My parents have had a small business Web site for about 6 years. They’ve had the same email address since they started, and they have had their email configured so that any email sent to their domain gets dumped into their main mailbox. Last time I visited I set them up with Bayesian filtering and turned on their ISP’s default SpamAssassin install for them and thought it would get them through. When I got there this time, I was surprised to see that literally hundreds of spam messages were making it past SpamAssassin, and that their Bayesian filter wasn’t picking up the slack, mainly because they weren’t diligent about training it.

They had all but given up on email because it was nearly impossible to sift through the thousands of bad emails to get to the few emails that weren’t junk, and I’m sure it hurt their business.

The first thing I did was turn off the feature that forwards all emails to a domain to one mailbox. I felt like that was offering no value since they only used one address anyway, and it was probably upping their spam count significantly. A day or so after I did that, they literally got several thousand spam messages in one day, and many of them were repeats. I had also created a new mailbox for them, and set things up so that only emails from people in their address book were forwarded from the old mailbox to the new one. This at least gave them a place to look for messages that they knew to be good, they just had to delete all of the spam every day in the old mailbox.

The other thing I did was remove their email address from their Web site and put up a contact form instead. I’ve never considered this sort of thing to be good design, but if you give up checking your email due to spam anyway, then drastic measures are required.

Ultimately, we wound up deleting their old mailbox completely and sending a notification of their address change to everyone in their address book. Now they have a nice pristine inbox, but they suffer from the fact that anyone who knew their old email address and didn’t get the update on the new one is left out in the cold. Spam is a painful problem for me to manage for myself, but it’s something I can deal with. My parents aren’t so lucky. There’s no question that spam has cost them business, and given that their email address has changed, it may cost them more. They’re not really equipped to deal with it at all, and are fortunate to have me around to sort of manage the problem. I don’t know what other small businesses who don’t have somebody familiar with fighting spam do to cope with the spam problem at all.

I don’t know where all this is heading, but I’m losing confidence in filtering as a good solution for most people. It’s great for me, but for my parents it’s a total loss. Today it looks like the best approach is to guard your email address like your most prized possession, which is sort of contrary to logic when you’re in business.