Catching Spams From Your Address

October 4th, 2007 (SpamSieve)

If blatant spam messages keep getting through to your inbox, one possibility is that there’s a setup problem such that SpamSieve was not asked to filter those messages. Another possibility is that the spammer forged one of your addresses, the sender address is in Address Book, and SpamSieve let the messages through because you had told it that the addresses in your address book never send spam. You can see whether this is the case by checking SpamSieve’s log to see if the message was Predicted: Good because Reason: sender address in address book. For safety reasons, the address book has higher precedence than the blocklist and Bayesian classifier, so training won’t affect these messages.

Even if the message got through because of the address book, you probably don’t want to uncheck Use Mac OS X Address Book. It’s a useful safety feature that lets you be sure that messages from certain people will always get through. Instead, it’s time to use a lesser known SpamSieve preference called Exclude my addresses. What this means is that if you receive a message from one of your own addresses, SpamSieve will pretend that the address isn’t in Address Book and it will look at the entire contents of the message in order to classify it. Messages from your contacts will continue to get through, but messages from your own address will get extra scrutiny, in case the address was forged. (This also works if you’ve told SpamSieve to use the Entourage address book.)

How does SpamSieve know whether the address is one of your addresses? It looks at the “Me” card in Address Book, which you can access by choosing Card ‣ Go to My Card. Make sure that all of your e-mail addresses are listed on this card. You can use the SpamSieve ‣ Update Address Book “Me” Card command to automatically add the addresses from the accounts in your mail program to the “Me” card.