If you've got Outlook then try the SpamBayes plug-in. It works seamlessly within the software. I've found it more effective than ThunderBird's Bayesian filters in side by side tests. There's no need to switch to TB just for filtering.

Thanks, Bill, but I find all MS programs hard to figure out, and to use a plug-in... it might take me a day to install it. Thanks, anyway man - the suggestion was much appreciated

On the positive side of things: I just managed to import all 4224 emails from the Outlook Inbox, and 2973 from the Sent, to the proper folders in Thunderbird. I had to stage things, but it worked. The junk filters have cleaned out a few more spams in the last hour, and so far it's brilliant.

I have to plead idiocy for not having done this before. I've been a loyal Firefox user since it even got that name, and tried Thunderbird first well over a year ago. I ran into problems getting my emails organised from Outlook, and in fear of losing things abandoned it. I should have persevered. Extensions, themes, viewing source code... this is wicked. It's now my default email client.

Many thanks to silverbytes for starting the thread, and to those who contributed, including 2by4.

Silverbyte, if it is your domain's email addresses that you're talking about, enable SpamAssassin on Cpanel almost always filter those out.

We are probably dealing with the same chap. My email address was never reveal other than to a particular client. He got infected with a virus and soon I started getting spam. And these morons are spamming through bots (infected PCs) controlled by them, not open proxies anymore. You filter out the DSL IPs for home users, you will still get hit with spam by those from business users which you can't block because they may be running their own mail servers with their subnet.

Their HELO command when connecting to your mail server is almost always a 10 digit generated numbers with or without a minus in front or your mail server IP (which is easy to filter out) or some random domain name or the DNS name for their ip they are connecting with.

Other than the random domain name, I am able to block the rest of attempts just by the HELO or EHLO commands.

And if they get through, they will have to go through another filter on the Subject. (eg. when they cannot spell p!lls, st0ck or t@bs or excessive use of '[' and ']').

If all else fail, I will delete any email with mail headers containing The Bat! or FCC: mailbox://, a bit drastic but I can recover mails that I want from the log if there is a need.

I realise that if they manage to get an email through from one ip block, they will send afew times daily. Bandwidth usage (nil, the trojan machines pay for it), time (nil, the trojan machines send on their behalf) and any blame goes to the ISPs (normally big poorer nations like China, Brazil, Eastern Europe).

Plus, it's on my site via an anchor on over 300 pages.

That's part of your problem too. Web crawlers are out there just looking for email addresses on any web pages. With over 300 of them, you are a nice easy target.

Limit the number of times your email is posted, and even then, try not to make it an active link.

Too true, txbakers, but our traffic comes in on a lot of different pages and I like people to be able to easily contact us. To make the email addy not an anchor, I'd have to use javascript wouldn't I? Then, if they don't have that on their browser it won't work (I might be very confused on this).

One thing about all those anchors and crawlers - I have a few links on main pages to a projecthoneypot cgi script, and am regularly contributing data on email spambots. I was recently the first to identify a new one ;-)

I've been training the Tb junk filter today. It send a good email to the junk folder last night, and has missed a few real ones today, so I'm leading it by the hand. I marked over 4000 old/good emails "Not junk", so that gave it a good chunk of data to use. I also set up a separate message filter which is looking for the ones that p*ss me off the most in case the junk filter misses them. I intend to never have another email from "Doctor" (amongst others) showing in the Inbox again.

stefan, don't quote me on this one, I could easily be wrong, but I believe that the junk filter is purely is purely a positive match, yes it is junk that is. There are some options, for example to not ever treat emails from people in your address book as junk, but I believe that the junk filter does not consider known goods, just known bads. In other words, if the email contains this type signature, it is junk. All other emails pass through.

If you are just starting to train it, it takes it a while to build up a bad signature database, so just be patient, after a week or two most spam styles have been sent to you and added to the spam signature db.

Lots of other good stuff in this thread too, the server options are interesting as well.

I'd make a copy of your tbird email folder as a backup once in a while, you have a lot of emails in one folder, and I don't have direct experience with that. I assume that's been tested heavily by now since it's on version 1.5, but with email I always feel like better safe than sorry.

Anyway, a day when spammers lose another fight is a good day in my book.

One thing I like is now when I do see spams, I figure that they spammers have just changed spam format, so I'll ctrl + u, check the source, just to see what they are doing.

If you read the spam email source, you'll realize just what a losing battle these guys are fighting, they have to use more and more convoluted methods to bypass the filters all around the web. So to get a spam through the filters, they have to sacrifice almost all useability. Not bad. That's what you want. They are losing.

To make the email addy not an anchor, I'd have to use javascript wouldn't I?

We have an online form people can use to contact us. (When the form posts, the backend wraps the message into an e-mail message and sends it.) So no e-mail address is exposed to the public on the site- that has cut down considerably on SPAM. People only find out the e-mail address if they get a response from us. If they actually sepnd the time to SPAM use through the online form (rare, but it happens a few times/month), we obviously don't respond.

Yeah, 2by4, you could be right about the filter, that it only looks for certain junk flags. I read a few tips and tricks pages about Tb, though, and they suggested to mark all emails either Junk or Not Junk - it gave the impression that it learned from the good as well as the bad. I have no idea if that's correct, but I 've fed it a lot of "good" emails anway and I'm diligently marking the bad ones it misses.

With regard to the forms: yeah, it's an option. I've never liked them when I run into them myself, though, so I've never seriously considered it. If I can get the junk filtering working well, that might take care of my whole problem. I should have done this years ago, of course, but I stuck with that bl*ody Outlook instead. Wha' fi do - so it goes.

Re forms, yeah, but make sure of one thing, this is a really common mistake, it's sort of pathetic actually:

A lot of standard email form script have a submit action that points to a text configuration file. That file contains your email address. So if a spider follows all the links on the page, it finds your email address. Talk about lame. I see that all the time, it's why I avoid generic scripts.

But any properly programmed form won't have that issue. But you also have to be aware that spammers are starting to use forms to send spam, they can do that if the input data is not checked for inserted send headers. That was popular the past year. Easy to fix and test for.

Forms solve the problem, I use them on all my sites now, but for clients forms aren't as user friendly so I tend to use javascript still, but I noticed over the last year that some email spider harvestors are staring to process the javascript. Not a lot, but it happens now and then. So I just decided to forget it and move to forms, which always work.

A word to the wise for those using OE and thinking of moving to TBird - beware the auto-import feature, since the location + name of the mail folders may be corrupt inside Windows, but you may never know until you install TBird.

And yes, this is experience talking!

Export all your Mail folders - they can be re-imported.

Tried Thunderbird and runs too slow on my machine. Search was awfull, so I'll keep OE.

I'll try spamassasain, but I'm afraid to loose legit email.
Tracing spammers is taks consuming, and a waste of time. But if you know a good plugin or tool to do that for batchs would be ok!

As webmasters there are some significant things we can do to stop spam. Moving to forms is a one of them, so long as it's not a vulnerable script which can be exploited to send spam. Install your own custom CAPTCHA and you won't even see the form spam, either.

Moreover, protect your users email addresses if they post them on your site. We may even be moving to a situation where posting email addys should not be done at all, because there are ways to crack Javascript and even image-based email protection.

SpamBully has done pretty good for me. Works on outlook and oe. I also have mailwasher on my office machine. spambully has few more features though.

Well, things are coming along nicely with Tb. I already had spamassasin installed on the site server, and Tb can be set to filter by that; I've been training the adaptive filter; I've been manually creating other filters. Now, I wish I could find an extension/setting that prevents email notices in the toolbar for junk. There doesn't seem to be anything like that yet - you get an alert for every new email, junk or not.

I've been thinking about all my email anchors. How about if I did this? I change it so the "contact us" anchors all take you to a html page with a mailto: anchor on it, but it says in large text "If you want to be sure your email reaches us, put this in the Subject: 'whatever'". I make it one of our main kw's, and then set a filter in Tb that marks all occurrences of that as clean and on a whitelist. That way, anyone who really wants to contact us skates right on in. It's better than that Captcha stuff, which I personally find annoying as hell.

How about if I did this? I change it so the "contact us" anchors all take you to a html page with a mailto: anchor on it, but it says in large text "If you want to be sure your email reaches us, put this in the Subject: 'whatever'".

The problem with that is all the people who already have your email in their address book. Fine if you have them all whitelisted, but if you don't then it will be a pain to sort out. To a lesser extent, there will also be people who you can't whitelist because they haven't mailed you yet, but they have your email address stored somewhere for future reference.