Is Mailwasher (anti-spam software) a scam?

[Hemlock]

I downloaded this free, and apparently 100% kosher, software a few weeks back, after seeing it recommended by an esteemed fellow-doper (forget which one).

Here’s the site. (Note the “recommendations” from CNN, BBC, PC World, etc - they just link to home pages.)

It’s good, it seemed at first. You bounce all the spam without downloading it. I haven’t played with it, but apparently you can set up a “friends-only” function so you pretty much bounce all the spam automatically.

However… within a week of using it, my spam intake was up 50%. By now, it has virtually doubled.

Given that the spam industry is to some extent simply a pyramid scheme with one layer packaging email addresses and selling them on to the next mug down, and given that some “anti-spam” software has (IIRC) been found to be simply part of that diabolical process … have I been had?

I find it hard to believe - the software is actually good (a few bugs notwithstanding). But where did all that extra spam come from?

[Futile_Gesture]

I use Mailwasher. It’s not a scam as far as I am aware, it does exactly what it says it’ll do. PCWorld also does recommend it

Besides that;

• at what point and how do you think Mailwasher obtained your email address to pass on to spammers?

• as Mailwasher does bounce and delete spam, why would spammers want to email an address that bounces and deletes spam? Much that they are extremely annoying, they don’t purposely set out to be. They want you to read the email.

The extra spam came from the fact that spam is increasing expodentially. All it takes is your address to get on the wrong list and before you know it, hundreds of the scum have it.

[jjimm]

I started using SpamPal a month ago, and my spam intake has nearly doubled since. I really sincerely think it’s just a coincidence - the spammers are getting even more prolific as more and more means of spamming become available.

[Hemlock]

Yes, thanks - I’m probably being cynical. My spam intake had been rising beforehand.

Futile Gesture - I guess I’m assuming that the writer of the program is making me *think * it’s bouncing when actually it’s confirming that I have a live email address. Thus has spam reduced my faith in human nature!

I guess I’ll just junk that old email address sometime.

[RealityChuck]

There has been an increase of spam lately. Probably gearing up for the Christmas rush. Penis enlargers make a great gift!

[Duke_of_Rat]

I bounced my work address at my home computer where I have Mailwasher installed. Sure enough, when I checked at work I got the “Undeliverable” rejection notice just like if I had used a bad email address.

That said, I asked about bouncing emails via Mailwasher here a while back and the general opinion was to not bounce them, just delete them. Something about tying up mail servers and that the spammers wouldn’t see the returned mail notice, I don’t know… Shortly after that, my ISP installed spam blocking software and I don’t get anything but legit email.

[aahala]

I’ve been using mailwasher for quite a few months and it is a big improvement over before.

Like the prior poster, my ISP recently installed a spam blocker–another big help, but it also blocks some desired messages, so I spend some time looking thru the spam box before deleting.

I would certainly recommend mailwasher over nothing and it has a number of options I’ve not looked into to. As I have used no other program, I can’t rate it relative to other solutions.

[gazpacho]

Please don’t bounce spam like that. A lot of spammers are now putting bogus return addresses in spam so all you are doing is bouncing the spam to innocent third party.

[tanstaafl]

I tried Mailwasher but had to quit using it as it was constantly crashing, when it wasn’t locking up my system completely. When it worked it seemed to work quite well but it was such a pain to use that I eventually gave up.

Too bad. I get over 500 spam a day now.

[Markxxx]

Could it have anything to do with the Telemarketer’s List taking effect Oct 1st. I haven’t gotten one phone solicitation since I put my name on the Do Not Call.

[Tommyturtle]

What happens if you have it set to bounce and the email is one the spammer has used some innocent persons’ address and THEY have Mailwasher too…and they have theirs set to bounce bad emails?

Does that email keep bouncing back and forth forever?

This could presumably happen more and more as more people get Mailwasher or something similar

And what happens to the poor shmuck who’s the first one for whatever reason to turn Mailwasher off…does he wake up one morning and find he has a million emails?

[scr4]

*Originally posted by Tommyturtle *
What happens if you have it set to bounce and the email is one the spammer has used some innocent persons’ address and THEY have Mailwasher too…and they have theirs set to bounce bad emails?

But what’s the From: line on the bounced message? If I receive spam and I use MailWasher to bounce it, does the bounced message have my address in the From: line? I’d think that defeats the purpose.

[Tommyturtle]

You’re probably right scr4 but for a while I had visions of billions of emails bouncing back and forth clogging up the net

[Futile_Gesture]

*Originally posted by scr4 *
**But what’s the From: line on the bounced message? If I receive spam and I use MailWasher to bounce it, does the bounced message have my address in the From: line? I’d think that defeats the purpose. **

Yes, of course it does. The whole idea is to make your address look like it does not exist. The standard procedure for non-existant email addresses is for the mail server to bounce mail to them saying “This address doesn’t exist.” If mailwasher did it any differently the spammer would know that you were bouncing the mail from a real address.

As long as you ignore and just delete spam you are continually confirming that the email has reached a valid account.

I realize that most of the bounces will be ignored and deleted, or maybe even end up in some innocent party’s mailbox. But that’s what happens if you send email to a non-existant email address. Not my fault, any blame is entirely with the spammer.

The idea is that a spammer uses some of their spam-shots to verify the addresses. They can’t sell their spam list to customers if it’s full of rubbish. The customer may be an idiot, but they do want to know that the millions of addresses promised are real.

So the bounce that mailwasher does must have the same address that was originally spammed, any other way and it’s pointless and reveals that your address does exist.

[scr4]

*Originally posted by Futile Gesture *
The whole idea is to make your address look like it does not exist. The standard procedure for non-existant email addresses is for the mail server to bounce mail to them saying “This address doesn’t exist.” If mailwasher did it any differently the spammer would know that you were bouncing the mail from a real address.

Yes, but the bounced mail is sent by the mail daemon and labeled as such. It doesn’t have the nonexistent (invalid) e-mail address in the From: line. At least that’s the case with the bounced messages I’ve received in the past.

[Futile_Gesture]

*Originally posted by Tommyturtle *
**You’re probably right scr4 but for a while I had visions of billions of emails bouncing back and forth clogging up the net **

With Mailwasher I suppose your vision is possible. Mailwasher is pretending to be a mail server. Mail servers have to watch out for these sort of things all the time, otherwise they could get in an infinite loop with another server.

Similarly Mailwasher watches out for it too. If it gets bounces from its bounces it decides not to bounce it again, unless you the user over-rule it.

It’s a bit of a mess, but the fault lies with the spammer. If they used email protocols honestly we wouldn’t have a problem. Basically the system in use today is broken, because it was developed with a belief that no-one would lie about these things. It didn’t anticipate spam. So we need a new protocol that doesn’t take anything an email says about who it’s from for granted. It’s unfortunate, but everything we develop needs to take into account the human capacity for deceit.

[Futile_Gesture]

*Originally posted by scr4 *
**Yes, but the bounced mail is sent by the mail daemon and labeled as such. It doesn’t have the nonexistent (invalid) e-mail address in the From: line. At least that’s the case with the bounced messages I’ve received in the past. **

Sorry, my mistake. I didn’t read your post properly. :smack:

Mailwasher uses the daemon address, whether there really is such a thing or not. But it needs to quote the email address in the bounce. So your address is getting bounced, but not in the From header.

[scr4]

So if the original spam has a forged FROM address, MailWasher would bounce it to that address with “From: Mailer-Daemon@<domain>” in the header. If the forged address exists and the user is also using MailWasher, the bounce will now be sent to “Mailer-Daemon”, not the original recipient.

I’m not sure what happens after that. You’re right Futile Gesture, it probably could get pretty messy. But at least it won’t be a straightforward loop.

[gazpacho]

From Futile Gesture

As long as you ignore and just delete spam you are continually confirming that the email has reached a valid account.

This is simply untrue. There are many ISPs that do not bounce misdirected mail.

[PhilAlex]

I love Mailwasher. Much better than anything else. Don’t bounce Spam, it ties up your server too long, btw.

Instead, just delete. I quickly scan the 200 spams I get a day in about 30 seconds, I have my friends stuff at the top and the remainder are “Questionable”.

Works pretty well. I paid the $20 voluntarily.