Two previous post in series covered how fear turns fighting spam in bad practice, common checkpoints in spam filtering and numerous methods that can be actually employed for filtering spam .
Now let’s combine that knowledge and summarize what perfect antispam solution should be.
Effective filter must stop as much spam as possible while letting through all valid messages . So taking valid sender and spam bot as input following table shows what is needed to be achieved or evaded for best results.
|Message not sent||Bad||Good|
|Message filtered out||Bad||Good|
Looks simple? But there are some hidden rocks in this table.
- Valid sender unable to send message is extremely bad case . There are few things worse than crappy antispam filter saying to person that was going to send something your way that he is probably evil spam bot and should shut up.
- Receiving spam message is NOT worst case . The point of good antispam defense is not to fight spam at any cost, it’s to maximize number of spam filtered out while not hindering valid messages. Some spam will get through, that’s normal and shouldn’t be accepted, not turned into burning fields with excessive defense.
I want to share a secret method I am using to fight spam for years. It’s great, it’s simple to use and it makes sense.
Spam doesn’t exist.
By acknowledging spam in any way, by opening those letters, by letting spam comment appear on your blog, by clicking (NO!!!) spammed link or trying to “unsubscribe”… You creative positive feedback for spammer and turn yourself into target for life.
- Don’t ever interact with spam in any way.
- Whatever cannot be automatically processed must pass before human eyes, don’t set default actions for such cases.
Amount of manual control
It’s impossible to evade manual control. Trying to evade manual control is recipe for disaster. Still checking everything after spam filter to ensure it’s working is almost as dumb.
Manual control should be only needed:
- for initial setup;
- for corrections to initial setup;
- for cases that spam filter can’t confidently handle.
Rest of the time solution must be good enough so you can trust it to work automatically.
Summing up recommendations
- Use white list to ensure that valid messages pass.
- Avoid methods that hinder sending of messages.
- Avoid crowd wisdom methods. Highly marketed, but quality is low.
- Don’t use default actions in uncertain situations.
There are actually more things to avoid than to use. It’s easier to break antispam solution than to create.
At this blog I use two methods:
- White list – contains everyone who has at least one approved comment.
- Black list – manually maintained, with link keyword patterns.
That’s all. White list ensures that every returning commenter can make his comments without any trouble. Black list ensures that messages, that are certain spam, are filtered automatically and don’t need additional checks.
How effective it is? I have to manually process around 3% of comments. Part of this are first comments from valid contributors (ensures that there is zero chance for spam to pass), rest is spam with patterns not yet in black list.
Reasonable amount of manual control + letting valid messages through + flexible and self-controlled filter for spam messages = that is ultimate antispam defense in my opinion.