I use unique email addresses too - so if I register with acme supplies I register with acmesupplies@<my_domain_name>. I have done this for many years. This has proved very interesting - for example I started getting spam from an address used to register with one of the free anti-virus companies (can't remember which now).

But being a journalist I need to hand out business cards with my email address and allow my address to be used by literally thousands of people over the years.

Our mail servers use Spamassassin but to be honest I don't think it is capable of filtering emails that are being sent from continually replaced email addresses and IP addresses. Now that I use Box Trapper (the challenge/response system) all spam gets shunted to an approval queue. There are lists for approved senders, ignored senders and black-listed senders (they get an email telling them their mails won't be accepted). My whitelist of approved senders is fairly comprehensive now and only a couple of people I want to receive email from have had to respond to a challenge email, and they did this without problems.

For the first week I diligently processed spam mails adding the domain name of the sender to the black list but this is fairly ineffective because the spammers only use the same senders' email addresses for a couple of messages each at most before using a new sender address. But in the one week I counted about 500 unique email addresses added to my blacklist.

I now simply leave bad emails in the approval queue and just look out for good messages. The bad messages will be deleted automatically after 2 weeks. No spam email has polluted my inbox since I started using BoxTrapper. I'm now spending much less time deleting spams and as some of my email gets copied to Julia, she no longer has to delete the same spam mails on her computer.

I'm not sure that challenge/response filters are the only way a spambot can confirm that an email address exists - if no undelivered error is generated and received, it's a pretty fair bet that the email address works.

[quote=Ian;bt1005]I use unique email addresses too - so if I register with acme supplies I register with acmesupplies@<my_domain_name>. I have done this for many years. This has proved very interesting - for example I started getting spam from an address used to register with one of the free anti-virus companies (can't remember which now).

But being a journalist I need to hand out business cards with my email address and allow my address to be used by literally thousands of people over the years. [/quote]
That would make it more difficult, true. I suppose you could change your email address on the business cards from time to time (you don't have to buy a 1,000 cards at a time), but that would be very inconvenient.

[quote=Ian;bt1005]Our mail servers use Spamassassin but to be honest I don't think it is capable of filtering emails that are being sent from continually replaced email addresses and IP addresses. Now that I use Box Trapper (the challenge/response system) all spam gets shunted to an approval queue. There are lists for approved senders, ignored senders and black-listed senders (they get an email telling them their mails won't be accepted). My whitelist of approved senders is fairly comprehensive now and only a couple of people I want to receive email from have had to respond to a challenge email, and they did this without problems. [/quote]
I have the same options on my server, but I don't use either of them. SpamAssassin can work but it requires a lot of work to get it doing what you need it to in these modern times. I used to use Box Trapper but now I don't bother because all it seems to do is to clog up the mail queue with an endless stream of challenges. If you use Box Trapper and the sender (either legitimate or spammer) also uses Box Trapper, your two servers can quickly get trapped in a continual loop of challenging each other to reply to their email. That just slows things down. I once had to wade through thousands of emails in the mail queue due to BoxTrapper challenges that were either bounced or challenged themselves. Admittedly, this was a unique situation at the time, but it did happen.

Another of the downsides of BoxTrapper is that a perfectly legitimate contact could be challenged only for the challenge to end up in the sender's junkbox, or just deleted (in the case of Gmail, and the likes). They may not see your challenge, nor respond to it, so your BoxTrapper deletes the original email and blacklists them. You lose the contact, because they think you're ignoring them.

[quote=Ian;bt1005]I'm not sure that challenge/response filters are the only way a spambot can confirm that an email address exists - if no undelivered error is generated and received, it's a pretty fair bet that the email address works.[/quote]
It's not the only way, but it is one way because asking someone to respond confirms that the address exists. What I do nowadays is set my domains to default to :FAIL: - this effectively returns the fail error to the sending mail server so that it knows the address does not exist. Of course you can't do that if you need to use a single address for your main contact, but it is an effective way to stop the spambots that send hundreds of emails to <anything>@domain.com in the hope that it gets into your catch-all address.

Your predicament doesn't leave you with many options beyond maintaining a whitelist and/or blacklist, which is what you're doing with BoxTrapper.

On the subject of spam emails themselves, I don't understand spammers, really I don't. They resort to tricks like spelling words with numbers to try and get around your filters - apparently clueless that you only set filters because you don't want to buy the products they're spamming you about. Getting around those filters isn't suddenly going to make you want to buy the product because, if you were interested, you wouldn't have set the filter in the first place.

Likewise, why don't they spam about products we might actually want to buy - instead of chemical products and certain anatomy enhancements? Why not spam us about cheap cameras, affordable tablets, bargain printers, etc - gadgets, and the like, that are all the rage right now. They might actually get some sales that way. But, no, they spam millions of emails about products no one wants. That just seems pointless to me.

(As coincidence would have it, I've just received junkmail - junked automatically by Seamonkey so I don't have to read it if I don't want - and it was sent to one of my forwarded email addresses. This one - [email]symantec@<domain.com[/email]>. I would have used that years ago when I used Norton Anti-Virus. There's an example of an internet security company selling off their emails to a spambot.)

I don't understand the spammers either - I am not going to respond to any of the rubbish I am sent so why devise sophisticated ways of boring me? It's all so pointless. The argument is that by sheer force of numbers they will get a response - but all I can say is whoever responds - more fool you! Actually, they are targeting vulnerable people, so I should not be too harsh.