How to Combat Spam: A Guide to a Cleaner Inbox
In the past, spam manifested as physical junk mail, bombarding our mailboxes with unwanted advertisements and “junk.” Nowadays, however, junk mail has evolved into spam emails – unwanted and often malicious messages that have seamlessly integrated themselves into our digital lives. These emails have the potential to clog your inbox, consume your time and pose significant security risks. With the proliferation of online communication, the evolution of spam mail has emerged as a substantial problem. Fortunately, there are strategies and tools available to combat and reduce these nuisance.
Understanding Spam and Email Scraping
- Spam: Unwanted and often malicious emails cluttering your inbox. They can be sent for commercial purposes, phishing attempts or to spread malware.
- Email Scraping: A tactic used by spammers where automated programs (bots) scour the web to collect email addresses. These addresses are then used to build lists for sending unsolicited spam messages.
Security Risks Associated with Spam
- Malware Infection: Opening spam attachments or clicking malicious links can download viruses, ransomware, spyware and other malware, compromising your device and stealing sensitive data.
- Phishing Attacks: Spam emails often impersonate banks, companies, or individuals to trick you into divulging passwords, credit card numbers and other personal information.
- Financial Scams: Spam may contain fraudulent pleas for money, fake investment schemes or other ploys to steal your funds.
- Reputational Damage: Interacting with or forwarding spam can negatively impact your reputation and that of your organisation.
Important Reminder: Avoid forwarding spam emails to your IT department. Advanced email security systems can be compromised, potentially harming your organization’s network integrity and email deliverability.
Types of Spam Emails and Common Patterns
- Advance-Fee Scams (“Nigerian Prince”): Promises of immense riches in exchange for a smaller upfront “fee.” The riches never materialise.
- Fake Lotteries/Sweepstakes: “Congratulations, you’ve won!” These scams aim to collect personal information or fees to claim non-existent prizes.
- Health and Weight-Loss Scams: Promises of miracle cures, drastic weight-loss or dubious “health” products, often with hidden subscriptions.
- Tech Support Scams: Fake alerts about computer infections, urging you to pay for unnecessary and harmful “fixes.”
- Chain Letters: Threaten bad luck or promise good fortune based on whether you forward the email. They are often based on superstition.
- Fake Charities: Scammers prey on your generosity by impersonating charities, especially after high-profile disasters.
Remember:
- If it sounds too good to be true, it probably is.
- Never provide personal information or payment in response to unsolicited emails.
How to Detect Spam Emails
- Suspicious Sender Addresses: Check for misspelled email addresses or those with odd domain names (e.g., a company like PayPal should have @paypal.com as the domain rather than another domain)
- Grammatical Errors and Typos: Spam emails are frequently riddled with spelling and grammar mistakes.
- Sense of Urgency: Look out for language designed to make you panic or act impulsively, such as warnings about account closures or urgent requests for action.
- Too-Good-To-Be-True Offers: Be extremely sceptical of any offer that seems impossibly lucrative, whether it’s money, prizes or miraculous cures.
- Suspicious Links: Hover over links (without clicking) to check the actual destination. It may be a misspelling of a well-known website meant to fool you.
- Unexpected Attachments: Never open attachments from unknown senders, even if they appear to be common file types.
Strategies to Reduce Spam
- Report as Spam: You can train your email provider’s spam filter by consistently marking spam emails. Although it may seem tedious at first, this process helps your email detection system learn to identify spam more effectively, reducing the chances of receiving such emails in the future.
- Block Senders: Block senders of persistent spam from reaching your inbox. Blocking email address is an effective way to prevent further spam from known spammers. This can include blocking entire domains.
- Unsubscribe With Caution: Use the official “unsubscribe” links found in newsletters from reputable companies. Exercise caution when unsubscribing, as clicking “unsubscribe” in spam emails can confirm your address as active and increase the likelihood of future spam mail.
- Protect Your Email Address: Avoid posting your primary email address on public websites or forums. Consider using a secondary address for sign-ups and less important subscriptions.
- Avoid Clicking on Links or Opening Attachments: Spam emails can contain malware. Be suspicious of unexpected attachments or links with odd URLs, even if they seem to come from known contacts.
- Use Strong Passwords: Secure your email account with a unique, complex password. Avoid using the same password for multiple websites and services.
Third-Party Tools for Spam Reduction
- Spam Filters: Consider dedicated spam filtering solutions. Third-party spam filter solutions act as an extra layer of defence against unwanted emails, analysing incoming messages for spam-like characteristics, malware and phishing attempts. They block these harmful emails before they reach your inbox, reducing clutter, distraction and the risk of cyberattacks.
- Top Paid Spam Filters
- SpamTitan: Cloud-based, highly effective for businesses of all sizes. Offers granular filtering and excellent malware protection.
- N-able Mail Assure (formerly SolarWinds MSP): Designed for IT professionals and managed service providers (MSPs). Boasts powerful filtering and customisation.
- SpamSieve: Intelligent Bayesian filtering, integrates seamlessly with popular email clients (great for Apple users).
MailChannels Outbound Filtering: Focuses on preventing your organization from becoming a source of spam, ensuring good email deliverability. - ZeroSpam (formerly Hornetsecurity): A strong choice for Office 365 users, with advanced protection against phishing and malware.
- Well-Regarded Free Options
- MailWasher Free: Lets you preview and delete spam on the server before downloading it to your computer. The pro version is available for extra features.
- SpamBully: Effective Bayesian filtering with a user-friendly interface.
- SPAMfighter: Community-powered spam filter for Windows users.
- Top Paid Spam Filters
- Email Aliases: Services like SimpleLogin or AnonAddy let you create temporary or masked email addresses. This hides your real address while still receiving mail you want.
- Disposable Email Addresses: If you need to provide an address for a single signup, services like 10minutemail generate temporary emails.
Advanced email providers
Hosting your emails on your web hosting server is considered one of the safest and most compliant email hosting options, as it allows you to maintain exclusive control over all data. However, there are alternatives to self-hosting that offer a variety of features while still ensuring data integrity. If you’re considering transitioning to a more advanced email system, contact Rubix Studios today. We provide managed service provider (MSP) services for cloud-based email hosting, without any additional overheads. Our offerings include the following:
- Gmail (Google): One of the most popular email services, Gmail uses advanced machine learning algorithms to constantly improve spam detection. It also offers customisation options to fine-tune your filter settings.
- Outlook.com (Microsoft): Combines robust spam filtering with features like Focused Inbox to help you prioritise important emails. Offers user-friendly options to block unwanted senders and mark messages as spam.
- Yahoo Mail: Provides a good standard of spam filtering and customisable rules to help manage your inbox. You can set up filters for specific senders, subject lines or keywords.
- Proton Mail: Emphasises privacy, security and includes built-in spam protection that you can further configure as needed.
- Zoho Mail: Offers a business-focused email solution with robust spam filtering and the ability to create detailed rules for managing incoming mail.
Preventing Email Scraping with Chat Tools
While chat tools can’t directly stop email scraping (where bots harvest email addresses from websites), they can indirectly help by:
Contact Forms: Many websites use contact forms where users submit email addresses. Chat tools can reduce reliance on contact forms by offering alternative contact methods including:
- Live Chat Functionality: Platforms like Hubspot Chat (Free), Zendesk Chat (Paid), LiveChat (Free Trial), Zoho Chat (Free Trial) or Fresh Chat (Free Trial) allow real-time conversations with support agents, eliminating the need for contact forms.
- Chatbots: For frequently asked questions, chatbots can answer user queries without requiring email addresses.
User Education: Live chat agents can proactively inform users about the dangers of sharing their email addresses publicly and suggest secure communication methods like internal ticketing systems or phone calls.
Anti-Bot Systems: Use Google Captchas, Cloudflare Turnstile or similar anti-bot techniques to protect contact forms.
Cloudflare: Your Secret Weapon Against Email Scraping
While Cloudflare can’t make email scraping disappear entirely, its Email Address Obfuscation feature within Scrape Shield can throw a wrench in the works. By scrambling email addresses displayed on your website, it makes them unreadable to bots while still being functional for real people. It’s time to take back control and focus on what truly matters.
Cloudflare, a content delivery network (CDN), can bolster your spam defences in several ways:
- Bot Protection: Cloudflare offers Bot Fight Mode and other bot management tools to mitigate email scraping and malicious bot activity.
- Email Address Obfuscation: Cloudflare can automatically obscure email addresses on your website, making them harder for scrapers to find.
- Web Application Firewall (WAF): Cloudflare’s WAF can protect web forms by detecting and blocking suspicious traffic patterns that might indicate scraping attempts.
Creating your DMARC rule
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that helps protect email senders and recipients from phishing, spoofing and other forms of email fraud. It works alongside SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to verify the authenticity of an email message.
To create a DMARC rule, you need to add a DNS TXT record to your domain’s DNS settings. This TXT record contains the DMARC policy for your domain. Here’s a basic outline of how to create a DMARC rule and the values it can contain:
Create a DNS TXT record: Log in to your domain registrar or DNS hosting provider’s control panel and navigate to the DNS settings for your domain. Add a new TXT record with the following information:
- Type: TXT
- Value: “v=DMARC1; p=none; rua=mailto:your@email.com; ruf=mailto:your@email.com; fo=0”
Replace your@email.com with the email address where you want to receive DMARC aggregate (rua) and forensic (ruf) reports.
Values in the DMARC record:
- v: Version of the DMARC specification being used. It should be set to “DMARC1”.
- p: Policy for handling messages that fail DMARC authentication. Common policies are:
- none: No action should be taken on messages failing DMARC.
- quarantine: Messages that fail DMARC should be treated as suspicious and quarantined.
- reject: Messages that fail DMARC should be rejected.
- rua: Specifies the email address(es) to which aggregate reports should be sent.
- ruf: Specifies the email address(es) to which forensic reports should be sent.
- fo: Forensic Options. It specifies the reporting options for forensic reports.
Examples:
Monitor-only DMARC: This policy instructs receivers to send aggregate and forensic reports but take no action on emails that fail DMARC.
- “v=DMARC1; p=none; rua=mailto:your@email.com; ruf=mailto:your@email.com; fo=0”
Quarantine DMARC: This policy instructs receivers to quarantine emails that fail DMARC by moving them to the spam or junk folder.
- “v=DMARC1; p=quarantine; rua=mailto:your@email.com; ruf=mailto:your@email.com; fo=0”
Reject DMARC: This policy instructs receivers to reject emails that fail DMARC.
- “v=DMARC1; p=reject; rua=mailto:your@email.com; ruf=mailto:your@email.com; fo=0”
Remember to adjust the email addresses in the rua and ruf tags to your own email addresses where you want to receive the DMARC reports. Additionally, you can fine-tune other parameters of the DMARC record as needed, but the above examples provide a basic setup.
By adopting these strategies and employing the right tools, you can dramatically reduce the deluge of spam messages and create a safer, more organised email experience.
Having difficulties setting up your email spam filters? Or looking for a personalised email MSP service. Get in touch with Rubix Studios today.