Run, don't walk, away from this ISP. Automatic verification messages are spam themselves and, similar to virus bounces, deserve nothing but derision. Adding to the spam problem by yourself spamming any poor slob who happens to have his email address placed into a spam-mail Reply-to header is not the way forward and will get you rightfully spat at by clueful postmasters.

To be honest I don't know what they are doing. They were using SpamAssasin until a few weeks ago, then they stopped. Now they are using something called X-DefendMail.

In their CPanel setup, they don't have any settings, but the whitelist, blacklist and keywords for their confirmation system.

I was getting 100 spams per day, but now none, and their CPanel logs only shows about 5 confirmation emails sent over a week's time. So.....I guess X-DefendMail must only send confirmation emails in a small number of "indeterminant cases".

To be honest I have no idea what they are doing, but my original point still stands, that obfuscating your email address will only have minimal impact on the amount of spam your get, for various reasons.

---

I'm not really a human, but I play one on earth. flash japh

they stopped using SpamAssassin and went to the "whitelist - verify-email required system".

And ISP just became an indirect spam reflector.

What else they can they do? They can't devote 70% of their cpu time to processing spam. They also can't just summarily dump emails into /dev/null. I see the "verify" system just the beginning of a "pay me if you want to send me spam" setup. Where spammers will start offering coupons and discounts if you accept their spam. I've even been hearing talk of "email stamps" where each email has to have a email stamp, and you would get a free quota per month. No stamp, no deliver.

Hopefully, one day, agreeing to receive spam will pay my monthly connection costs. :-) I can dream can't I?

---

I'm not really a human, but I play one on earth. flash japh

Don't take this as preachy. It is in no way intended to be.

Unfortunately this method shifts costs to uninvolved third parties. What happens in the case where everyone uses this method of "spam control"?

Let's assume that the typical user gets N spam messages / day. If each one of these messages has an innocent user's address as the "from" address, then N users will get a confirmation message from me.

Now, if we assume that the spammer is using the same list to fill the "from" and "to" addresses, then the same user should also get 10 confirmation messages.

The network load has now "doubled". If I need to see every confirmation message to ensure that I am not "missing" a message, I still have to check out N confirmation messages.

Let's change the distribution of from and to addresses to putting only user@example.com in the from address. Now all of the confirmation addresses are headed for that user's mailbox. Ouch.

There are some things that can make this better, but it requires things like verifying that the host sending you mail from a user is authorized to be done by every mail host on the net. Not very likely.

Since this is not SPAM-L or the like, this is probably not the place to get into a discussion of it, but I would recommend that if interested in this topic, to browse the SPAM-L archives or subscribe for a while. There are some very opinionated people on that list, but also some very respected people that know email, spam, filtering, blocking, and enforcement inside and out.

In summary, anything that is cost-shifting in nature is not good when applied to the entire net. If it is used for good or bad, it is still cost shifting.

Hopefully, one day, agreeing to receive spam will pay my monthly connection costs. :-) I can dream can't I?

*laugh* Yes, that would be nice. At $0.02 per message, that would be about 1000 messages / month (or 30 / day). I might be able to live with that. Much more than that, and it would become painful :).

--MidLifeXis