Also, as someone who is suspicious of bots, when I first started this job and began seeing these in the inbox, I was highly suspicious that it was an email virus designed to seek out active email addresses (ie, any email address that clicks the link and completes the verification process outs themselves to spammers as a valid email with a human reading it). I am sure I am not the only one who this thought occurred to.

First and foremost, if your IT actually thinks that SpamArrest uses a worm then please let me know the name of your company and the names of your IT personnel. I would like to know this so that I will never deal with your company or accidently one day hire someone from your IT department.

I don’t believe you have a full concept of how spam, scams, and worms work. What I believe you encountered was, yes, a worm. However, as has been posted here already, scammers and spammers utilize many ways to make their correspondances to look legit.

Every day I get emails that claim it’s from Facebook, Twitter, Wachovia Bank (even though I’ve never had a bank account with him nor know anyone who has), etc. What you probably encountered was a phishing email that was designed to look exactly like the SpamArrest default challenge response.

The con artists hope you recognize this email or at least trust it. When you click on the link you are probably accessing a website that will automatically download/install a worm or trojan on your computer and/or network.

This program then, as you say, searches for legitimate subject headings, then it proceeds to replicate itself by sending out the same message or similar that you received and sends it out to people in your addressbook or contact list.

However, SpamArrest does NOT send out worms. If your IT people really believe this was the doing of SpamArrest then this tells me that your IT people obviously need to get an education in the basics of network security.

Sending an automated message to challenge a user may seem sensible, but many emails these are days are from webapps you’ve signed up for, but now don’t get anything from them and probably think they suck. And if you have to wade through a “quarantine” area to find such missed emails, what’s the point?

I agree it’s not ideal and personally I do not use it. However I understand what it’s like to be so bombarded with spam that you are losing hours out of every week dealing with it.

That said, one of the issues I have with it is that if it every becomes widespread at some point all sorts of phishing scams are going to develop over it. And as it is, a lot of neophytes may not respond to the challenge email because they’ll be afraid its a scam and won’t know the difference.

So we’re coming up on two years later (this summer, a few months away). I’m still using Spam Arrest and VERY SATISFIED with it. It’s one of the best decisions I’ve ever made regarding my productivity.

Until you’ve been SPAM-FREE, you forget how good it is. Two years later, I’m virtually SPAM-FREE – thanks to SpamArrest!

So, I still disagree with this post, as originally stated. I also love Spam Arrest and highly-recommend it.