- crank those up

- If you have a web-based mail interface, you can usually add filtering rules directly in the mail interface. Create rules that say, "if the [subject/email/body/anywhere] contains [spam terms] [move to spam box/delete/bounce]."

No suggestions here on a filter, but some good ones on how to rout it out, on a pretty consistent basis. Unfortunately, this means killing your current email address. If you haven't yet reached that level of frustration, bookmark this for when you do.

Determine the source. There are two basic sources of getting on a spam list, your web site and your mail account. Before killing your current email and setting up a new one, review the following.

Web site:
- Remove all visible traces of your email address from your site. Don't try any Javascript or image-based email displays. These cut down automation, but they can still be collected manually. The truth is really that these mailto:links don't work for everyone anyway. When you click a mailto:link, it opens what you've set as the default email program for your computer (usually Outlook, AppleMail, etc.) If you use a web-based email program, like Yahoo or Gmail, these don't even work. So get rid of the emails on web pages.

- Caveat: if your email is displayed on any external sites - social networking sites, etc. - make it invisible there also.

- Make all your contacts receivable by a secure contact form and script. The key word here is SECURE. It takes a decent programmer to create this, most free ones offer very little spam protection.

- In your contact form processor, you should:

-- insure that any "auto-receipts" received by the person submitting the form come from a NO-REPLY email address (see set up no-reply below.) This is because spammers will submit the form JUST to "get at" your real address.

-- Do not use a "recipient" address as a hidden field in the form. Most freebies do this. Hard-code the "real recipient" in the script, and make sure that this value is ONLY used to send YOU the copy of the submission.

-- Make sure the script has an easy way to "filter" spam input. Largely, this will be link drops in the forms of actual links (<a href....) or BBcode style links ([a href...] or [url=....). This needs to be easily modified so you can add them as new ones come up.

-- Make sure this script throws away anything you don't want, and properly filters input. One example is a script that blindly takes the visitor's email, subject, or body and inserts them directly into mail headers. In this condition, I could do this:

address1@example.com, address2@example.com, address3@example.com, address4@example.com ....

.... and use your form to send 1000 spam emails -all from your site, getting your site blacklisted. Filter input for content-type and multipart attempts too; keep only the input you want, throw everything else away.

- If any malicious attempts are found, exit immediately with the terse message "No email was sent." Don't get snarky or try anything cute, you don't want to inflame spammers, they have a lot more malicious tools in their kit.

There are many more fine details to this, but lock your form processor down so it can only be abused by the most determined of spammers. Most of them aren't that determined. If their bot doesn't get positive results from your site, they will move on to greener pastures - and that's what we want. Just go away.

- If your script is well written, you shouldn't need a CAPTCHA on the form, In most cases, they can be beaten. I've seen this - I don't need to know how they do it, all I need to know is it can be done and CAPTCHA not a cure-all. CAPTCHA presents one more barrier to your legitimate users, and if you make your form processor secure, it will not be as attractive to spammers or their spam bots.

Mail account:

- As mentioned, first thing you need is a "no-reply" address. Set up this mail account to delete all entries sent to it, and like the below, do not use auto responders.

- Do not use auto-responders, any time, for any reason. If found, all a spammer has to do is send emails to it at will, and it will auto respond to those addresses, auto-responding to the intended target. Now it's on you - your site gets blacklisted for spam.

- The same is true of "bounce" emails. Do not set up any accounts to "bounce" an email. What this does is bounces back to the sender in the "to" field. All I have to do is spoof that "to" field with my intended spam list, and the effect is the same, I can use your server to send my spam.

- Part of getting a clear DNS report will require that the emails webmaster@, abuse@, and postmaster@ will be required to be set up (there may be others.) There's no way around this; set up the accounts, monitor them often, but most of the time they will just get spam jammed.

- Set up your new email account. Don't use easy to guess accounts; info@, sales@, amy@, anything like this will fall victim to a dictionary attack and can easily be guessed. You can set up SpamAssassin on it, but I guarantee you, foll0w this process and you can keep those settings really low, or disabled altogether. (I have S.A. but don't use it on this account.)

- Educate your contacts. This is a painful process, but one of the largest sources of spam is blind mass forwarding. Ever get one of those emails, "Help the little boy dying of cancer," "If you get an email with the subject [you name it], DO NOT OPEN IT," or the same stupid jokes or videos that have been floating around for years? These will also have the call to action: "SEND THIS TO EVERYONE YOU KNOW!"

Most of the time, these are perpetuated by spammers because they know the nature of default email programs, and the nature of people. Most people will just open their address book, add the entire list to the To or CC field, hit send. When you receive this, you will know - you can clearly see all the email addresses of those "victims."

Eventually these wind up in the hands of spammers, and guess what? FRESH MEAT.

So before killing your current email, from your new email address send a notice to all your contacts that you will be killing your old email address in two weeks due to spam, and ask them to PLEASE begin using the BCC field in all mass communications to you. The BCC field is "Blind Carbon Copy" and when used, none of the recipients can "see" the other recipients' email addresses.

It's my opinion that if everyone did this, it would cut spam immeasurably. Explain to them how to do it, make it an informative and helpful email, use the info above in your explanation. Also include the link to your contact form on your site, "I can always be reached here in case you forget it."

My experience with this has gotten GREAT feedback: "I never knew that, thank you! Got any more tips?" :-)

Send a second email from the new address a week later that the current email will be terminated in a week, and include the new email address.

Unfortunately this won't "stick" with many customers, they may do it for a while, but then lax back to their old ways. It's unavoidable, but on the average, it will get through to most of them.

- Don't forget to go to all vital resource sites - domain name registrars, merchant accounts, payPal, whatever you use - and update those with the new email address. Test it, make sure. The truth is, if you forget one of these, you can temporarily re-create the old email, but it's one more annoyance you don't need.

- All your duckies in a row, test, everything's in place, now kill the old account. Delete it, your server will respond with "no such account exists" or the like.

The silence will be deafening. On the average, I go through this process only once every few years. I'm coming up on just about a year from my last cleansing - how much spam do I get?

Two, maybe three, per WEEK. And I spamCop those suckers every time.

In this arena, I have two grades of customers, those that take my advice and those that refuse to remove their email from their site because they fear losing business. One gets buried in and is mortified by the spam. The other does not. You know which is which.

This works, it's a bit painful but believe me . . . it's worth it.