If it seems like the amount of spam you’re seeing has been getting worse, that’s only because it has. Spam in all its variants has only been increasing and attempts to legislate a solution appear to have had little if any impact.
So what’s a poor user to do?
The bottom line is that there is still no magic answer and no silver bullet. There is no solution today that will guarantee you get only the email you want while at the same time guaranteeing that you will get all the email you want. There are many partial solutions that have varying degrees of success, depending on your needs and your willingness to accept some of the restrictions or some additional steps.
But all current solutions risk both of the unwanted alternatives: letting some spam through and preventing legitimate mail from reaching you.
Filters remain the most popular solutions across ISPs, email services, and even email programs.
Filters work by analyzing email prior to your seeing it and then flagging or even deleting the email that it thinks is spam. Characteristics used by filters to determine whether or not an email is spam may include:
The bottom line is that there is still no magic answer and no silver bullet.
- The presence of words or phrases that are most commonly associated with spam such as the names of assorted drugs, sexual terms, and more.
- The presence of links within the mail that go to known malicious or suspicious sites associated with spammers.
- The presence of links within HTML-formatted mail that mask where they actually link.
- The presence of attachments or attachments scanned and found to contain malware.
- Email from IP addresses associated with spammers.
- Email from email addresses associated with spammers.
- “Too much” email from a single source in too short a period of time. (Not just to you, but perhaps to multiple recipients on your email service.)
- And probably many, many more thing that I can’t think of.
One problem is that no two spam filters use the same criteria, and no two will use all the criteria. Similarly, the importance of one criteria over others will change over time. It used to be that targeting IP addresses was a good technique because spammers tended to use specific mail servers from which to send their spam. Now, of course, with the rise of “botnets” almost any computer on the internet could be the source of spam and blocking IP addresses becomes a futile technique.
Another problem, of course, is that criteria often lead to bad results – sometimes filters get it wrong. It’s typical to continue to receive a reduced number of spam emails even with filtering in place. Worse is that filters will occasionally mark as spam email that you truly wanted. In a business situation, this is simply unacceptable.
I actually don’t have any formal recommendations for spam filters. Not because there aren’t good ones out there, but because they are very specific to either your email server or ISP or to your email client. You may already have several spam filters available to you:
- Your email service or ISP will in all likelihood already have one for you. Make sure that it’s enabled.
- Your email program (Outlook, Thunderbird, etc.) will also likely have one as well. Make sure that it, too, is enabled.
- There are third-party programs like Mailwasher that you can install that will also filter your email.
My current solution is Gmail coupled with Thunderbird. All my email is routed through a Gmail account for spam filtering and then what’s left is filtered again by Thunderbird.
Check your folders: any time you use a filter to remove spam, you must check your “spam” or “junk mail” folders. As I mentioned above, filters are never 100% accurate and will occasionally mark something as spam that is not.
Another common approach – even if you use filtering already – is to have multiple email addresses.
- Select one email address to be your “private” guarded email address – much like an unlisted phone number – that you never, ever use in situations where the email address might be harvested for spam mailing lists.
- Create additional “throw-away” email addresses that you use only for a limited time (say when registering a product) or for a limited purpose (like registering for a website) and can safely ignore after those purposes have been met.
Another entry into the fight against spam is something called challenge/response. It’s available as a service from various companies and is now also sometimes offered or even required by some ISPs.
Challenge/response as its name implies is a challenge sent in response to email from an unknown source to prove that the sender is human. If they respond and confirm that they are, a) they are remembered and never have to see a challenge again, and b) the mail they sent you is delivered. If they do not respond, then you never see the email or have to take extra steps to check for it.
The problem with challenge/response relates to any mailing list you might sign up for, any online purchase that might result in sending you an email confirmation, or any legitimate organization that might send you valid yet automated email. This is email you want. Yet senders to such lists do not have the time or the resources to respond to a challenge for each of their recipients. Typically, they’ll simply ignore all challenges. The result: unless you remember to proactively white-list them beforehand, then you won’t get the email you request.
White and Black lists
Almost all of the solutions above also include the ability to “whitelist” or “blacklist” an email address.
Whitelisting means that you’ve indicated that email from a particular address should never be flagged as spam or delayed in any way. Blacklisting means just the opposite: email from a particular address should always be flagged as spam and never delivered to you.
While whitelisting and blacklisting can be important additions to the anti-spam regimen – whitelisting is particularly important to prevent false-positive spam filtering of things like newsletters – they are far from perfect. Spammers have the ability to “spoof” the “From:” address in email, making it looks like it comes from someone other than it really does – often even yourself.
The bottom line
As I said, there’s no magic bullet. Spam is here for the foreseeable future. However, there are steps that you should take to reduce the amount you get:
- Be protective of your email address. Don’t post it publicly or it’ll get harvested and used by spammers. Share it only with people and businesses you trust.
- Learn the nuances of the spam filters available to you.
- Learn how to whitelist email addresses in whatever email program and perhaps with whatever email service you use.
- Enable both spam filtering by your provider and in your desktop email program if you use one.
- Check your junk or spam folders regularly.
- Never mark as spam email that you have asked for.
- Don’t stress out – use the Delete key liberally and move on.
(This is an update to an article originally published in January of 2004.)