« The Randomizer Ate My Homework | Main | Bank Mergers and Phishers »

June 30, 2005

In addition to my daily spam stats summaries, I also keep an eye on another quantitative chunk of information: how much spam gets through my server filters. I don't write down the number every day because the raw number, itself, doesn't mean much. For any given day, I have a sense—written or not—of how often I sigh or frown at the leakages that reach my personal computer's inbox.

There is, however, a number that I see that gives me an idea of a moving 30-day window. Let me explain.

My email client software (Microsoft Entourage on the Mac) is set up to preserve all deleted mail in the Deleted Items folder for 30 days. When the 30 days are up for a deleted message, the item is deleted for good the next time I quit the program. That Deleted Items folder contains both read and unread messages, spam and ham—the works.

As a rule, I do not open spam or phishing messages the traditional way. Instead, I open the source-code view. Fortunately, this is easier to do in Entourage than in a lot of other email clients, like Outlook on Windows, which make users jump through hoops (or memorize a finger-twisting keyboard combination) to get at the source. Viewing the source code version of a suspected spam message is not only the safest way to inspect the content (if, in fact, you care to), but it also shows me what HTML spam tricks the spammer is using to fool typical email client users.

When I'm done with these messages, I delete them, still showing them as unread as far as Entourage believes. They stay listed in boldface in the Deleted Items folder, and the number of unread items in that folder appears in parentheses after the folder name among the list of folders. Thus, the number that appears there is roughly the number of spam messages that got through my server filters within the last 30 days.

Over time, I've seen this number go up and down from month to month. Whenever it goes down, I take pride in how well my filtering is working; when it inches up, I wonder what more I could do. I like keeping spam off the client because when I'm out of the office, I check email on a wireless handheld device—when I don't give a rat's patoot that "Julie" has just set up her web cam.

I'm not particularly obsessive about my server filtering because, by and large, it does a good job with occasional minor tweaks. Considering that, if left unfiltered, my domain would receive roughly 7000-8000 email messages per weekday, I shouldn't be too concerned (statistically speaking) that even in those heavy leakage periods, an average of 20 unsolicited messages per day get through to the client. Moreover, I don't actively block some types of messages, such as phishing messages from institutions with which I don't have accounts. I like those to get through in modest quantities only because I take such glee in reporting the sites to their hosting companies, hijacked server administrators, and, when appropriate, domain registrars.

The last lull in the 30-day moving average was in January 2005, when there were only about 10 leaks per day. Since then, the volume has inched up and remained fairly steady over the last several months. I've noticed, however, that in the last week or so, the amount of spam leaking through is decidedly lower, and my little number indicator is headed downward. That's not reflected in the other spam stat totals, which are keeping their normal pace.

I've been watching this leakage number for so long that as much as I enjoy seeing a low number, I tend to worry more that it's just the quiet before the storm. The phishers, the mortgage lead weasels, the medz pharms, and "Julie" will be back, with a vengeance. The 30-day average number will once again start its upward crawl.

Maybe this period—while the trend is headed downward—is the time I should cherish. Things will improve for a short while. Okay, I think I've convinced myself to enjoy it while it lasts.