I get many hundreds of spam messages a day. That’s probably nearer the high end of the average range, but it’s certainly not an uncommon amount.
While one source shows that spam has dropped to just under half of all email traffic for the first time in years, it certainly doesn’t seem that way in our mail folders, does it?
What’s a poor user to do?
Become a Patron of Ask Leo! and go ad-free!
No silver bullet
Even after all these years, there is still no magic answer and no silver bullet. There is no solution guaranteeing you’ll get only the email you want and all the email you want.
There are many partial solutions that have varying degrees of success, depending on your needs and your willingness to accept restrictions or additional steps.
But all solutions today risk both of the unwanted alternatives:
- Letting some spam through
- Blocking some legitimate email
Let’s look at some of those solutions.
Spam filters remain the most popular solution, being used in one form or another by email providers, services1, and programs.
Filters analyze email messages as they arrive, prior to reaching your inbox. They flag, or in some cases delete, messages they “think” are spam. Characteristics used to make that decision include:
- Words or phrases commonly associated with spam, such as certain drug names, sexual terms, and more.
- Links that go to known malicious or suspicious sites.
- Links within HTML messages that hide their true destination.
- The presence of attachments, or attachments scanned and found to contain malware.
- Email from IP addresses associated with spammers.
- Email from email addresses associated with spammers.
- Too much email too quickly from a single source.
- How many times you or others have marked similar email as being spam.
There are probably more criteria, including some kept secret to make it harder for spammers to work around them.
Spam filter criteria
No two spam filters use the same criteria or techniques, and different criteria become more or less important over time. This is one reason we often consider one email service as having a better spam filter than others (which also changes).
Targeting IP addresses used to work well, because spammers used specific mail servers — often hacked servers — to send spam. Now, with the rise of botnets, almost any computer at any IP address on the internet could be the source of spam. This makes blocking IP addresses futile, though it’s often still done.
Sometimes filters get it wrong. Even with spam filtering in place, you’ll probably still get spam. Worse, filters occasionally mark email you want as spam.
Spam filter recommendations
On one hand, I don’t have a formal recommendation for spam filters, because they are specific to either your email provider or program. You may already have several spam filters available to you:
- Your email service (Gmail, Outlook.com, etc.) or your ISP-provided email probably already has one. Make sure it’s enabled.
- Your email program (Microsoft Office Outlook, Thunderbird, etc.) also probably has one. Make sure it’s enabled, too.
- There are third-party programs and services like Mailwasher you can install that will also filter your email.
On the other hand, I do have a recommendation: use Gmail — either as your primary address, or route email from another source through Gmail. As I update this post, Gmail continues to provide the best, albeit not perfect, spam filtering I’m aware of.
Check your spam folders
Spam filters can handle spam in three ways:
- They delete it so you never see it
- They deliver it to a “spam” or “junk” folder instead of your inbox
- They modify the Subject line in some way, typically adding the word “spam”
Some filters use all three, or you’ll experience all three because your incoming email might be routed through multiple, different spam filters.
The second option, the spam folder, is by far the most common. It’s important to periodically check the contents of this folder. Filters are never perfect and will occasionally mark something as spam that is not.
Similarly, if spam arrives in your inbox, use the tools you have available to mark it as spam. The spam filters learn from this and improve over time.
Using multiple addresses
Another common approach is to use multiple email addresses.
- Select one email address to be your “private”, guarded email address — much like an unlisted phone number — that you only give to people and services you trust.
- Create additional “throw-away” email addresses to use for a limited time (say when registering a product) or for a limited purpose (like registering for a website) and can safely ignore after those purposes have been met.
There are lots of ways you can create throw-away email addresses. Signing up for a free email account is probably the most common.
Another entry into the fight against spam is something called challenge/response. It’s available as a service you can add to your existing email, and is offered by some ISPs.
Challenge/response, as its name implies, is a challenge sent in response to email from an unknown source to prove the sender is real. If they respond to the challenge (typically by clicking a link) to confirm that they are, then a) they are remembered and never have to see a challenge again, and b) the mail they sent you is delivered. If they do not respond, you never see the email, or you have to take extra steps to check for it.
The problem with challenge/response is that not all legitimate email is sent by people who can respond to the challenge. Signing up for a mailing list, making an online purchase, and other activities might result in a computer, not a person, sending you an email confirmation. This is email you want. Yet senders to such lists don’t have the resources, or often even the ability, to respond to a challenge for each recipient. They usually ignore all challenges. The result is that unless you remember to proactively white-list their email address beforehand (assuming you even know it), you won’t get the email you want.
White and black lists
Almost all of the solutions above also include the ability to “whitelist” or “blacklist” an email address.
Whitelisting means you indicate email from a particular address should never be flagged as spam or delayed in any way. Blacklisting means just the opposite: email from a particular address should always be flagged as spam and never delivered to you.
Whitelisting and blacklisting are important additions to the anti-spam regimen. Whitelisting is particularly important to prevent false-positive spam filtering of things like newsletters. Unfortunately, they are far from perfect. Blacklisting or blocking is particularly ineffective when it comes to spam. Spammers frequently “spoof” the “From:” address in email, making it looks like it comes from someone other than it really does — often even yourself.
The bottom line
There’s no magic bullet. Spam will continue for the foreseeable future. However, there are steps you can take to reduce the amount you need to deal with.
- Protect your email address. Don’t post it publicly, and share it only with people and businesses you trust.
- Learn the nuances of the spam filters available to you and use them.
- Learn how to whitelist email addresses in the program and services you use.
- Enable spam filtering by your provider and in your desktop email program, if you use one.
- Check your junk or spam folders regularly.
- Never mark email you have asked for as spam.
Finally, don’t stress out about spam. Instead, just use the Delete key or Spam button liberally, and move on.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,