Managing the flood.
Everyone gets spam — no exceptions.
Those who aren’t getting it now, will, and those only getting a little will eventually get more.
I get hundreds of spam messages every day. That may be at the high end of the average range, but it’s not uncommon.
What’s a poor user to do?
Become a Patron of Ask Leo! and go ad-free!
Getting rid of spam
Spam cannot be stopped, only managed. This means spam gets routed to your spam or junk folder, and only legitimate email appears in your inbox.
- Learn the nuances of your available spam filters.
- Learn how to use an allow-list.
- Protect your primary email address.
- Check regularly for false positives.
- Mark any spam in your inbox as spam.
- Never mark email you’ve asked for as spam.
- Consider a spam filter with a good reputation, like Gmail.
You can’t stop spam
Even after all this time, there is no solution guaranteeing you’ll get:
- Only the email you want.
- All the email you want.
- None of the email you don’t want.
Instead, there are partial solutions with varying degrees of success, depending on your needs and your willingness to accept restrictions or take additional steps.
But all solutions today risk both of the unwanted alternatives:
- Letting some spam through.
- Blocking some legitimate email.
Let’s look at some of those solutions. But first, we have to define what “success” means.
Inboxes & spam folders
A successful anti-spam solution does not stop spam from being sent to your email address.
Instead, effective spam solutions filter your email in such a way that:
- Spam is automatically detected, and either deleted or, more commonly, placed in your “spam” or “junk” folder.
- Everything else — meaning legitimate email — is placed in your inbox.
Unfortunately, filters are never perfect. They will occasionally mark something as spam that is not spam, and they will occasionally allow spam through into your inbox. This means you need to remember to do two things:
- Mark spam that arrives in your inbox as spam or junk. This teaches the spam filter what you consider to be junk, with the intent that it improves its detection over time.
- Occasionally scan your spam or junk folder looking for legitimate email that was erroneously placed there. This is called a false positive. If you find some, mark them as “not spam” — again with the intent of training the spam filter.
This is how we deal with spam. The measure of a good spam filter is how infrequently it miscategorizes email.
Spam filters
Spam filters are used in one form or another by almost all email providers, services,1 and programs.
Filters analyze email messages as they arrive, prior to reaching your inbox. They flag, or in some cases delete, messages they identify as spam. Characteristics used to make that decision include (but are not limited to):
- Words or phrases commonly associated with spam, such as certain drug names, sexual terms, and so on.
- Links that go to known malicious or suspicious sites.
- Links within HTML messages hiding their true destination.
- The presence of attachments, or attachments found to contain malware.
- Email from IP addresses with a bad reputation.
- Email from email addresses with a bad reputation.
- Email from domains with a bad reputation.
- Too much email too quickly from a single source.
- How often similar email has been marked by recipients as being spam.
There are probably more criteria, including some kept secret to make it harder for spammers to work around them.
Perhaps the most important concept to emerge in the last few years is that of “reputation”. An email address (i.e. leo@askleo.com) might garner a bad reputation for having sent a lot of email identified as spam. An email domain (i.e. any email address @askleo.com) might also have a bad reputation, as might a specific email server — perhaps hosting email for many email domains and addresses. In the past, IP addresses were also used to identify servers responsible for spam, but this has become largely ineffective as spammers’ techniques have changed.2
Spam filter recommendations
No two spam filters use the same criteria or techniques, and different criteria become more or less important over time. This is one reason we often consider one email service as having a better spam filter than others, and why recommendations can change over time.
I don’t really have a formal recommendation for spam filters, because they are specific to either your email provider or program. You may already have several spam filters available to you:
- Your email service (Gmail, Outlook.com, etc.) or your ISP-provided email probably already has one. Make sure it’s enabled.
- Your email program (Microsoft Office Outlook, Thunderbird, etc.) also probably has one. Make sure it’s enabled, too.
- There are third-party programs and services like Mailwasher you can install that will also filter your email.
On the other hand, I do have one specific recommendation, though it involves changing how you manage your email. Use Gmail either as your primary address, or route email from another source through Gmail. As I update this post, Gmail continues to provide the best, albeit not perfect, spam filtering I’m aware of.
Almost all my email is handled through Gmail, including all askleo.com email.
Using multiple addresses
Another approach is to use multiple email addresses. This does not stop spam, but it can reduce spam sent to specific email addresses.
- Select one email address to be your “private”, guarded email address — much like an unlisted phone number. Give this only to people and services you trust.
- Create additional “throw-away” email addresses to use for a limited time (say when registering a product) or for a limited purpose (like registering for a website) that you can safely ignore after those purposes have been met.
There are lots of ways you can create throw-away email addresses. Signing up for a free email account is probably the most common.
Your “private” email will still get spam; just not as much, since you use it in fewer places where it might be compromised or otherwise fall into the hands of spammers.
Challenge/Response
Another entry into the fight against spam is something called challenge/response. It’s available as a service you can add to your existing email, and is offered by some ISPs.
Challenge/response, as its name implies, is a challenge sent in response to email from an unknown source to prove the sender is real. Using challenge/response:
- Someone unknown to you sends you an email.
- Rather than delivering the email to you, the challenge/response system automatically replies with a challenge — a message the sender must acknowledge. Often it includes a “prove you’re human” CAPTCHA.
- If the sender properly acknowledges the challenge with a response, then:
- The original message is delivered to your account normally.
- The sender’s email address is placed in a “confirmed” list, and they need not experience challenge/response for emails sent to you in the future.
- If the challenge is not met with a proper response, it’s assumed the sender was a spammer or bot, and the original message is discarded after some time.
The biggest problem with challenge/response is that not all legitimate email is sent by people who can respond to the challenge.
Signing up for a mailing list, making an online purchase, and other activities might result in a computer, not a person, sending you an email confirmation. This is email you want, yet senders to such lists don’t have the resources, or often even the ability, to respond to a challenge for each recipient. They usually ignore all challenges. The result is that unless you remember to proactively add their email address to an “allow” list beforehand (assuming you even know this will happen), you won’t get the email you want.
I know some people swear by them, but I generally do not recommend challenge/response solutions.
Allow and deny lists
Almost all of the solutions above include the ability to add email addresses to an “allow” or “deny” list.3
An allow list means you indicate email from a particular address should never be flagged as spam or delayed in any way. A deny list means just the opposite: email from a particular address should always be flagged as spam and never delivered to you.
Allow lists can be important to prevent false-positive spam filtering of things like newsletters.
On the other hand, deny lists (also known as blocking), are ineffective and essentially pointless. Spammers frequently “spoof” the “From:” address in email, making it looks like it comes from someone other than it really does — often even looking like it came from your own email address.
Finally, don’t stress out about spam. Just use the Delete key or Spam button and move on.
The bottom line
There’s no magic bullet. Spam will continue for the foreseeable future. You will get, or continue to get, spam.
However, there are steps you can take to reduce the amount you need to deal with.
- Learn the nuances of the spam filters available to you.
- Learn how to add email addresses to an allow list.
- Protect your primary email address.
- Check your spam folders regularly for false positives.
- Mark any spam making it into your inbox as spam.
- Never mark email you have asked for as spam.
- Consider using a spam filter with a good reputation, such as Gmail.
Finally, don’t stress out about spam. Just use the Delete key or Spam button liberally, and move on.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Related Video
Footnotes & References
1: I draw a distinction between email providers (like your ISP or workplace) and email services (like Outlook.com, Gmail, Yahoo! Mail, and others).
2: Specifically, the rise of spam-sending botnets that distribute sending activity over millions of machines at millions of different IP addresses.
3: Also often referred to as whitelist or blacklist, respectively, though the industry is attempting to migrate away from those terms.
For Outlook users:
I have been having a lot of success with a Spam filter called spambayes. You can find it at spambayes.org. I’ve yet to have a “good” email get deleted. If the filter isn’t sure, it will deposit it into a folder called Junk Suspects and then you can tell the filter whether it is good or bad. The filter learns from past emails which is good and which is bad. If you have a bunch of emails saved up (both good and spam) you can give it a headstart when it first initializes.
Leo,
I am not interested in any email that “domains” from China, or Russia. Is there a way of blocking all mail which has any connection to these countries. What I’m asking I guess, is there a way of simply having this mail not even leave my ISP or at least auto delete forever without my even knowing it existed.
I’m not concerned about ‘good’ mail not reaching me because I’m not interested in *any* mail that has in its headers any reference to China or Russia.
MailWasher blacklists most of these but I still have have to go through them and manually delete them. I would rather they didn’t even show up in MailWasher at all.
—
Mark Clydesdale
Vancouver, Canada
The best spamfighter is
http://www.spamfighter.dk
I have used for years and have
no problem with spam.
I’ve been ‘told’ by sbc/yahoo that my spam box is ‘full’….now what do I do….??? empty it and start all over again or??? this spam is driving me nutsy….or nutsier!!!
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
If they’re refering to the folder into which spam email is
placed, then yes … review it for any false positives, and
then empty it.
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIUp1nCMEe9B/8oqERApe2AJ0c4m/SyZSdZJ/RdQD74pwdfkbbEwCeMNNs
35lxkoGpe4N8f2/fejpCYSU=
=SQWC
—–END PGP SIGNATURE—–
Has anyone tried Mailwasher? I have been using it for years, literally. it’s not one for the online emails like Yahoo or MSN, but for your home email addresses. You run mailwasher before checking for emails in your email program. Mailwasher will look and see what messages are on the server for you, and at that time you can bounce them back (sent to the REAL sender) or you can okay them as legit. I get virtually no spam. When a spammer sends one, you can bounce it back and it sends the message that your email address does not exit. These are email address’s I’ve had for over 10 years. I wonder why the mail servers don’t have this built in technology. It’s a great free little program, I use it on both the Mac and PC. Can even add multiple email addresses, as I have, to have it check them all first without downloading anything. Once you’ve ‘cleaned’ up your incoming mail, then go to your usual email program like Outlook, and you only download the good stuff. :) Site is Mailwasher . org for those interested. Hope that helps!
Another vote for “Mailwasher”, I have the pay for (Pro Version) and it is just great.
Have no affiliation with these people who I believe are in New Zealand but saves me from hundreds of these cursed spammers.
Some anti-spam methods are better than others.
Blocking every ‘SPAM’ sender will eventually have you try to block yourself – a lot of the spam I receive these days is apparently sent by me…
Challenge / Response methods also suffer from the above spamming technique – either they let it through, or replace the original spam with a Challenge.
Some time ago, there was a rumour that ISP’s were going to charge a penny an e-mail (starting with Microsoft). While a lot of people shouted about it, I think it had merit – though it would be unfair against ‘bot’ infections.
I think there should be a limit on how many e-mails a given PC can send (unless it registers as a ‘business’ with it’s ISP).
Leo’s technique is best.
Step 1 – use GMail
Step 2 – use GMail
Step 3…etc.
In 5 years I’ve had probably 5 spam messages get through.
If you’re concerned about your Outlook or Thunderbird or whatever, no problems – keep receiving it that way but divert it to your GMail client. Every few months, just flush out the ‘old school’ client.
My simple solution: use my email (Outlook) junk/spam trainer every day; check junk every few days, “unjunk” those which aren’t and delete all remaining junk.
This may not help for those with large volumes of spam, but I find that if I keep this up, I don’t build up too overwhelming a collection of messages to deal with. It takes some deliberation, which is sometimes hard to come by.
I must be lucky or doing something right.
My ISP’s email account has been spam free since I signed on with them 2 years ago.
My gmail accounts however get around three or 4 spam messages a day.
I’ve setup a filter in gmail to send spam directly to trash.
I check it frequently to see if any legit email gets sent there.
I’ve only had one valid email disappear to trash.
Spam never gets to Thunderbird.
I am either extremely lucky or I must be doing something right. First of all, I get almost 0 spam in all my POP3 accounts (my own Web site). But then, I never post them anywhere and I only use those eMail addresses for SERIOUS uses. (Banks, eBay, purchases from known sites, reputable computer sites, like this one, etc.
Then I have a Yahoo account which I use for stuff like CraigsList. That account receives perhaps 20 or so spam messages per day and I report each and everyone to the associated “gate keeper”. Both Yahoo and HotMail (MSN, Live, etc.) acknowledge every message reported as spam and either report back their “action” or tell you if the eMail “faked” its origin.
For everything else, I copy and paste into SpamCop’s window and let it figure out to whom to report it.
Speaking of CraigsList, beware of “generic” replies (like “Why are you selling this?”, “What is your location”, “I’ll buy this”, etc.) They are all intended to elicit a response and then they will have your actual eMail address thus working around CraigsList’ redirection. I report ALL generic responses as spam suggesting they check the account’s outgoing box to verify that they only send that type of traffic. Almost everything I have reported to Report_Spam@HotMail.Com has resulted in a message saying they closed the account. Network-abuse@cc.yahoo-inc.com is NOT so informative but they either reply that they have taken “appropriate action” (90 %) or that the message did not originate from Yahoo or that they cannot do anything.
It seems like a never ending task but if everyone does his/her part it will help. I know that I have seen certain specific types of spam totally disappear from my box. (For example, those sent via CraigsList posting with links to “Google posting” get rich schemes. All of those I saw came from “reportable” eMail addresses like AOL, AIM, HotMail, Live, MSN, Yahoo, etc. and I reported each and everyone of them. That scheme, for example, is gone from my eMail stream. I suspect that these were from souls that bought the “kit” and got tired of having to get a new eMail address everyday, perhaps even more often.
I use SpamBully to get rid of my spam messages. It works very easy. All you do is tell the program what emails are good and which ones are spam and it gathers your information to decide the difference. It also has a 1 click interface to let you report the spam. Here is a link to my own information on the product and if you what a copy of it there is a link to where you can make the purchase. It is the best software I have ever owned for ridding myself of email spam. SpamBully Product review and purchase
i have searched ‘ask-leo’ but can’t find how TO CREATE a whitelist for thunderbird email..can’t find the word ‘whitelist OR blacklist’ anywhere under any file, view, tools etc.
i have no spam problem just a problem receiving some pictures especially if sent from a mac to my pc.
25-Jan-2011
A number of people (including me) have been receiving a particular type of spam from a source that uses a product or service name, such as Cheaper-AutoCoverage followed by . You don’t identify this particular kind of spam in your article and I wanted to bring it to your attention. Many people seem to believe that the spam comes from AT&T, but they are falling from the “spoof” as you describe it in your article.
I have been unable to filter these emails and it appears that others have had no success as well. Is it possible to block a bracketed address that is associated with many names? I had no success trying to filter with ATT.net or Outlook. With Outlook it’s possible to search for any email from the bracketed address (ignoring the name) so I can delete these without reading them, but I really don’t want to see them in my email list to begin with.
My solution, which is still working well over two years now, is to have all my non-family and friends’ e-mail sent to my Gmail account, and to set up Gmail to forward it to my regular e-mail account, and to retain a copy on the Gmail server. Every once in a while I check my Gmail account’s Spam and Trash folders to verify that no “good” mail gets spammed or trashed, and that all the mail in the Spam folder is indeed spam. I’m very happy with this simple arrangement. I am getting all my e-mail without a trace of spam.
Please could you outline the actual steps of “routing email via gmail for spam filtering” do you need a backup email address on your own domain? Or is it achievable using only one “own” email address + forwarding tricks? Thanks :-)
@Pedro
This Ask Leo! article explains how to route your email through GMail: How do I route my email through Gmail?
Leo:
Can you tell me why I receive emails such as this “This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.” when I never emailed to the address that is in question? Thank you.
David
A spammer, sending spam that is faked to look like it came from you, sent spam to an email address that had whatever problem is listed in the bounce message. Since the message was faked to look like it came from you, you get the bounce. This is very common, and there’s nothing to be done.
I am receiving about 20 or 30 emails a day offering my money,telling me I have won the lottery etc. I was told to click on the message, hit the spam button ,the delete. Is this the best way? I have outlook outlook express.
Can you help me or do I have to dump my email address and start with a new one?
It would help to upgrade from Outlook Express. That program has not been maintained for years, so it’s spam filters will be completely out of date. This article will help you with that: https://askleo.com/why_outlook_express_must_die/
In addition to what Connie said, clicking on the spam button is generally the best way to handle spam in any email program.
like the old saying goes follow the money..who is the person company or corporation that benefits from all this spam. and why don’t the government go after them….???
They do. But there are so many, and they’re mostly in countries that we don’t authority to operate in. And the government’s resources are limited.
I have tons of email spam at least twice a day I empty it now for some reason my browsing history is getting spam in it is this possible cause my wife thinks I’m cheating
I am always trying to thimk of kind of ridiculous ways of answering these nuts that are “”trying to find men” or are in bed and want to do “”lots of things with you (me). For example, “I don’t drink and I don’t chew, So why would I go with a slut like you?”” Or, You are looking for men? Try going to LOWE’S or
Home Depot at 6:00 am. You will find all kinds of men there at that hour. Or Walmart is always good! But i have decided that is just free advertising. Besides, if I tried send this in a reply they would just double up on the lowest of the low emails.
Thanks for your always on-target advice. Oops, On target is not politically correct anymore. I guess the retail store will have to rename the place and stop having targeted sales items. Have a great rest of the weekend.
Not a good idea. Responding tells them they have a live one. Any spam you respond to increases the value of your email address for selling to other spammers.
I don’t get spam.
The problem is not Bed, Bath, and Beyond selling our
addresses to Fishing Tackle, Sporting Goods, and
Beyond. Those companies comply with the unsubscribe
link. And if they don’t, and if an alias address is
used with them, the address can be deleted, terminating
any further contact.
The problem is Woodpeckers. They’re 99.99% of the
problem. If we nail the woodpecker, we’ve solved
our problem.
Woodpeckers use a veritable roulette wheel of phony
return addresses that foil traditional blocking
filters.
We need four things to stop spam once and for all,
and these are available:
!. scrambled usernames
2. alias addresses
3. an Exclusive Blocker
4. the option to block spam at the server.
AOL has the Exclusive Blocker that can be set to
accept mail only from Contacts or Address Book. And
Aol has an option to block the spam at the server
so we never see it.
Alias addresses from gmx.com and mail.com permit us to
receive mail from those we don’t know.
Scrambled usernames are the first line of defense
as they prevent brute force guessing of our usernames.
For personal contacts we use alias addresses with a
username like leomark9tW4x#b&@gmx.com. Leo is the
sender and Mark is the recipient. Mark knows who is
emailing him and the scrambled string foils the brute
force password guesser. The first and second names
are not necessary for non-personal contacts.
AOL can be used to receive our monthly billing
notifications. No other mail can be received while
the Exclusive Blocker is activated in Spam Settings.
However, billing addresses could be spoofed to bypass
the Ex Blocker, so the AOL address must be scrambled
and, ideally, the AOL webmail would only be populated
with companies who don’t give out our AOL address:
phone, utility, credit card isuers, banks, auto
insurance, etc. (The spoofer needs both the username
and a Contacts address to bypass the Exclusive
Blocker).
Unknown companies should be given an alias address
for contacting us. If a company reveals our alias
to another merchant, the alias can then be deleted.
Or, the second company can be blacklisted with a
right-click on the unwanted mail.
An added Gmail account can fetch billing and other
mail from AOL so that we only have to open two
webmails daily: the Gmail for business and the gmx
alias account for friends and merchants. (Gmail’s
Fetcher doesn’t work well with gmx alias addresses).
I’ll close by repeating: Bed, Bath, and Beyond is
not our problem. Woodpeckers are the problem.
This approach has worked for me for over 5 years.
You’ll have to start over with new email accounts
and figure a way to import or export your old emails
to the new accounts. But it’s worth it!
I may rarely get an unsolicited email in a deletable
gmx alias account; but I don’t get woodpecker spam.
Give this a try! Your “spam management time” will
fall through the ice!
Update: Looks like AOL has revised its spam setting options. Now the user can only block specific addresses, which must be typed or pasted. No more Exclusive Blocker, no more blocking at the server.
Safe-Mail has the Ex Blocker features we need. Click Preferences>Mail Control.
Inbox.com has these features, but they haven’t accepted new subscribers for 3 or 4 years now.
I have one AOL account that still has the old Exclusive Blocker. I’ve opened a Safe-Mail account in anticipation of AOL’s revision.
My problem is not that I receive spam but that hotmail, now outlook.live.com, blocks one of the ask.leo emails on a regular basis. The “tip of the day” almost never gets through. I prefer using my mail program to send and receive email but now I check the outlook web mail in an attempt to let that particular set of emails through. I have white-listed the address and always mark the emails (which land in the junk mail file) as not junk. Both of the other emails, the newsletter and the best of ask Leo get through fine. I thought after enough time I would have trained that particular spam filter – it has probably been about 6 months but no luck. I don’t know what else I can do except change my email address for ask Leo. What is funny though is that it also blocks some Microsoft messages. My guess is that it only looks at the email subject and not the sender.
For this and related reasons, I’ve given up on Hotmail/outlook.com. Years ago, they blocked an entire email provider’s, gmx.de, domain. The emails didn’t even get sent to Spam, they were rejected and a bounce was sent to the sender. I was finally able to solve the problem by writing Mary-Jo Foley, a well know tech guru and blogger. She was able to use her connections with Microsoft to point out the problem to them. Since then, I only been using my Microsoft account to log into Windows and little else. I use Gmail as my main email account. If you switch, you can keep your Hotmail account to catch any emails from people who aren’t aware of your new address. It seems like Microsoft’s near monopoly has made them feel exempt from having to respond to the average users’ needs.
Thanks for the reply. I believe you are correct. Luckily this is not one of my important email addresses although I do consider Ask Leo to be important .
Hello Leo, i was wondering why do i get nasty spam meassages directed towards my first and last name? How do they know my name? I am female and and i get nasty adult oriented spams from other women. Also i forgot to say that my name comtains my first and last name, maybe because of that?
There are many ways that the real name associated with an email address gets into spammers databases — everything from data breaches at large companies, to innocent forwarding of emails without hiding the recipients on a BCC line. Basically, any email you send that has your full name and email address (as most do in the From: line), is easy pickings for spammers. Don’t read too much into it — if it lands in your inbox mark it as spam and move along with your day.
Dear Leo,
I got a spam on my email address about asking me to unsubscribing from a dating site with a huge red button saying “usubscribe”. Email that spam was sent from was very weird and unusual. Is it possible to get such spam if you never registered to any dating site using mentioned email address? Is it only a clickbait?
It is 100% click bait. People get this kind of thing ALL THE TIME. Mark it as spam, do NOT click the Unsubscribe link.
Hey Leo!
First of all great article, second i have a question.
I got a very weird spam message saying this:
“Hello tenastadle3390,
Your friend recommended that this would be the perfect site for you so we have activated a free membership just for you. Come check out the best dating site online for meeting sexy members for hooking up.
Your Username: [removed]
Your Password: [removed]
By clicking “TO VERIFY YOUR FREE ACCOUNT” you certify that you are at least 18 years + and agree to the terms & conditions including the use & nature of online cuties, that are fantasy profiles who may contact members for entertainment purposes, updates and offers.”
I didn’t sign up for any site, especially not such kind of site. So what this spam now means? Do i have a profile there or is this all just a click bait for me?
It could be both. Whatever you do, don’t click on the link. It could take you to a site which might inject malware. If they did set up a profile, it’s not yours. You can safely ignore it.
Click bait. DO NOT CLICK. ;-)
Okay thank you for your replies. I just never saw such spam, have you ever seen similar spam like that? I just went to that site (not via link) and tried my email on “forget password” and it says they don’t have it in their database. Apparently they think i am a male so they offer me women to hook up with ….
So…. you just gave them your email address? (Even in the attempt to login?) Bad move. They could still record it and start sending you more spam.
Of course, they don’t have it in their database. You never signed up. It’s just plain spam and the best thing you can do is mark it as spam in your email program or email website and ignore it. Never click on those links or go to those sites. In the best case, it’s just spam. In the worst case, you can get malware. Clicking on the forgot password link confirms your email and opens you ip to more spam.
Dear Leo,
what does it mean when i get a hookup spam saying i have registered for their commercial emails (its written in a bottom of email with small letters alongside with unsubscribe button) ? Does it look like a typical spam to you or?
Yes. Spam often has fake unsubscribe links. Clicking on them will actually get you more spam because it confirms to them that yours is a valid email address. Marking it as spam is the best you can do.
Dear Leo,
could you explain to me what it means when you have spam message from some person you have no idea who it is but it says “To: (my email), (email i don’t know 1), (email i dont know 2)”. So the same spam was sent to me and two other ppl i dont know about. How come i am allowed to see who also got. this spam message?
Just means they put more than one email address on the To: line, like any email can. They didn’t use Bcc: for some reason.
I have had great success using alias providers such as Anonaddy or 33 Mail (and previously, Spamex). Every online account gets a different alias, and none get one of my “real” email addresses.
I almost never receive any spam. The only spam I get is because a family member had his email account hacked. My email address which was there is now tainted, and I need to kill it.