(Dan versus spam, the saga continues)

Review date: 15 October 2002.
Last modified 03-Dec-2011.


Despite my best efforts to scare people off, I get a lot of e-mail.

A substantial proportion of the mail I receive comes, of course, from those people you couldn't scare off with a small home defence device.


On a bad day, out of every ten e-mails I receive, there'll be three genuine messages, one virus-mail, spam-bounce or virus-bounce (because someone sent spam or a virus-mail to a nonexistent address with me listed as the sender), and six spams of one kind or another.

Which I simply adore, of course. Doesn't everyone? It's so educational!

Solicitations from heavy equipment companies in non-English-speaking countries, fantastic business opportunities, 419 scams, petitions, incomprehensible political spam pointing to Web sites I can't even read and, of course, the usual mail about penis and breast enlargement, prescription drugs, porn, pyramid scams and penny stock pump-and-dump operations. Et cetera.

Assuming you're not some kind of pervert, you agree with me that spam's bad, m'kay.

So what do you do about it?

Until recently, I didn't do anything to filter spam out of my mail, before or after downloading it. I just sent complaints about all of the spam, via SpamCop.

SpamCop, used correctly, can accurately target the actual appropriate complaints addresses for the administrators of spam-sending mail servers, and for the hosts of spamvertised Web sites. Well, assuming there actually is a working complaints address, which there commonly isn't; many spamhausen bounce complaint-mail or ignore it.

The problem with complaining about spam via SpamCop is that it takes time, and achieves close to nothing.

Oh, sure, spammers' ISP accounts are regularly cancelled, but they're usually disposable accounts anyway. Spammers who use ISPs that won't give them a genuine or de facto pink contract generally don't expect to be able to use any account for more than one spam-run before it's cancelled. Similarly, spammers' Web pages are regularly taken down, but most of the pages that get zapped are just click-through or auto-redirect pages on free hosting services that exist only to shield the real site.

It's not very hard for someone slightly competent, like me, to find the real site's URL and include it in a note on the end of the copy of the spam sent to SpamCop, so the real site can be complained about too. But even if you take the time to do that, you just end up playing a very unsatisfying game of whack-a-mole. Not only do new sites pop up faster than old ones die, but the complaint messages with which you're doing your whacking have all the impact of a feather duster. Most of the sites won't disappear, no matter how many people complain.

So I've stopped SpamCopping, and got back the thick end of an hour a day as a result. I haven't fallen back on the Just Hit Delete non-solution, though; that feels like plodding out into the yard every morning to sweep up and dispose of the excrement that spammers have thrown onto my lawn during the night. If I can't make them eat the damn stuff, then I'd like, at least, to keep it off my grass.

So now I'm using MailWasher.

There are quite a few spam blocking tools out there, but they tend to be either freeware aimed at server administrators, or commercial software. If you don't have your own mail server, and just want something that you can run on your Wintel box that'll let you screen mail for spam before you download it, MailWasher is pretty much where it's at.

MailWasher displays the headers of mail on the server (or servers; you can set it up to check multiple accounts), which is something you can do with a variety of other utilities, or trivially without extra software if you're using a more powerful OS than Windows. MailWasher also, however, categorises mail, automatically identifying viruses, spam and other undesirable stuff that you'd rather not download.

"Automatically" is one of those software weasel words, of course. There's no way to flawlessly tell good mail from bad, and MailWasher isn't an immaculate spam-spotter right out of the box. It doesn't take a great deal of training before MailWasher really does work very well, though.

MailWasher can use a few different mail-categorisation tools.

Blacklist and friends list

First, and simplest, is the blacklist and friends list. I've blurred out the pane with my friends list in it in the above picture, partly to stop any 1337 h4XX0Rz who're reading this from pestering my friends, and partly because my girlfriend just wouldn't understand the several perfectly innocent reasons why was listed there.

Anyway, you can easily manually add addresses or whole domains to either list, and you can also import a blacklist from elsewhere.

Pleasingly, it's possible to tell MailWasher not to display messages from friends at all. You've already said that they're friends; why bother cluttering up the preview with them? And, conversely, you can set any or all blacklisted messages to be deleted automatically without input from you.


There's proper mail-client-style filters as well, with regular expression support, so your mail-classifying regimen can be much more subtle than just blacklisting and whitelisting.


If you don't spend time making cunning regexp filters, though, the major MailWasher categorisation features are heuristic checking and DNS blacklists.

Heuristic checking isn't a new idea, but it's a good one; it scans mail for content normally found in spam and categorises it accordingly. There's only so much heuristic checking you can do when all you've got is the headers of the mail, of course; MailWasher lets you view the body of a message if you want to, and takes the chance to heuristically scan it if you do.

The DNS blacklists are more powerful. They are, essentially, regularly updated online lists of IP addresses that their administrators believe to be spam-associated. Software like MailWasher can use them to make judgements about e-mails. By default, MailWasher uses the ORDB, VISI and SpamCop blacklists, but you can remove the defaults and/or add other blacklists as you like.

Blacklists aren't foolproof; they don't know about every spammer, and they occasionally catch innocent people in the net. It's not hard to find complaints, valid or not (more info here and here, plus amusing abuse here), about them. So you can't leave MailWasher completely on autopilot; you still have to keep an eye on what it's doing.

After MailWasher reads its header lists, it checks the origin of each message against whatever blacklists you've told it to use, and messages start being marked as "Blacklisted by..." if they don't make the grade. It can take most of a minute, even on a broadband connection, for all of the messages in a sizeable list to be categorised; it pays to wait a while for the categorisation to finish before going on with your MailWashing, just in case that reply e-mail from the guy you just bought stuff from on eBay gets accidentally spam-classified just before you hit the "Process Mail" button.

Process Mail deletes spam-classified mail off the server, along with anything else that you've marked for deletion, for whatever reason. MailWasher can also send a fake bounce message to the apparent sender of the spam, with the aim of persuading them that your e-mail address is nonexistent, so they take you off their spam list.

MailWasher's bounce messages will look genuine only if the SMTP server from which they're sent is, or at least appears to be, the same server that received the offending mail in the first place. If you've got an ordinary single-account setup with only one server, this'll be the case for all of your mail. If you've got multiple accounts on different servers, the setup is more difficult, and can be impossible if the servers you get mail from do not all let you send mail through them. You may be able to get around the problem with funky port forwarding tricks, but I question whether it's worth bothering.

Realistic or not, the bounce messages are close to useless, as few spams have a valid reply address for the bounce message to go to, and few spammers expend any effort whatsoever to prune dud addresses out of their lists. It's trivial for a spammer using a lousy dial-up modem connection to send over 50 e-mails per second, assuming those e-mails aren't unduly enormous; at that rate, who cares about a pile of duds?

People who're selling ONE ZILLION 100% OPT-IN ADDRESSES ONLY $99.95 HOT HOT HOT CDs for a living may have some reason to at least make sure that most of their raked-together 0% opt-in addresses actually exist, but I wouldn't hold my breath for them to get diligent about it, and they all steal addresses from each other anyway. Once your address is on one of those CDs, it'll be on most of them soon enough, and nothing on earth will remove it.

Still, it doesn't hurt to send bounce messages. Well, it doesn't hurt you, anyway, unless some spammer's forged your address as the return address on his spam and you're the one being hit by a tidal wave of bounces and annoyed replies from the clueless.

Sending bounces is, from the sender's point of view, like replying to spam; it's pretty much pointless and pretty much harmless. It's common knowledge that replying to spam and/or using the unsubscribe options listed in the spam will simply cause more spam to be sent to you, but that's probably not actually the case. Your replies are much more likely to be ignored than acted upon in any way, good or bad, and the same applies to bounce messages. There's still bugger all chance that replying or bouncing will actually get you off the spam-list, though, so there's no good reason to bother with either.

How well does MailWasher work?

Well, check this out.

Back in the mists of time, I had a dial-up account with the Dialix ISP here in Australia. I got a cable Internet connection more than two and a half years ago, now, and closed the Dialix account. Dialix, however, still let me check mail to my old address on their server. I've got no use for that account at all, but since that address has been defunct for so long now, no valid mail comes to it any more. None. Zilch. De nada. It still gets quite a lot of mail, but it's all spam. The old account therefore serves as a great source of nothing-but-spam for false-negative testing of software like MailWasher.

Here's six days worth of mail to that account.

Plenty O' Crap

No, I don't have an incredibly large monitor. I've cheated and stitched together a couple of screenshots.

As you can see, MailWasher's successfully spam-classified almost all of these messages, and it's easy to manually add the leftover ones to the blacklist.

Normal mail checking on my current accounts produces rather less of an ocean-of-orange, but after a few days of careful examination of the list and associated blacklist and whitelist creation, I now find I can just scan the messages briefly, and seldom need to do anything to change MailWasher's mind about anyone.

And I'm a person who subscribes to two voluminous mailing lists, and also gets sent lots of press releases that look a bit like spam. People receiving a more normal volume of mail, composed of more normal looking messages, will have even less trouble.

And MailWasher's price is right. You can evaluate the program for as long as you like, and pay for it if you like it. And the amount you pay is up to you; the author suggests $US10 to $US20 for personal use ($US20 buys you unlimited support), but anything from $US3 up will get you a registration key. The unregistered MailWasher has a scrolly banner-window that reminds you that you haven't levered your wallet open yet, but is otherwise exactly the same as the registered version.

Just as I was finishing off this review, a beta version of MailWasher 2.0 became available for download. It now supports Hotmail, can check multiple accounts simultaneously (instead of one after the other), doesn't interrupt itself when reporting errors, offers more bounce options, and supports SMTP authentication. And has lots of bugfixes.

When I first wrote this review, I was just reading all of that off the why-you-should-download blurb, though, because all v2.0b did on my Windows XP machine was give me this helpful message...

Helpful message

...regardless of whether I uninstall the previous version before installing the new one, or not.

A day or two later, though, v2.0.08b was released, which fixed this problem, and also a "POP3 server not compliant" error that I hadn't seen. V2.0.08b and the later v2.0.10b, however, rather enjoyed saying this to me...

Amusing error

...and then suffering a rather less amusing looking "access violation". They violated their access about once every two mail checks, and the violations frequently loop, giving the error again every time you click OK. V2.0.11b, V2.0.12b, V2.0.13b and V2.0.14b have come out in quite quick succession since I first wrote this review, but every one of them has the same problem, on my computer at least. (Update: I've now also tried V2.0.19b and V2.0.21b. Nope, still busted.) So, despite several brief upgrades, I'm still running v1.33.

UPDATE: The successor to the string of v2.x betas is MailWasher Free, a cut-down but completely free to use version that works with only one e-mail account, and doesn't have Hotmail support. The high end features are now in the new $US29.95, 30 day trialware "MailWasher Pro", available for evaluation or purchase here.

People who registered the earlier Mailwasher flavours, like me, got a free registered copy of MailWasher Pro. I've been using it for a few days now. It works well, and doesn't seem to have any crashing problems.


The odd spam still makes it into my inboxes, either because MailWasher didn't catch it and I failed to spot it the preview list, or because it arrived between the time when I checked mail with MailWasher and the time when I checked mail with my mail client. I still use SpamCop on the spam that sneaks through like this, because otherwise I feel as if I'm letting the weasels win. The amount of time I waste SpamCopping stuff has, however, been gigantically reduced by MailWasher.

There are lots of clever systems available to block spam one way or another; MailWasher is one that ought to suit quite a lot of end users. It's not perfect; perfection would be the elimination of spam in the first place, or at least some magical change to the way the Internet works so that spammers couldn't steal other people's resources to promote their products, and were held to the same standards of accountability as normal businesses trading in the places to which the spammers send their mail. While you're waiting for that, though, you might as well try MailWasher.

Don't expect your ISP to provide good anti-spam filtering, by the way. They're slowly getting better at it, and more clueful ones run the better server-based anti-spam systems and run them well. But, on the whole, automatic-bad-stuff-prevention technology at the head end of the cable hasn't improved much in the last few years, if you ask me. The results of Things That Seemed Like A Good Idea At The Time can be as annoying for some people as they are hilarious for others.

While we wait and hope for spammers to get what they deserve, MailWasher's a decent stopgap. I like it, and I paid for it.

Check it out.

More on spam

I wrote a column called Learning from spam. You may find it amusing.

Give Dan some money!
(and no-one gets hurt)