Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How Do I Get Rid of All this Spam?!?!

Spam is ubiquitous. Everyone gets spam. Those who aren’t will, and those who’re only getting a little will eventually get more.

I get many hundreds of spam messages a day. That’s probably nearer the high end of the average range, but it’s certainly not an uncommon amount.

While one source shows that spam has dropped to just under half of all email traffic for the first time in years, it certainly doesn’t seem that way in our mail folders, does it?

What’s a poor user to do?

Become a Patron of Ask Leo! and go ad-free!

No silver bullet

Even after all these years, there is still no magic answer and no silver bullet. There is no solution guaranteeing you’ll get only the email you want and all the email you want.

There are many partial solutions that have varying degrees of success, depending on your needs and your willingness to accept restrictions or additional steps.

But all solutions today risk both of the unwanted alternatives:

  • Letting some spam through
  • Blocking some legitimate email

Let’s look at some of those solutions.

Spam filters

Spam filters remain the most popular solution, being used in one form or another by email providers, services1, and programs.

Filters analyze email messages as they arrive, prior to reaching your inbox. They flag, or in some cases delete, messages they “think” are spam. Characteristics used to make that decision include:

  • No SpamWords or phrases commonly associated with spam, such as certain drug names, sexual terms, and more.
  • Links that go to known malicious or suspicious sites.
  • Links within HTML messages that hide their true destination.
  • The presence of attachments, or attachments scanned and found to contain malware.
  • Email from IP addresses associated with spammers.
  • Email from email addresses associated with spammers.
  • Too much email too quickly from a single source.
  • How many times you or others have marked similar email as being spam.

There are probably more criteria, including some kept secret to make it harder for spammers to work around them.

Spam filter criteria

No two spam filters use the same criteria or techniques, and different criteria become more or less important over time. This is one reason we often consider one email service as having a better spam filter than others (which also changes).

Targeting IP addresses used to work well, because spammers used specific mail servers — often hacked servers — to send spam. Now, with the rise of botnets, almost any computer at any IP address on the internet could be the source of spam. This makes blocking IP addresses futile, though it’s often still done.

Sometimes filters get it wrong. Even with spam filtering in place, you’ll probably still get spam. Worse, filters occasionally mark email you want as spam.

Spam filter recommendations

On one hand, I don’t have a formal recommendation for spam filters, because they are specific to either your email provider or program. You may already have several spam filters available to you:

  • Your email service (Gmail, Outlook.com, etc.) or your ISP-provided email probably already has one. Make sure it’s enabled.
  • Your email program (Microsoft Office Outlook, Thunderbird, etc.) also probably has one. Make sure it’s enabled, too.
  • There are third-party programs and services like Mailwasher you can install that will also filter your email.

On the other hand, I do have a recommendation: use Gmail — either as your primary address, or route email from another source through Gmail. As I update this post, Gmail continues to provide the best, albeit not perfect, spam filtering I’m aware of.

Check your spam folders

Spam filters can handle spam in three ways:

  • They delete it so you never see it
  • They deliver it to a “spam” or “junk” folder instead of your inbox
  • They modify the Subject line in some way, typically adding the word “spam”

Some filters use all three, or you’ll experience all three because your incoming email might be routed through multiple, different spam filters.

The second option, the spam folder, is by far the most common. It’s important to periodically check the contents of this folder. Filters are never perfect and will occasionally mark something as spam that is not.

Similarly, if spam arrives in your inbox, use the tools you have available to mark it as spam. The spam filters learn from this and improve over time.

Using multiple addresses

Another common approach is to use multiple email addresses.

  • Select one email address to be your “private”, guarded email address — much like an unlisted phone number — that you only give to people and services you trust.
  • Create additional “throw-away” email addresses to use for a limited time (say when registering a product) or for a limited purpose (like registering for a website) and can safely ignore after those purposes have been met.

There are lots of ways you can create throw-away email addresses. Signing up for a free email account is probably the most common.

Challenge/Response

Another entry into the fight against spam is something called challenge/response. It’s available as a service you can add to your existing email, and is offered by some ISPs.

Challenge/response, as its name implies, is a challenge sent in response to email from an unknown source to prove the sender is real. If they respond to the challenge (typically by clicking a link) to confirm that they are, then a) they are remembered and never have to see a challenge again, and b) the mail they sent you is delivered. If they do not respond, you never see the email, or you have to take extra steps to check for it.

The problem with challenge/response is that not all legitimate email is sent by people who can respond to the challenge. Signing up for a mailing list, making an online purchase, and other activities might result in a computer, not a person, sending you an email confirmation. This is email you want. Yet senders to such lists don’t have the resources, or often even the ability, to respond to a challenge for each recipient. They usually ignore all challenges. The result is that unless you remember to proactively white-list their email address beforehand (assuming you even know it), you won’t get the email you want.

White and black lists

Almost all of the solutions above also include the ability to “whitelist” or “blacklist” an email address.

Whitelisting means you indicate email from a particular address should never be flagged as spam or delayed in any way. Blacklisting means just the opposite: email from a particular address should always be flagged as spam and never delivered to you.

Whitelisting and blacklisting are important additions to the anti-spam regimen. Whitelisting is particularly important to prevent false-positive spam filtering of things like newsletters. Unfortunately, they are far from perfect. Blacklisting or blocking is particularly ineffective when it comes to spam. Spammers frequently spoof” the “From:” address in email, making it looks like it comes from someone other than it really does — often even yourself.

The bottom line

There’s no magic bullet. Spam will continue for the foreseeable future. However, there are steps you can take to reduce the amount you need to deal with.

  • Protect your email address. Don’t post it publicly, and share it only with people and businesses you trust.
  • Learn the nuances of the spam filters available to you and use them.
  • Learn how to whitelist email addresses in the program and services you use.
  • Enable spam filtering by your provider and in your desktop email program, if you use one.
  • Check your junk or spam folders regularly.
  • Never mark email you have asked for as spam.

Finally, don’t stress out about spam. Instead, just use the Delete key or Spam button liberally, and move on.

Podcast audio

Play

Video Narration

Footnotes & references

2 I draw a distinction between email providers — like your ISP or workplace — and email services — like Outlook.com, Gmail, Yahoo! Mail, and others.

43 comments on “How Do I Get Rid of All this Spam?!?!”

  1. For Outlook users:
    I have been having a lot of success with a Spam filter called spambayes. You can find it at spambayes.org. I’ve yet to have a “good” email get deleted. If the filter isn’t sure, it will deposit it into a folder called Junk Suspects and then you can tell the filter whether it is good or bad. The filter learns from past emails which is good and which is bad. If you have a bunch of emails saved up (both good and spam) you can give it a headstart when it first initializes.

  2. Leo,
    I am not interested in any email that “domains” from China, or Russia. Is there a way of blocking all mail which has any connection to these countries. What I’m asking I guess, is there a way of simply having this mail not even leave my ISP or at least auto delete forever without my even knowing it existed.
    I’m not concerned about ‘good’ mail not reaching me because I’m not interested in *any* mail that has in its headers any reference to China or Russia.
    MailWasher blacklists most of these but I still have have to go through them and manually delete them. I would rather they didn’t even show up in MailWasher at all.

    Mark Clydesdale
    Vancouver, Canada

  3. I’ve been ‘told’ by sbc/yahoo that my spam box is ‘full’….now what do I do….??? empty it and start all over again or??? this spam is driving me nutsy….or nutsier!!!

  4. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    If they’re refering to the folder into which spam email is
    placed, then yes … review it for any false positives, and
    then empty it.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFIUp1nCMEe9B/8oqERApe2AJ0c4m/SyZSdZJ/RdQD74pwdfkbbEwCeMNNs
    35lxkoGpe4N8f2/fejpCYSU=
    =SQWC
    —–END PGP SIGNATURE—–

  5. Has anyone tried Mailwasher? I have been using it for years, literally. it’s not one for the online emails like Yahoo or MSN, but for your home email addresses. You run mailwasher before checking for emails in your email program. Mailwasher will look and see what messages are on the server for you, and at that time you can bounce them back (sent to the REAL sender) or you can okay them as legit. I get virtually no spam. When a spammer sends one, you can bounce it back and it sends the message that your email address does not exit. These are email address’s I’ve had for over 10 years. I wonder why the mail servers don’t have this built in technology. It’s a great free little program, I use it on both the Mac and PC. Can even add multiple email addresses, as I have, to have it check them all first without downloading anything. Once you’ve ‘cleaned’ up your incoming mail, then go to your usual email program like Outlook, and you only download the good stuff. 🙂 Site is Mailwasher . org for those interested. Hope that helps!

  6. Another vote for “Mailwasher”, I have the pay for (Pro Version) and it is just great.
    Have no affiliation with these people who I believe are in New Zealand but saves me from hundreds of these cursed spammers.

  7. Some anti-spam methods are better than others.
    Blocking every ‘SPAM’ sender will eventually have you try to block yourself – a lot of the spam I receive these days is apparently sent by me…
    Challenge / Response methods also suffer from the above spamming technique – either they let it through, or replace the original spam with a Challenge.

    Some time ago, there was a rumour that ISP’s were going to charge a penny an e-mail (starting with Microsoft). While a lot of people shouted about it, I think it had merit – though it would be unfair against ‘bot’ infections.
    I think there should be a limit on how many e-mails a given PC can send (unless it registers as a ‘business’ with it’s ISP).

  8. Leo’s technique is best.
    Step 1 – use GMail
    Step 2 – use GMail
    Step 3…etc.
    In 5 years I’ve had probably 5 spam messages get through.
    If you’re concerned about your Outlook or Thunderbird or whatever, no problems – keep receiving it that way but divert it to your GMail client. Every few months, just flush out the ‘old school’ client.

  9. My simple solution: use my email (Outlook) junk/spam trainer every day; check junk every few days, “unjunk” those which aren’t and delete all remaining junk.

    This may not help for those with large volumes of spam, but I find that if I keep this up, I don’t build up too overwhelming a collection of messages to deal with. It takes some deliberation, which is sometimes hard to come by.

  10. I must be lucky or doing something right.
    My ISP’s email account has been spam free since I signed on with them 2 years ago.

    My gmail accounts however get around three or 4 spam messages a day.
    I’ve setup a filter in gmail to send spam directly to trash.

    I check it frequently to see if any legit email gets sent there.

    I’ve only had one valid email disappear to trash.

    Spam never gets to Thunderbird.

  11. I am either extremely lucky or I must be doing something right. First of all, I get almost 0 spam in all my POP3 accounts (my own Web site). But then, I never post them anywhere and I only use those eMail addresses for SERIOUS uses. (Banks, eBay, purchases from known sites, reputable computer sites, like this one, etc.
    Then I have a Yahoo account which I use for stuff like CraigsList. That account receives perhaps 20 or so spam messages per day and I report each and everyone to the associated “gate keeper”. Both Yahoo and HotMail (MSN, Live, etc.) acknowledge every message reported as spam and either report back their “action” or tell you if the eMail “faked” its origin.
    For everything else, I copy and paste into SpamCop’s window and let it figure out to whom to report it.
    Speaking of CraigsList, beware of “generic” replies (like “Why are you selling this?”, “What is your location”, “I’ll buy this”, etc.) They are all intended to elicit a response and then they will have your actual eMail address thus working around CraigsList’ redirection. I report ALL generic responses as spam suggesting they check the account’s outgoing box to verify that they only send that type of traffic. Almost everything I have reported to Report_Spam@HotMail.Com has resulted in a message saying they closed the account. Network-abuse@cc.yahoo-inc.com is NOT so informative but they either reply that they have taken “appropriate action” (90 %) or that the message did not originate from Yahoo or that they cannot do anything.
    It seems like a never ending task but if everyone does his/her part it will help. I know that I have seen certain specific types of spam totally disappear from my box. (For example, those sent via CraigsList posting with links to “Google posting” get rich schemes. All of those I saw came from “reportable” eMail addresses like AOL, AIM, HotMail, Live, MSN, Yahoo, etc. and I reported each and everyone of them. That scheme, for example, is gone from my eMail stream. I suspect that these were from souls that bought the “kit” and got tired of having to get a new eMail address everyday, perhaps even more often.

  12. I use SpamBully to get rid of my spam messages. It works very easy. All you do is tell the program what emails are good and which ones are spam and it gathers your information to decide the difference. It also has a 1 click interface to let you report the spam. Here is a link to my own information on the product and if you what a copy of it there is a link to where you can make the purchase. It is the best software I have ever owned for ridding myself of email spam. SpamBully Product review and purchase

  13. i have searched ‘ask-leo’ but can’t find how TO CREATE a whitelist for thunderbird email..can’t find the word ‘whitelist OR blacklist’ anywhere under any file, view, tools etc.
    i have no spam problem just a problem receiving some pictures especially if sent from a mac to my pc.

    Thunderbird doesn’t ahve a “whitelist” or “blacklist” as such. It uses an adaptive (learning) junk mail filter, and allows you to specify address books as containign email addresses that should never be marked as junk (effectively a whitelist). Check the Account Settings for each account you have configured and you’ll find a Junk settings section.

    Leo
    25-Jan-2011

  14. A number of people (including me) have been receiving a particular type of spam from a source that uses a product or service name, such as Cheaper-AutoCoverage followed by . You don’t identify this particular kind of spam in your article and I wanted to bring it to your attention. Many people seem to believe that the spam comes from AT&T, but they are falling from the “spoof” as you describe it in your article.

    I have been unable to filter these emails and it appears that others have had no success as well. Is it possible to block a bracketed address that is associated with many names? I had no success trying to filter with ATT.net or Outlook. With Outlook it’s possible to search for any email from the bracketed address (ignoring the name) so I can delete these without reading them, but I really don’t want to see them in my email list to begin with.

  15. My solution, which is still working well over two years now, is to have all my non-family and friends’ e-mail sent to my Gmail account, and to set up Gmail to forward it to my regular e-mail account, and to retain a copy on the Gmail server. Every once in a while I check my Gmail account’s Spam and Trash folders to verify that no “good” mail gets spammed or trashed, and that all the mail in the Spam folder is indeed spam. I’m very happy with this simple arrangement. I am getting all my e-mail without a trace of spam.

  16. Please could you outline the actual steps of “routing email via gmail for spam filtering” do you need a backup email address on your own domain? Or is it achievable using only one “own” email address + forwarding tricks? Thanks 🙂

  17. Leo:

    Can you tell me why I receive emails such as this “This is an automatically generated Delivery Status Notification.

    Delivery to the following recipients failed.” when I never emailed to the address that is in question? Thank you.

    David

    • A spammer, sending spam that is faked to look like it came from you, sent spam to an email address that had whatever problem is listed in the bounce message. Since the message was faked to look like it came from you, you get the bounce. This is very common, and there’s nothing to be done.

  18. I am receiving about 20 or 30 emails a day offering my money,telling me I have won the lottery etc. I was told to click on the message, hit the spam button ,the delete. Is this the best way? I have outlook outlook express.
    Can you help me or do I have to dump my email address and start with a new one?

  19. like the old saying goes follow the money..who is the person company or corporation that benefits from all this spam. and why don’t the government go after them….???

    • They do. But there are so many, and they’re mostly in countries that we don’t authority to operate in. And the government’s resources are limited.

  20. I have tons of email spam at least twice a day I empty it now for some reason my browsing history is getting spam in it is this possible cause my wife thinks I’m cheating

  21. I am always trying to thimk of kind of ridiculous ways of answering these nuts that are “”trying to find men” or are in bed and want to do “”lots of things with you (me). For example, “I don’t drink and I don’t chew, So why would I go with a slut like you?”” Or, You are looking for men? Try going to LOWE’S or
    Home Depot at 6:00 am. You will find all kinds of men there at that hour. Or Walmart is always good! But i have decided that is just free advertising. Besides, if I tried send this in a reply they would just double up on the lowest of the low emails.

    Thanks for your always on-target advice. Oops, On target is not politically correct anymore. I guess the retail store will have to rename the place and stop having targeted sales items. Have a great rest of the weekend.

    • Not a good idea. Responding tells them they have a live one. Any spam you respond to increases the value of your email address for selling to other spammers.

      • I don’t get spam.

        The problem is not Bed, Bath, and Beyond selling our
        addresses to Fishing Tackle, Sporting Goods, and
        Beyond. Those companies comply with the unsubscribe
        link. And if they don’t, and if an alias address is
        used with them, the address can be deleted, terminating
        any further contact.

        The problem is Woodpeckers. They’re 99.99% of the
        problem. If we nail the woodpecker, we’ve solved
        our problem.

        Woodpeckers use a veritable roulette wheel of phony
        return addresses that foil traditional blocking
        filters.

        We need four things to stop spam once and for all,
        and these are available:

        !. scrambled usernames
        2. alias addresses
        3. an Exclusive Blocker
        4. the option to block spam at the server.

        AOL has the Exclusive Blocker that can be set to
        accept mail only from Contacts or Address Book. And
        Aol has an option to block the spam at the server
        so we never see it.

        Alias addresses from gmx.com and mail.com permit us to
        receive mail from those we don’t know.

        Scrambled usernames are the first line of defense
        as they prevent brute force guessing of our usernames.

        For personal contacts we use alias addresses with a
        username like leomark9tW4x#b&@gmx.com. Leo is the
        sender and Mark is the recipient. Mark knows who is
        emailing him and the scrambled string foils the brute
        force password guesser. The first and second names
        are not necessary for non-personal contacts.

        AOL can be used to receive our monthly billing
        notifications. No other mail can be received while
        the Exclusive Blocker is activated in Spam Settings.

        However, billing addresses could be spoofed to bypass
        the Ex Blocker, so the AOL address must be scrambled
        and, ideally, the AOL webmail would only be populated
        with companies who don’t give out our AOL address:
        phone, utility, credit card isuers, banks, auto
        insurance, etc. (The spoofer needs both the username
        and a Contacts address to bypass the Exclusive
        Blocker).

        Unknown companies should be given an alias address
        for contacting us. If a company reveals our alias
        to another merchant, the alias can then be deleted.
        Or, the second company can be blacklisted with a
        right-click on the unwanted mail.

        An added Gmail account can fetch billing and other
        mail from AOL so that we only have to open two
        webmails daily: the Gmail for business and the gmx
        alias account for friends and merchants. (Gmail’s
        Fetcher doesn’t work well with gmx alias addresses).

        I’ll close by repeating: Bed, Bath, and Beyond is
        not our problem. Woodpeckers are the problem.

        This approach has worked for me for over 5 years.
        You’ll have to start over with new email accounts
        and figure a way to import or export your old emails
        to the new accounts. But it’s worth it!

        I may rarely get an unsolicited email in a deletable
        gmx alias account; but I don’t get woodpecker spam.

        Give this a try! Your “spam management time” will
        fall through the ice!

        • Update: Looks like AOL has revised its spam setting options. Now the user can only block specific addresses, which must be typed or pasted. No more Exclusive Blocker, no more blocking at the server.

          Safe-Mail has the Ex Blocker features we need. Click Preferences>Mail Control.

          Inbox.com has these features, but they haven’t accepted new subscribers for 3 or 4 years now.

          I have one AOL account that still has the old Exclusive Blocker. I’ve opened a Safe-Mail account in anticipation of AOL’s revision.

  22. My problem is not that I receive spam but that hotmail, now outlook.live.com, blocks one of the ask.leo emails on a regular basis. The “tip of the day” almost never gets through. I prefer using my mail program to send and receive email but now I check the outlook web mail in an attempt to let that particular set of emails through. I have white-listed the address and always mark the emails (which land in the junk mail file) as not junk. Both of the other emails, the newsletter and the best of ask Leo get through fine. I thought after enough time I would have trained that particular spam filter – it has probably been about 6 months but no luck. I don’t know what else I can do except change my email address for ask Leo. What is funny though is that it also blocks some Microsoft messages. My guess is that it only looks at the email subject and not the sender.

    • For this and related reasons, I’ve given up on Hotmail/outlook.com. Years ago, they blocked an entire email provider’s, gmx.de, domain. The emails didn’t even to to Spam, they were rejected and a bounce was sent to the sender. I was finally able to solve the problem by writing Mary-Jo Foley, a well know tech guru and blogger. She was able to use her connections with Microsoft to point out the problem to them. Since then, I only been using my Microsoft account to log into Windows and little else. I use Gmail as my main email account. If you switch, you can keep your Hotmail account to catch any emails from people who aren’t aware of your new address. It seems like Microsoft’s near monopoly has made them feel exempt from having to respond to the average users’ needs.

      • Thanks for the reply. I believe you are correct. Luckily this is not one of my important email addresses although I do consider Ask Leo to be important .

  23. Hello Leo, i was wondering why do i get nasty spam meassages directed towards my first and last name? How do they know my name? I am female and and i get nasty adult oriented spams from other women. Also i forgot to say that my name comtains my first and last name, maybe because of that?

    • There are many ways that the real name associated with an email address gets into spammers databases — everything from data breaches at large companies, to innocent forwarding of emails without hiding the recipients on a BCC line. Basically, any email you send that has your full name and email address (as most do in the From: line), is easy pickings for spammers. Don’t read too much into it — if it lands in your inbox mark it as spam and move along with your day.

  24. Dear Leo,

    I got a spam on my email address about asking me to unsubscribing from a dating site with a huge red button saying “usubscribe”. Email that spam was sent from was very weird and unusual. Is it possible to get such spam if you never registered to any dating site using mentioned email address? Is it only a clickbait?

  25. Hey Leo!
    First of all great article, second i have a question.
    I got a very weird spam message saying this:
    “Hello tenastadle3390,
    Your friend recommended that this would be the perfect site for you so we have activated a free membership just for you. Come check out the best dating site online for meeting sexy members for hooking up.
    Your Username: tenastadle3390
    Your Password: 99056dad
    By clicking “TO VERIFY YOUR FREE ACCOUNT” you certify that you are at least 18 years + and agree to the terms & conditions including the use & nature of online cuties, that are fantasy profiles who may contact members for entertainment purposes, updates and offers.”
    I didn’t sign up for any site, especially not such kind of site. So what this spam now means? Do i have a profile there or is this all just a click bait for me?

  26. Okay thank you for your replies. I just never saw such spam, have you ever seen similar spam like that? I just went to that site (not via link) and tried my email on “forget password” and it says they don’t have it in their database. Apparently they think i am a male so they offer me women to hook up with ….

    • Of course, they don’t have it in their database. You never signed up. It’s just plain spam and the best thing you can do is mark it as spam in your email program or email website and ignore it. Never click on those links or go to those sites. In the best case, it’s just spam. In the worst case, you can get malware. Clicking on the forgot password link confirms your email and opens you ip to more spam.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.