Drowning in a sudden flood of spam? Here’s what to do.
In general, no, you need not worry — unless you see suspicious activity beyond just spam.
This happens all the time, to be honest.
Let’s review the steps you should take. You may be taking them already.
Become a Patron of Ask Leo! and go ad-free!
Suddenly getting more spam
Waves of additional spam are not uncommon as spammers ramp up campaigns and make use of email addresses collected in recent breaches. If spam is landing in your spam folder, then the system is working as designed. While spam itself is nothing to really worry about, other unexpected activity across your online accounts and digital world are definitely worth paying attention to.
Spam in the spam folder means it’s working
Some folks get upset when a sudden flood of spam appears, even if the spam is all being delivered to their spam folder.
Folks, that’s the system working. If spam shows up in your spam folder and not your inbox, that’s exactly how things are supposed to work. Rather than getting upset, be glad your spam folder is working as it should and filtering all that stuff before you see it.
Now, if you’re getting a flood of spam in your inbox, that’s different. That means your spam filter isn’t doing its job. There are three actions you can take:
- Mark each spam email that lands in your inbox as spam or junk. That should train the spam filter and improve its accuracy in the future.
- Set up a rule or filter to automatically mark email with certain keywords or consistent characteristics as spam. This can be difficult and time-consuming to be of any real use, though. Note that blocking senders does not work. Spammers fake and randomize the email address their email appears to come from.
- Consider switching to an email service with a better spam filter. At this writing, Gmail continues to be my choice.
What you really want, however, cannot be accomplished.
You cannot stop spam
Anyone can send you email at any time from anywhere. Period.
That includes spammers.
There’s still no way to get them to stop. Many (MANY) solutions have been proposed, but they’re generally either unfeasible or incredibly error-prone, and would cause delivery failures for legitimate email.
Railing against the spammers is pointless. All you can do is manage spam when it arrives.
That’s why we rely so heavily on a good spam filter.
Where floods come from
A sudden increase in spam is not unusual. The real reason is unclear, but your theory that some spammer just got ahold of your email address is a good possibility.
The greatest impact of many of the data breaches we hear about from time to time is that our email addresses are exposed. It’s quite reasonable to assume that once hackers and spammers get ahold of this fresh new list of email addresses, one of the first things they do is set up a campaign of spam. The result is… more spam. Sometimes lots of it.
Spammers also come and go. They run campaigns, and they take time off. In many ways, spamming has become just another job on the internet. So, again, it’s reasonable to assume that spammers simply start up new, large, campaigns of spam from time to time.
Regardless of the reason, from our perspective, spam often comes in waves.
When to worry
Getting spam is, honestly, nothing to worry about. Getting more spam is also not really something that concerns me.
What does concern me are account breaches, unexpected non-spam activity, and identity theft. If you see anything suspicious across your online access, your credit cards, or the rest of your digital world, that’s usually something to pay attention to.
But more spam is generally just . . . more spam.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Would it be beyond the wit of someone in the tech world to persuade governments to levy a tax of (say) one cent, penny or whatever on every person or entity using more than(say)100 emails per day? It could make the harvesting and resale of stolen details a lucrative business for the tax man without penalising the less financially blessed. Or is there something I’ve missed?
It’s been suggested repeatedly. There are a bucketload of issues (it penalizes the good guys, is just one), but the reality is — it’s not going to happen.
It wouldn’t really penalise the good guys. For businesses it would be seen as a normal business expense, such as the price of a stamp, envelope and printed leaflet used to be. For the various free sites like yours, we would pay a subscription, but the cost for us the receiver would be 50p per year (UK). And if anything it would reduce pointless mailings from the good guys – how often do you get an advertising note from a business you want to keep in touch with so cannot block, but don’t want to hear from them except when there is something useful to learn?
How would you tax spammers, which, by definition, are criminals who evade detection ? No email provider wants its service to be abused for sending spam, and yet, the world is awash in spam.
The idea is that the SMTP servers charge that tax before they send the email. Spammers will find a way around it as hackers always do. Only honest people would be penalized.
Recently i too have started to receive a hundred or more spam mails on my gmail account on a daily basis, but not on any of my other accounts. While some are sexual in nature, most are financial – credit bureau checks, banks and other phony lending institutions, free gift cards from major department stores etc etc.. 99% are going to spam. But in my spam folder, if i open any of those emails (don’t worry, i’m not clicking any links) i have the option to report it as phishing. But the same ones keep coming back. I know that the ‘from’ address is randomized and it’s useless to try blocking them, but exactly happens when i report phishing? Are there real people investigating them? Am i wasting an hour every day to mark those hundred that i get as phishing, hoping that someone will actually look into it?
If they’re landing in your spam folder, I would advise doing nothing — ignore them. If they’re landing in your inbox, mark as spam.
I hate to say it… but “Me too”.
For quite a while, maybe a few years, I have not had a problem with spam arriving in my “in-box”. Even then, maybe only 5 or 6 emails a day but they have automatically gone to my spam folder. A few weeks when I opened Thunderbird, it updated. I trust it was a legitimate update since it was applied when I started Thunderbird. The next time I opened Thunderbird (a few hours later) I received 2 or 3 spammy emails in my “in-box”. It seems as if I have to start training Thunderbird to recognize spam all over again.
I have said it for years and still firmly believe that spam is a direct result of the user and their habits. With a Yahoo account as my primary email, I average 1-2 spam messages a week. Some weeks I go with none at all. I have even gone several months in a row without seeing one. If people would stop providing their email address to every source out there, the spammers wouldn’t be able to access it when they gain their opportunities. Just think about how many sources people freely give their email address to without hesitation. . .online surveys, online coupon/discount code resources, department stores, insurance quotes, sweepstakes, hotel chains, real-estate agencies, social media, cable/satellite providers, news/media resources, various publications/newsletters, nonprofit groups and the list goes on and on. At the end of the day, how many of these sources does one truly need to give that information to for life to carry on? I’m 41 and have managed just fine only giving it to the banks and utility companies I deal with directly. I believe the same rule applies to phone solicitors. I have both a landline and cellphone. I average less than one solicitor call a week. Why, because I keep that information personal. People need to stop falling prey for everyone and everything out there.
Having good habits is certainly necessary, but luck plays a part, too. You might send email only to trusted individuals. However, if a single one of those persons gets his email account hacked, then your email address will very likely land on a spammer’s list.
You have no control over that. You can’t ask your correspondents to prove you they have good security habits before sending them email.
I have been using Mailwasher Pro from the day it first came out, would never be without it, it allows you to see your incoming mail while it is on your server, and allows you to delete any you do not like the look of (ie spam etc) before it is downloaded to your computer the files you do not delete will then be downloaded to your inbox if you wish.
I do not work for this company, I am just a very satisfied customer.
I use Posteo.de, a German high security mail system. It treats spam in a different and, as far as I know, novel way. Its spam filter is very effective, and when it detects a suspected spam email it notifies the sender that the email will not be delivered, along with the reason for the rejection. If it’s a legitimate email then the sender has the choice of either fixing what the filter objected to or contacting the recipient via a different path. There is no spam folder since every email is either delivered or bounced to the sender. In my experience of a couple years now I can’t think of a single instance when their spam filter made a mistake and classified legitimate mail as spam. It may have happened but I’ve always received each and every expected email in good time, so I suppose any sender who had his email bounced fixed the problem and re-sent it. This approach has the added advantage that a legitimate email is never lost by being embedded among a deluge of spam in your spam folder and deleted either manually or automatically by age. The occasional spam does make its way past the filter, of course, but my Thunderbird spam filter takes care of 99% of them.
I have an old Gmail account which I no longer use and haven’t since adopting Posteo. I do still monitor it via a separate Thunderbird account, and still very occasionally get a legitimate email from some long-forgotten source. However I get upwards of 200 spams per day which I delete after doing a manual quick scan. If Gmail were to adopt the Posteo method of handling spam it could reduce the overall spam traffic very quickly. Spammers just wouldn’t bother sending spam to a gmail account knowing it’d bounce and overload their servers.
One problem with that approach is that many businesses send out automatic emails with a “No reply” return address. If Posteo misinterpreted any email as spam, any response sent to that address will be ignored and you’d never know it was ever sent.
As well, I was initially skeptical about Posteo’s approach. However there’s been no problem. I don’t know whether their spam filter is really that good or they’ve found a way to bounce messages that bypasses the “no reply” return address, but I’ve never failed to receive valid email.
They might have a great spam filter, but there’s no way to bypass the “no reply” address. And even if they could, I can’t imagine a company who would reply to that kind of confirmation message and figure out why their emails have been rejected and take the time to correct it.
Exactly. This Posteo system looks incredibly dangerous to me. False positives and false negatives are unavoidable in spam. Not even delivering spam ensures that at some point, you won’t get an email which is very important to you, and you won’t know about it.
In my experience, it’s often the largest and most important companies, or government branches, which are the most sloppy about Internet standards. Imagine not getting a bank warning, or a government message, just because Posteo thinks it’s not respectful enough of their rules.
If you think you are getting a lot of spam, I happened to notice the stats for Ask Leo! comments. We get over 120 spam comments for every legitimate comment. We have Akismet to filter out the spam and only see an average of one or two spam comments a day.
Thanks for this, for me, timely article. Prior to this summer, I got fewer than 20 spam emails in my hotmail account; then, the numbers exploded to up to and sometimes over 100. Thankfully, Hotmail put almost 100% in my Junk folder. However, being nosy, I scroll the list just checking for something legitimate. What I noticed is that the “From” is very deceiving and doesn’t match when I hover my mouse over the name. Instead of the known brand, e.g., ‘A—-n’, as listed, it’s ‘newsletter@——.com’ for every one. I started checking them all to Block but there are more of the same every day with a different domain. So, you’re right “blocking senders does not work.” From now on, I’ll just delete them. One more thing, the spam problem doesn’t seem to happen with my Bell accounts.
“However, being nosy, I scroll the list just checking for something legitimate.”
That’s not being nosy. Unfortunately it’s necessary. You might lose important emails if you don’t.
There are at least 2 reasons that account gets more spam.
1. Hotmail and other popular email address get more spam sent to randomly generated email addresses.
2. If you’ve ever responded to a spam mail, even just by clicking on an unsubscribe link, it tells the spammer your email address is a live one and it is sold to other spammers.
3. How Does Blocking Pictures in an Email Protect My Privacy?
Unfortunately, once the spam genie is out, there’s no way of getting it back in the bottle.
Can I reduce spam by forwarding spam emails to: ?
No. There is no place you can forward your emails that will help
Mark them as spam in your email program or email website and then fugettaboutit.
I used to get occasional bounce-backs, of emails sent to a friend but rejected along the way for some reason. I once thought that emailing to a non-existent address would result in this sort of “return to sender,” and so reasoned the spammers blitzing random generated email addresses would know an address was legitimate, just because no return bounce occurred.
Am I correct in this? The last two weeks have seen a sudden surge in two distinctive spams – a female first name sender, short Subject entry like Fwd: or Re: and suggestive images in the main field, and now also random Senders with “Class Invitation:” in the Subject field – of my modest email inbox this morning, 56 of the 80 are spam.
I am very austere in messaging, do very little online shopping, so what’s up? The idea that someone else’s email address book has been compromised (i.e. my wife who is terrible with securing her virtual world) makes sense, but handling it feels very archaic.
It does amuse me to read other’s angry comments, blaming their provider or Microsoft or Google or “the Feds” for the problem, when tracking down criminal hackers, who may have global locations, seems incredibly hard, and expensive.
I thought about either creating separate accounts, and/or using marker punctuation within the email address I provide in specific communications, then seeing which variant is showing up in my inbox, but honestly wasting this much of my time isn’t my primary goal in life.
I use Juno, and send spams to the “Report as Junk” folder, currently holding 250 emails, but don’t know whether Juno really does anything comparable to Google, in advanced spam blocking based on this Junk feedback. I routinely empty this folder, which otherwise just sits there.
Two things:
Can I Count on Mail to a Bad Address Bouncing Back?
Why Am I Getting Bounces for Email I Didn’t Send?