, airline, online retailer...) will have a privacy statement on any form where they request your email address, if you are sure they are legit, then give them your private email address, user--PRIVATEWORD@your.domain, this will bypass your friends checking etc. and ensure you get anything from them. If they are not trusted, then use your normal email address, and if necessary add an exception rule in user settings to ensure you get the email from them.

Joining a mailing list or posting to a news group

Definitely use your normal address, don't use the private variant or you will get spam!!!