How I nuked mobile spam

Here's how to keep spam off your phone

Editor's Note: You may not have seen this story during the holiday rush, but we felt it was too good for you to miss.

On Jan. 24, 2004, Microsoft Chairman Bill Gates famously announced that by 2006, "spam will be solved." He was right. As I write this, 2006 is almost over and I've solved my spam problem. (Gates is still working on his.)

Everyone has spam issues, but I’m sure I have more than most. I'm constantly on the road and use my phone for e-mail, which means I can’t always use PC-based antispam software. Other antispam tools also aren't useful to me because, as a writer who covers technology, I need to be reachable via e-mail by readers, public relations people and others. I can't just create a whitelist and block everyone else, nor can I afford to change my e-mail address every year. Half the e-mail I get comes from people I don't know.

Then there's the issue of sheer quantity. In the past 10 years I've published newsletters, edited magazines and written articles. As a result, my e-mail address is published online on hundreds, maybe thousands, of Web pages. I must be on every spammer list ever created.

Until a few weeks ago, I dealt with spam by maintaining a complex combination of permanent and temporary e-mail addresses, Outlook rules, antispam software and funky kludges, such as masking my e-mail address by displaying it online as an image rather than as machine-readable text. My complicated system helped -- but certainly didn't solve -- my spam problem. I still got lots of spam in my in-box, and about 5% of the messages in my spam folders weren't, in fact, spam, which meant I still had to sift through all that junk mail.

A few weeks ago, though, I bought a BlackBerry Pearl, which forced me to finally solve my spam problem.

The trouble with mobile e-mail

Once I actually started using my BlackBerry, I faced the very real problem of figuring out how to take advantage of the e-mail notification feature without being overwhelmed by spam.

On my old Palm Treo, I would occasionally press the "Get" button and e-mail from my normal e-mail addresses, including spam, would come flooding in. I could ignore the spam on my Treo, but on the BlackBerry, every message sounds an alert. Every spammer suddenly becomes a telemarketer, interrupting me with a ringing phone.

I could have created a new, BlackBerry-only e-mail address. But then I would miss important e-mail sent to my regular address, and some messages would go to my phone while I was sitting at my desk.

I could have also added still more convoluted rules to my existing system that forwarded e-mail to my BlackBerry, but, since I could never think of every contingency, I would miss important e-mail. Besides, I don't use Exchange Server -- I use Outlook via POP3 -- so I would have to keep a PC or a server running 24/7 to do the forwarding.

How I solved the problem

Like Bill Gates, I resolved to solve my spam problem (but, unlike Gates, I really did it). First, I set the criteria that my new system must meet. Those criteria were:

  1. Permanent addressing. Each person I interact with should know one permanent e-mail address at which they can always reach me. No more "shell games" with temporary e-mail addresses.
  2. Zero maintenance. I don't want to waste time on spam in my in-box anymore, nor do I want to slog through my spam folders hunting for "false positives."
  3. Only important messages ring my phone. I need every important message -- and every urgent message -- to sound an alarm on my cell phone so I can reply right away. But I don't want to hear my phone ring for unimportant messages.
  4. All e-mail must be available while I'm mobile. Even though I want only important e-mail to ring my phone, I still want all e-mail accessible by phone.
  5. Important messages must be available on my desktop. If I'm at my desk, I need to be able to reply to messages from my desktop PC, because it's faster and easier than using a phone.
  6. Hassle-free self-addressing. I use my in-box as a to-do list, and I need to send e-mail to myself (including voice memos from my BlackBerry) without those messages showing up on my phone or being stopped or diverted by antispam software.

To meet these criteria, I consolidated my many e-mail addresses to three: public, private and personal. I used my existing personal domain for all of them, with a different prefix for each.

Public e-mail address

My permanent public address is now mike.elgan@elgan.com. I use this address on my business card, in online bios and anywhere else where I publish my e-mail address. I also use this address to sign up for subscriptions and Web-based or online services.

I know I will get a lot of spam at this address, so, on my Web hosting service's e-mail settings page, I set all e-mail sent to my public address to be forwarded my Gmail account. Google's Gmail service has the most accurate and easiest-to-use spam-filtering system I've found. More than 99% of the spam that comes into my Gmail account gets automatically dumped into my Gmail spam folder; the spam is then deleted permanently a couple of months later. It's a self-maintaining system, without any need for me to set up rules or sift through the spam looking for false positives. Spam remains out of sight and out of mind.

On the Gmail settings page, I used the Reply-to address feature (Settings/Accounts) to have replies to messages sent to mike.elgan@elgan.com (and forwarded to Gmail) look as though they are coming from my public e-mail address. That means I can send e-mail back and forth with somebody, and the person I'm corresponding with doesn't know I'm using Gmail. Hiding, or masking, the actual Gmail address gives me the option to change the actual address later without having to notify anybody of the change.

Another way to do this will be to use Gmail's new Mail Fetcher, which hasn't yet been made available to all Gmail users. Mail Fetcher lets you use Gmail as an e-mail client, directly downloading the POP3 e-mail from a non-Gmail account without all the forwarding and reply-to spoofing.

I can access Gmail from my BlackBerry easily by using the mobile version of Gmail, but I won’t be interrupted by the incoming mail alert on the phone.

Private e-mail address

I reserve my private e-mail address for important e-mail only. An important e-mail is, by definition, any e-mail sent by an important person -- family, friends, current and former co-workers and other people I know personally. E-mail sent to this account is delivered to my BlackBerry, sounding the incoming message alert. It's also sent to Outlook.

My private account is protected by SpamArrest, which is one of the more popular challenge-response antispam services. It works by enabling the user to set up whitelists and blacklists using both specific e-mail addresses and domains. If someone sends e-mail from an address not whitelisted, the sender automatically gets a reply e-mail with a canned note from me and a link, where they can whitelist themselves by typing in six letters and clicking a button.

My note provides my public e-mail address and invites people to send e-mail there. But it also says that if they know me personally, they should just go ahead and click on the link to whitelist themselves.

Machines -- a.k.a. spambots -- can't deal with the challenge-response thing and so are blocked from sending me e-mail.

In the unlikely event that a real human who is unimportant to me finds or guesses my private e-mail address and whitelists himself, I simply visit the SpamArrest Web site, log in, then click a box that blacklists him forever. Then I shoot a note to him with an invitation to use my public e-mail address.

Like Gmail's antispam system, SpamArrest is almost maintenance-free. I never have to visit the "Unverified" or blocked-message folder, and those messages are autodeleted after one week.

I've set up SpamArrest to forward a copy of all approved messages to my BlackBerry e-mail address. And I've configured the BlackBerry itself to spoof the outgoing reply e-mail address to reflect my private elgan.com address rather than the BlackBerry address I'm actually using.

People I correspond with have no idea whether I'm responding with Outlook or with my BlackBerry. Private e-mail all goes to, and comes from, the one, permanent, private e-mail address. They do know that I always reply immediately, however.

SpamAlert costs about $45 per year.

Personal e-mail address

My personal e-mail address isn't protected by any antispam system because it's for my own use, and I never share it with anyone. The important thing is that messages sent to this address are not forwarded to my BlackBerry or my Gmail account but go straight to Outlook.

So there you have it: my system for spam-free mobile e-mail. It meets all my criteria: All messages are available on my phone, but only important ones alert me. It's easy for me, because I never have to manage spam. And it's easy for people to correspond with me, because they never have to guess what my e-mail address is, nor do they ever have to change my e-mail address in their contact databases. All addresses are permanent.

Your mileage, of course, may vary. For example, your employer may dictate to you how you set up, manage and communicate your work e-mail address. But the concept of setting up a public e-mail address protected and managed by Gmail, and a private address protected and managed by a challenge-response service -- and copied to my phone -- solved my spam problem and may suggest how you can solve yours, making you more responsive and easier to communicate with.

Don't make a liar out of Bill Gates. Solve spam now.

Mike Elgan is a technology writer and former editor of Windows Magazine. He can be reached at mike.elgan@elgan.com or his blog, http://therawfeed.com.

Copyright © 2006 IDG Communications, Inc.

  
Shop Tech Products at Amazon