Managing the flood.
by Leo A. Notenboom
If you're not getting spam now, you will soon -- and probably lots of it. What can you do? There's no magic answer, but there are various things you can do to help.
Everyone gets spam — no exceptions.
Those who aren’t getting it now, will, and those only getting a little will eventually get more.
I get hundreds of spam messages every day. That may be at the high end of the average range, but it’s not uncommon.
What’s a poor user to do?
Getting rid of spam
Spam cannot be stopped, only managed. This means spam gets routed to your spam or junk folder, and only legitimate email appears in your inbox.
- Learn the nuances of your available spam filters.
- Learn how to use an allow-list.
- Protect your primary email address.
- Check regularly for false positives.
- Mark any spam in your inbox as spam.
- Never mark email you’ve asked for as spam.
- Consider a spam filter with a good reputation, like Gmail.
You can’t stop spam
Even after all this time, there is no solution guaranteeing you’ll get:
- Only the email you want.
- All the email you want.
- None of the email you don’t want.
Instead, there are partial solutions with varying degrees of success, depending on your needs and your willingness to accept restrictions or take additional steps.
But all solutions today risk both of the unwanted alternatives:
- Letting some spam through.
- Blocking some legitimate email.
Let’s look at some of those solutions. But first, we have to define what “success” means.
Inboxes & spam folders
A successful anti-spam solution does not stop spam from being sent to your email address.
Instead, effective spam solutions filter your email in such a way that:
- Spam is automatically detected, and either deleted or, more commonly, placed in your “spam” or “junk” folder.
- Everything else — meaning legitimate email — is placed in your inbox.
That’s it. When everything is working properly, you’ll still get spam — perhaps lots of it — but it will all be diverted to your spam folder and not your inbox.
Unfortunately, filters are never perfect. They will occasionally mark something as spam that is not spam, and they will occasionally allow spam through into your inbox. This means you need to remember to do two things:
- Mark spam that arrives in your inbox as spam or junk. This teaches the spam filter what you consider to be junk, with the intent that it improves its detection over time.
- Occasionally scan your spam or junk folder looking for legitimate email that was erroneously placed there. This is called a false positive. If you find some, mark them as “not spam” — again with the intent of training the spam filter.
This is how we deal with spam. The measure of a good spam filter is how infrequently it miscategorizes email.
Filters analyze email messages as they arrive, prior to reaching your inbox. They flag, or in some cases delete, messages they identify as spam. Characteristics used to make that decision include (but are not limited to):
- Words or phrases commonly associated with spam, such as certain drug names, sexual terms, and so on.
- Links that go to known malicious orsuspicious sites.
- Links within HTML messages hiding their true destination.
- The presence of attachments, or attachments found to contain malware.
- Email from IP addresses with a bad reputation.
- Email from email addresses with a bad reputation.
- Email from domains with a bad reputation.
- Too much email too quickly from a single source.
- How often similar email has been marked by recipients as being spam.
There are probably more criteria, including some kept secret to make it harder for spammers to work around them.
Perhaps the most important concept to emerge in the last few years is that of “reputation”. An email address (i.e. firstname.lastname@example.org) might garner a bad reputation for having sent a lot of email identified as spam. An email domain (i.e. any email address @askleo.com) might also have a bad reputation, as might a specific email server — perhaps hosting email for many email domains and addresses. In the past, IP addresses were also used to identify servers responsible for spam, but this has become largely ineffective as spammers’ techniques have changed.
Spam filter recommendations
No two spam filters use the same criteria or techniques, and different criteria become more or less important over time. This is one reason we often consider one email service as having a better spam filter than others, and why recommendations can change over time.
I don’t really have a formal recommendation for spam filters, because they are specific to either your email provider or program. You may already have several spam filters available to you:
- Your email service (Gmail, Outlook.com, etc.) or your ISP-provided email probably already has one. Makesure it’s enabled.
- Your email program (Microsoft Office Outlook, Thunderbird, etc.) also probably has one. Make sure it’s enabled, too.
- There are third-party programs and services like Mailwasher you can install thatwill also filter your email.
On the other hand, I do have one specific recommendation, though it involves changing how you manage your email. Use Gmail either as your primary address, or route email from another source through Gmail. As I update this post, Gmail continues to provide the best, albeit not perfect, spam filtering I’m aware of.
Almost all my email is handled through Gmail, including all askleo.com email.
Using multiple addresses
Another approach is to use multiple email addresses. This does not stop spam, but it can reduce spam sent to specific email addresses.
- Select one email address to be your “private”, guarded email address — much like an unlisted phone number. Give this only to people and services you trust.
- Create additional “throw-away” email addresses to use for a limited time (say when registering a product) or for a limited purpose (like registering for a website) that you can safely ignore after those purposes have been met.
There are lots of ways you can create throw-away email addresses. Signing up for a free email account is probably the most common.
Your “private” email will still get spam; just not as much, since you use it in fewer places where it might be compromised or otherwise fall into the hands of spammers.
Another entry into the fight against spam is something calledchallenge/response. It’s available as a service you can add to your existing email, and is offered by some ISPs.
Challenge/response, as its name implies, is a challenge sent in response to email from an unknown source to prove the sender is real. Using challenge/response:
- Someone unknown to you sends you an email.
- Rather than delivering the email to you, the challenge/response system automatically replies with a challenge — a message the sender must acknowledge. Often it includes a “prove you’re human” CAPTCHA.
- If the sender properly acknowledges the challenge with a response, then:
- The original message is delivered to your account normally.
- The sender’s email address is placed in a “confirmed” list, and they need not experience challenge/response for emails sent to you in the future.
- If the challenge is not met with a proper response, it’s assumed the sender was a spammer or bot, and the original message is discarded after some time.
The biggest problem with challenge/response is that not all legitimate email is sent by people who can respond to the challenge.
Signing up for a mailing list, making an online purchase, and other activities might result in a computer, not a person, sending you an email confirmation. This is email you want, yet senders to such lists don’t have the resources, or often even the ability, to respond to a challenge for each recipient. They usually ignore all challenges. The result is that unless you remember to proactively add their email address to an “allow” list beforehand (assuming you even know this will happen), you won’t get the email you want.
I know some people swear by them, but I generally do not recommend challenge/response solutions.
Allow and deny lists
An allow list means you indicate email from a particular address should never be flagged as spam or delayed in any way. A deny list means just the opposite: email from a particular address should always be flagged as spam and never delivered to you.
Allow lists can be important to prevent false-positive spam filtering of things like newsletters.
On the other hand, deny lists (also known as blocking), are ineffective and essentially pointless. Spammers frequently “spoof” the “From:” address in email, making it looks like it comes from someone other than it really does — often even looking like it came from your own email address.
Finally, don’t stress out about spam. Just use the Delete key or Spam button and move on.
The bottom line
There’s no magic bullet. Spam will continue for the foreseeable future. You will get, or continue to get, spam.
However, there are steps you can take to reduce the amount you need to deal with.
- Learn the nuances of the spam filters available to you.
- Learn how to add email addresses to an allow list.
- Protect your primary email address.
- Check your spam folders regularly for false positives.
- Mark any spam making it into your inbox as spam.
- Never mark email you have asked for as spam.
- Consider using a spam filter with a good reputation, such as Gmail.
Finally, don’t stress out about spam. Just use the Delete key or Spam button liberally, and move on.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
- Mark as spam. ...
- Delete spam emails. ...
- Keep your email address private. ...
- Use a third-party spam filter. ...
- Change your email address. ...
- Unsubscribe from email lists.
The phone number and website are operated by the major credit bureaus. To opt out permanently: Go to optoutprescreen.com or call 1-888-5-OPT-OUT (1-888-567-8688) to start the process.
If you start receiving an increased amount of spam, with junk mail filters enabled, then there might be a problem with the mailbox that your spam emails are usually moved to. You should check that the target mailbox or mail folder isn't full or disabled.
Recover Messages from Spam
- Find the message you want to move out of Spam.
- Open the message (or select the checkbox to the right of it)
- Move the message to your Inbox or to a label: Move to your Inbox: Click the. button.
- Reply to the sender. Ask them to remove you from the list.
- Have these unwanted newsletters or promotions redirected to another email folder.
- Block the sender (You can unblock this address at any time)
- Filter messages from the company. Most, if not all, ESPs have a provision for filtering emails.