You are currently looking at an older section of the website.
Please check the new version of the site at for updated content.

wincent Wincent: about

Anti-spam policy

Wincent is opposed to spam (unsolicted commerical email) and will never send you spam. Wincent will never sell or make available your email address or any of your other personal information to third parties. Wincent does provide mailing lists for users who wish to remain informed but these lists are strictly "opt-in" and Wincent will never subscribe a user to a list; if you wish to join a list you must manually subscribe yourself.

Outgoing mail (from Wincent)

If you have anti-spam filters or challenge-response systems on your mail server then you may wish to add the following addresses to your whitelist:

  • License codes for purchased software are sent from my personal email address, The same applies to re-issued license codes sent using the automated lost license recovery system.
  • Daily digests from the forums are sent from (only to people who explicitly subscribe to those digests); the "noreply" in the name indicates that this is a sending-only account and you shouldn't reply to it.
  • Mail sent by the Bugzilla bug tracking and feature requests database is sent from; once again the "noreply" indicates that you shouldn't reply to these messages.
  • If I ever need to contact you personally (for example, in response to a support ticket or a crash report) then I will do so from my personal email address,

I have a blanket policy against challenge-response systems. I don't use them myself and I don't respond to any challenges that I receive from recipients that do use them. This policy is in place for two reasons: firstly, because a lot of my outgoing mail is generated by automated systems (such as the license code mailer) and so cannot respond to such challenges; and secondly, because I believe that such systems are worse than the spam problem that they purport to cure. Instead of inconveniencing spammers, challenge-response systems inconvenience only legitimate senders, while spammers happily move on to the next target in their millions-long list of addresses. I receive about 8,000 legitimate messages and send several hundred per month; even if only a small percentage of these transactions involved a challenge-response component the drain on my time would be significant. In my experience users of challenge-response systems love them (because it frees them of spam), legitimate senders hate them (because they are being penalized for the behaviour of others), and spammers couldn't care less because they deliver by automated systems and for every target that uses a challenge-response system there are hundreds or thousands of others that do not.

Spam currently accounts for about 50% of all mail that is sent in the world. Imagine if everyone used challenge-response systems; the number of challenges and responses generated would soon dwarf the amount of spam being sent. I believe that there are much more appropriate levels of tackling the spam problem: good server-level filtering (SpamAssassin), good client-level filtering (SpamSieve), and proper configuration of mail servers (with SPF records). There can be no exceptions to this policy, because if I make exceptions then I am tacitly endorsing peoples' decision to use those systems and encouraging their further use, thus making life worse for legitmate senders everywhere.

Incoming mail (to Wincent)

Any incoming mail that contains a virus or other malicious content (as detected by ClamAV) will be discarded at the server before it is ever read.

Incoming connection attempts are checked against real-time DNS-based spam blacklists and rejected if the originating IP appears to be a known spam source.

All other mail passes through the SpamAssassin spam filter for tagging at the server level — only messages with extremely high spam scores are immediately and automatically deleted — and then SpamSieve locally here on my Mac OS X machine to route all spam into a separate folder. At the time of writing (May 2006) this arrangement has been in place for 18 months with 99.6% accuracy (193 false positives in that period, despite the fact that 19% of all email I receive is spam). I manually revise filtered spam to catch these false positives.

If for some reason your email isn't getting through you can always contact me using the web-based contact form.