email spam

Last night I decided to do something I had not done in a very long while. I have a very good spam filter called Spam Sieve which uses a Bayesian filter and keeps getting even smarter over time. The more you continue to train good from junk email it learns and makes fewer errors.  I highly recommend this small Mail plug-in to anyone on a Mac that uses Apple Mail and gets a lot of spam. Built in spam fighters are also decent just not as thorough. But make sure you actually turn them on and train them or they are useless.

email spamEven though Spam Sieve does a great job it is not perfect. Every once in a while a junk email will get through or a good email will get sent to the spam folder. Life would be easier if you didn’t need to look through hundreds of messages to find the good from the bad.   This article will give you some practical and hopefully easy to follow tips to resuscitate your email account that may be drowning in a deluge of spam. Spam filters do a good job of moving them to a spam folder but reducing the volume is also important.

Quick Tips

For those of you in a rush. Here is a quick list of tips to reduce spam.

  1. If you have your email posted anywhere, remove it and never post it online again. 
  2. When you sign up on forums or really any website, use a spare/ Spam catch-all account and not an important email address. Create 1 or 2 spare accounts for this purpose.
  3. Don’t click links in emails or open any attachments,
  4. Identify between legitimate marketing emails that have an unsubscribe button that actually works and black hat spam that should be avoided and never opened or clicked.
  5. Only bounce or redirect emails to humans or actual companies. Bouncing to black hat spammers can cause more not less junk email
  6. Not a spam issue but make sure you change your passwords to difficult ones and never use same password twice. Develop password strategy.
  7. Use a Bayesian filter and take the time to train it. The free Thunderbird email client comes with a free one. There are many out there so choose one you like with good reviews.
  8. Gmail and many others now have a built-in junk email filter. If you get a lot of spam on a ISP or other personal email account, try redirecting all your mail to a Gmail account which will screen for spam. That will likely catch 90% or more. Then your Bayesian filter should catch nearly all the rest that got through.This is a free solution that will give you the same quality as expensive solutions. (priority tip to identify spam)
  9. You need to understand the difference between normal and evil spam. Normal is just an annoying company trying to get you to shop at their website. Evil ones want to give you malware or get your credit card or bank info. More details at end of article to identify.
  10. Normal marketing companies are safe to click unsubscribe, but never give any info after you click unsubscribe link beyond maybe a checkmark or captcha. If they are legit they already have your email so don’t type it and don’t give any info at all. Most junk email come from legit companies that actually have a real unsubscribe. Years ago it didn’t work but new laws were passed so now the unsubscribe actually does what it says. (priority tip to reduce volume)
  11. Evil spam rarely has an unsubscribe link but sometimes they include a trap to a malicious site. So hover mouse over link before you click. It should be the same domain as website not some domain in Russia or China. Examples below.

To Bounce or Not to Bounce

Some email clients have a feature called Bounce or Redirect. It may be called a variety of terms depending on your email client but essentially it is used to send an email back to the sender as an undelivered message. Apple removed Bounce in Mail for some reason but is easy to restore that feature from this link. You should never use this feature for spam without an unsubscribe button for two simple reasons. 1) It will likely confirm your email is in fact receiving and you may get even more spam than before 2) Spammers rarely use their real email address so you are likely just sending it back to some unsuspecting sap who have had their email account hacked.

However, it works very well against actual humans with real email addresses. So if you have an ex or someone you really do not want to message, bouncing the email back to them should fool them into thinking your email account has been deleted. It can also work for legitimate companies that may have a computer program intelligent enough to understand that your email is no longer working but use with caution and only when you are sure the reply to email will go to the actual spammer.

What is the Solution?

The only easy solution is to simply create a brand new email and never use that email address to ever register on any website and guard it carefully. Only give it to trusted friends. Have a spare second or third account that you use anytime you have to register at a website. Even then when you register make sure and uncheck all those newsletter type subscriptions. But this is only a temporary fix since sooner or later they will find you again. Your friends may not be as careful and when their accounts get compromised the spammers will find you again. Never ever post your email address on the internet. There are computer programs that crawl sites looking to harvest them.

Unfortunately for many of us we are almost as closely married to our email address as our telephone number. I have some accounts I created back in the early 90’s and I am simply not willing to surrender them to spammers. If you follow these few tips below I will tell you how to turn the tide and fight back the horde. You will not stop it completely but can probably reduce the volume significantly and at least get it under control.

Step 1: Change your passwords immediately. Even if you are a tech geek like me and have your computer locked down like Fort Knox. Russian hackers have recently hacked into large databases containing email and passwords for millions of people. In other words they hacked the websites you may use and not your computer not unlike the Target fiasco with credit cards. Personally I hope passwords die very soon. They really are very insecure and also hard to remember and manage. I would rather see something like temporary password that expire after 20 minutes sent to my phone as a text but until that day comes…If you want to go one extra step you can use 2 step verification. Gmail and other popular emails now offer 2 step but it can be tedious unless you make sure and save all your passwords and can find them again. Make sure all your accounts also have a backup email to send a password reset to you if you get hacked or simply forget your password.

You also need to use hard to crack passwords. People that use Mac OS X  can simply allow Safari to create a password for you which will then be saved automatically. You do not need to memorize it and if you ever need to see it, simply go to your Keychain access and enter your admin password to view it. If you use Windows (bless your heart) then I would hope there is a similar method of creating long and difficult passwords and saving it securely.

Worst case scenario you can create a document and add or modify them on the document with all your various email and website accounts. But change all your passwords as soon as possible, never use same password more than once or on multiple accounts, use difficult to crack passwords, and finally figure out a method to save and access them securely when you need to retrieve them. Find a method that works for you when it comes to storing and retrieving all your passwords.

Never, ever use the same password twice. This is especially important for things like your bank or credit cards. If they hack into a website and you happen to use the same log in for your bank there is a potential they could clean out your bank account. So don’t do it point blank. If you haven’t updated your bank or credit card passwords in a while do that right now.

Step 2: Designate Main and Spare Email accounts. Now that you have finished changing all your passwords on your email and important websites like banks, credit card, etc..the next step is the spam itself. Assuming you do not want to simply abandon your email accounts and start over there is a way to rescue your account under siege by the zombie spam hordes.

The first thing you need to do if you only have one email account is create some other spare email accounts that you will use for all the websites you use to log in. These new email accounts will be used for registering on any site you use. I would even suggest you switch Facebook twitter, amazon, and most of your non-essential services to this new junk email account. The best solution is to have one for Facebook, twitter, amazon, and other sites where you might actually want to read emails sometimes and a second spam-catching account for sites you know you will never need to read email. If that email account gets flooded with spam or even hacked it will not be that big of a deal. So in essence you will create three tiers. 1) Important email accounts you want to read 2) less important but still might need to read on occasion for orders and tracking 3)spam-catching email accounts you will rarely need to read

Managing multiple email accounts is much easier to do when you use an mail client like MailBird, Thunderbird,  Apple Mail or similar. If you use the web browser for emails, I suggest you switch to a dedicated email client so you are not constantly logging in and out all the time. Email clients also offer a lot more features.

The only email messages you probably want to come to your main email account(s) is from family, friends, business associates, your bank, and probably important bills and a few others. Ideally all the email to this account will be messages you actually want or at least need to read.

Step 3 Reduce Spam Volume: This is the final step. Assuming you are flooded with spam and want to retake your email account from the horde, there is only one proven solution to reduce the deluge. You have to locate the often tiny UNSUBSCRIBE button which is often at the very bottom of the email. But before you do that you need to identify the spammer since this only works on a certain type of spammer.

Click unsubscribe only when it appears to be from a legitimate company. If it is an actual company it will often look a little more professional than the other type of junk mail. It will also have a real website and a return email address that matches the website domain. Legitimate companies will also have things like phone numbers or other information that identifies them as actual websites. It is absolutely safe to click the unsubscribe button on these companies which should open a link in your browser where you see a message you have been removed. But don’t volunteer any more information besides checking buttons to unsubscribe. Sometimes there might be an extra step or two you have to complete. Again, never give out password or other sensitive info from a link you click from email.

Screen Shot 2014-08-17 at 12.14.30 PMHowever, if you see spam messages that look like this photo, never reply to them or even bounce them. They also rarely even have an unsubscribe button which make them easier to identify. These are the insidious ones and there is little you can do about this type of spammer. These emails simply need to be deleted or handled with a spam filter. These are also often the type that will contain malware or phishing links. These are called Black hat spam and also include phishing.

Sometimes they will have an unsubscribe button as a trap though so be careful. Avoid these type of emails  as you would ebola. A few other hints to distinguish them:  do they include multiple people besides you in the To: field like the one above.  Do they have an actual website. They will often have typos or poor grammar since they originate from foreign spammers. After a short while you will become a pro and differentiating between the annoying spammers and the dangerous spammers.

So if the spam was from massmailsender.com, and the un-sub url is:

www.massmailsender.com/[email protected]

thats a good sign.

If the unsub url is:

www.massmailsender.freewebs.moscow.ru/u?e=abc

or similar then thats not a good sign. A legitimate sender spends a lot of money crafting the ads and the message and would not host the unsubscribe tool on a free russian website provider or anywhere else but where their main servers live.

So in summary:

Never ever click on any link in an email that has BAYES poison. This is text that is non-sense – random words and phrases, current events snippets, or often classical British literature excerpts. Mr Darcy and other Jane Eyre characters seem especially popular. In html emails this text will be be in a super small font, or colored to try to invisible or very hard to notice. But when you view the source (html code) of an email you can see it. A legit sender would never use Bayes poison to evade or confuse a spam filter.

Never click any links in an email you don’t trust instead  type the URL in your browser and never click a link from what you think is your bank.  They may be Phishing. The only safe link to click in an email is the unsubscribe button but never sign in with a username or password from an email link you clicked or you are asking to get hacked. Just remember a rule your parents taught you as a child, if it sounds too good to be true it probably is. Always type out the URL or use saved bookmarks to visit sites like your bank or any place that has your credit card or other sensitive info.

Make sure and also use Chrome on Windows or Safari or Chrome on Mac. Firefox and Opera are also safe and good alternatives. Do not use Internet Explorer unless you are an experienced user since it can be riskier and even then it is a bad choice. It is simply not a good browser compared to the alternatives as it is slower and doesn’t handle HTML5 as cleanly. Do yourself a favor and ditch IE and you will thank me I promise.

Clicking unsubscribe is a proven method that works when it comes to legitimate companies. Luckily most of the spam you receive is from legitimate and actual companies. It may take you a few days or even weeks, just make it part of your daily routine and any time to get new spam click unsubscribe before you delete it and before long you should notice a massive reduction in your junk mail. After a few weeks the amount of spam should be reduced down to a trickle instead of a flood. This will work for all legitimate marketing companies and also from mailing lists which is likely around 80% or more of your junk mail.

Why bother with Texting, Facebook, Snapchat,  Twitter, Instagram, etc…

I use them all and all of these much newer services like social media and apps on your smartphone have their value and use. I also have an iCloud, Box, and Dropbox accounts for sharing large files. But none of them really replace email. You still need email for any important business correspondence. You still need email if you have more than 160 characters you need to say. Email is still a vital and essential part of the new cloud lifestyle and will likely remain essential for many more years to come. Since many sites now allow a Facebook or twitter login make sure you use your new alternate spam-catching email for Facebook and Twitter to avoid inadvertently giving spammers your email again. You will likely never need to check email on those accounts since you can safely assume it is all spam.

Email is the grandaddy of the cloud but it is still a vital and essential service we will need for a long time to come. Hopefully with these few tips you can reclaim your email and also your sanity.

Reference: Types of Spam and other useful info

 

By Alan Wood

Musings of an unabashed and unapologetic liberal deep in the heart of a Red State. Crusader against obscurantism. Optimistic curmudgeon, snark jockey, lovably opinionated purveyor of wisdom and truth. Multi-lingual world traveler and part-time irreverent philosopher who dabbles in writing, political analysis, and social commentary. Attempting to provide some sanity and clarity to complex issues with a dash of sardonic wit and humor. Thanks for visiting!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Global Watchdog

Subscribe now to keep reading and get access to the full archive.

Continue reading