One side effect of having a software business where you publish your email so people can easily contact you is that you get a lot of spam. I guess everyone who has an email address gets spam, but I think you probably get more if you have it publicly visible on a web page. And don’t get me started on how many spamments (comment spams) you get if you have a blog like this one.
I tried doing it the old fashioned way, with moderating the comments and letting Mail.app handle the junk mail, but it just got worse and worse. This past week was the bursting of the dam though, with tons of spam just flooding my mailbox. I would get at least 100 spam emails / spamments a day! (I’m optimistic, so it was probably more than that…)
So I did two things: (tip of the hat to Brian Cooke aka Mr rooSwitch who pointed these out to me)
1. Upgraded WordPress to 2.0.4 and activated Akismet, which is a free plug-in that automatically catches comment spam (without having to do anything except get an API key from WordPress.com). Very easy (though I took the time to create a local mirror on my PowerBook and test it out there first).
2. Installed SpamSieve. I had to install the Mail.app plug-in, do a bit of config, and train it. But its still easy and Michael Tsai has provided good instructions to get you started. Note that training seems to be important, but that also is easy to do thanks to some keyboard shortcuts and the availability of previously filtered Junk mail which I kept around.
I’ve had both running for 24 hours now and I can’t believe how uncluttered my email has gotten. Akismet has already caught 70 spamments and SpamSieve has caught 113 spam emails!
With regard to #2– I know you host at pair.com, so I’m wondering if you had tried any of their spam-blocking measures? I’ve recently had to take a hard line on spam in order to keep email useful to me. Pair’s “greylisting” and shutting down my catch-all email address have cut down hugely on my incoming spam. And Pair’s use of SpamAssassin to add spam-related headers to suspect emails means that Mail is doing a much better job at recognizing the spam that does get through. Right now it’s looking like a huge success and I haven’t installed anything new on my Mac.
SpamSieve is wonderful. I’ve been pretty careful about munging my public email addresses, but SpamSieve is still catching nearly 1000 spams a month. I’m it in addition to my ISP’s SpamAssassin installation, which I’ve never been able to tweak effectively.
Akismet is pretty good, but WordPress needs to make it faster to mark spam as such. I still have quite a few slip through every week and reporting them to Akismet requires a lot of clicks. Were messages as easy to report as they are to delete, the whole system would work better.
Tom: I haven’t taken much advantage of Pair’s spam blocking, but I do get emails marked as **SPAM** in the header. That being said, I have 3 other email inboxes that I need to check spam with. SpamSieve is working great handling all three and is Indie Software. :)
Joe: I haven’t tried reporting to Akismet. I just mark it as spam locally. It’d be nice if the Akismet plug-in would catch that and report it automatically.
Hey Luis… on my WP install, I used a plugin that obfuscates email addresses with some encoding, so that they look normal in the browser but can’t be scraped from the site by bots.
http://www.coffee2code.com/wp-plugins/#obfuscateemail
I should say that this doesn’t help your current problems, but if you change your address, you can probably avoid new spam. I don’t recall getting any at my addresses.
A few plugins that you might want to look in to:
Moderate Brief Comments – simple as that
http://guff.szub.net/download/moderate-brief-comments.php
Impostercide – no one else can post as ‘luis’ here
http://www.skippy.net/blog/2005/11/21/impostercide-12/
Comment Authorization – sends comment poster an email with a unique link, if clicked their
comment is immediately posted, otherwise comment goes in to moderation
http://www.skippy.net/blog/2004/04/27/plugin-comment-authorization/
htakismet – creates a list of blocking rules for your .htaccess file based on Akismet kills
http://nybblelabs.org.uk/projects/htakismet/
WP-ContactForm – in case you don’t mind using a contact form
http://ryanduff.net/projects/wp-contactform/