Junk email & spam
What is junk email?
There are several reasons that an item of email might be considered to be junk email; these include for example the item might:
Unsolicited commercial email (UCE), also referred to as junk email or email spam has grown exponentially since the inception of the internet. Junk email and is estimated to account for over 90% of worldwide email traffic. The sending of junk email is actually prohibited by most internet service providers under their acceptable use policies. Nonetheless even reputable companies still resort to sending spam email messages. You might find your email inbox filling up with advertising messages from companies that you have subscribed to. These are not considered to be spam.
Most email servers incorporate filters which use several algorithms to determine a spam confidence level (SCL) number. Each message is scanned by the email server and given an SCL number. This, for example, might be determined by the message supposedly advertising pharmaceutical products such as Viagra. It might contain links to pornographic websites; or containing many words that are used only in spam. These are just examples; the list is very long. The higher the SCL number, the more confident the server is that the message is spam. In addition to the blacklist check below, this should ensure the majority of junk email is filtered. So it never arrives in your inbox. Spammers are inventive and persistent, they are continually looking for ways to beat the filters. Organisations that run email servers have to be just as vigilant.
Email that is filtered by the server and considered to be spam will usually end up in a junk email folder but you should not rely on email filtering alone to deal with your email, you must also be vigilant.
IP address or sender blacklist
A number of DNS blacklists such as that run by The Spamhaus Project track spam and cyber threats and provide intelligence based on that tracking to internet service providers and organisations running email servers. That intelligence in the form of several databases is readily available and frequently updated and targets spammers as well as the providers of spam-support services. Servers consult the DNS blacklists to check if incoming email originates from an IP or range of IPs is in the database and email that meets that criteria will usually be marked as spam and as a consequence, end up in the junk email folder or be completely blocked.
In addition, most email clients (the program you use to get and read your email) have the ability for you to mark individual sender addresses, originating domain names, even countries or languages as spam.
Cyber threats such as ransomware; phishing attacks; viruses; worms and associated malware are often detected and filtered by email servers. Note though that nothing is fool-proof and some malicious threats will inevitably get through, maybe even as far as your inbox. The above threats are of a different nature and it is not our intention to enter into detail or descriptions of them here. For example computers and networks affected by ransomware will have all data encrypted and instead of the usual desktop, the user will be presented by a screen informing them of the encryption and giving them the option of paying in order to get a decryption key without which the data on the computer will remain inaccessible; whereas a phishing attack will simply attempt to gain sensitive data from your computer without you necessarily knowing it has happened.
Often these emails are disguised as originating from a respected and reputable service provider such as a bank; a public body; a well-known retailer etc.
How do I deal with junk email?
There is no way of stopping junk email completely, if you are going to receive email (and you are going to give your email address out), then it is inevitable that you will receive some junk email sooner or later. Most people who send out junk emails keep changing their email addresses or they use forged addresses, so it is impossible for email servers and clients to automatically filter these messages based on who they appear to be from.
Junk email that appears to be merely advertising is usually pretty harmless, albeit annoying. But how do you know if it is harmful? The first rule when dealing with email, including mail that arrives in your inbox and not the junk mail folder is to be suspicious of everything, even if it appears to come from a friend or somebody on your contacts list.
It is often clear from the subject line that a message is junk, so with items such as this, you don’t even need to read the message to be able to deal with it.
General rules for dealing with junk mail:
- You should avoid opening junk emails and clicking on links in junk email messages, simply delete the message.
- Don’t buy anything offered for sale in junk emails. Not only do you risk comprising your security and infecting your computer with malware – viruses and so on – you also reward and encourage the spammers.
- Don’t be tempted to reply. The mailbox is probably unread.
- Avoid “unsubscribe” options. Cynically, spammers often include an “unsubscribe” link. Far from removing the menace, clicking it will confirm that your address is active and probably attract even more spam.
- Don’t threaten the spammer. Strangely, spammers also have rights. Threatening messages could potentially expose you to legal action.
A fairly effective way of dealing with junk email is to use a disposable email address. You can easily sign up for an additional email account from such services as gmail or hotmail. You could use this account specifically for buying online or writing to newsgroups etc.. If you find that you are getting a lot of spam at this address, you can simply delete it and set up another.
Be wary about giving out your main email address. If in doubt, it is a good idea to use the disposable address detailed above.
If you have a website, do not reveal your email address on it. Putting your email address on it will be easy pickings for a spambot which is a program that is designed to harvest email addresses from websites. You should use a web contact form instead.