Why Am I Getting Spammed and How to Prevent It?
Spam is an ongoing issue that costs businesses and individuals billions of dollars in lost time and resources. Spam includes unsolicited commercial email (UCE) and other unwanted bulk email.
This article covers the following:
Why Am I Getting So Much Spam?
The best way to stop spam is to stop it from ever happening in the first place. To better understand what can be done about receiving spam it is important to understand how spammers send mail and why they may target one specific address over another address. There are two primary ways that spammers choose which emails to send to:
- Dictionary Harvest Attack: A dictionary harvest attack is when spammers attempt to find valid email addresses by randomly sending mail to common mailbox names for a domain, such as info@mydomain.com or admin@mydomain.com. You can minimize spam that is generated this way by ensuring that your email account names are unique and specific. Examples: mycompany.admin@mydomain.com, mydepartment.info@mydomain.com
- Email Harvesting: Email harvesting is when spammers use a number of techniques for finding valid email addresses for purposes of sending spam to. Once an email has been harvested and identified as valid and responsive, the email address then goes on a spam list. Spam lists may then be traded or sold in bulk, making the email address available to more and more spammers as time goes on.
Of these two methods, email harvesting is by far the more devastating. An email that is known to be active and vulnerable to attack may be traded and added to more lists, resulting in the delivery of thousands of spam messages. The best way to avoid receiving large quantities of spam is to never be placed on these lists in the first place. To do that it is helpful to know what ways a spammer can harvest your email address.
How Spammers Get Email Addresses
Unfortunately there are many ways spammers can harvest or find out about your email address(es). Once an email address is harvested, it will then be added to common spam lists and will be traded or sold.
The following is a list of some of the ways spammers can get email addresses without you giving it to them directly:
- You provided your email address to a website, such as when you signed up or commented on a post, and they gave your email address to spammers (intentionally or unintentionally). Their website could also have been hacked through a security exploit.
- You signed up for a mailing list and forgot you signed up.
- You signed up for a mailing list, and they gave your email address (intentionally or unintentionally) to spammers.
- You sent an email to someone, and they forwarded it to someone else who harvested your email.
- Someone sent you an email also addressed to other recipients, and they used TO or CC instead of BCC, making your email address visible to anyone who received the email (or who was forwarded the email thereafter). Any of the recipients could have made your email available to spammers.
- You used your email on a discussion list that reveals your email address to other users. Any of the other users could have harvested your email address.
- Your email address is on your business card (or posted where people can find), and someone decided to add you to their mailing list without your permission.
While you may not have given your address directly to spammers, making it available and public makes it vulnerable to them.
Other Methods of Harvesting Email Addresses
People often volunteer their email address unknowingly or leave it out absentmindedly, available for a spammer to pick up. Spammers also have more aggressive and invasive techniques for gathering email addresses without you ever having posted it online:
- Your computer could have a virus or malware on it that records keystrokes (i.e. everything you type), sniffs packets (i.e. reads everything going over your internet connection), or directly reads active email accounts from popular email software.
- Another computer or workstation on your network or workgroup could have a virus or malware that collects email addresses and other information passing through the network.
- A script on your website could have a security vulnerability that allows a hacker to access information on your hosting account, including your email addresses.
- Since emails are relayed from server to server until they reach their destination, one of the servers your email passed through could have packet sniffing software installed.
- Your internet service provider (ISP) could be gathering emails and selling them.
- A hacker could have guessed or obtained hosting control panel login information and retrieved your email addresses that way.
- Spammers may use sophisticated techniques to identify when a spam message has been read, and so looking at a spam message after it has been received may confirm that your email address is active.
And these are just some of the ways a spammer could get your email address.
How to Prevent Spam
There is no way to totally prevent spam, but here are some precautions that can be taken to reduce the likelihood of spammers getting your email address:
- Be careful who you give your email address to. This includes websites and anyone you might email.
- Create and use disposable email addresses to sign up for websites or services that you do not absolutely trust.
- Be sure not to open spam when you do receive it.
- Make sure your computer and computers on your network are virus and malware free.
- Make sure your website is free of malware and security vulnerabilities. If you are using a third party script or code on your site, this usually means running the latest secure version.
- Use secure passwords for your email and hosting account to prevent hackers from guessing and logging in.
- If your friends are sending you emails sent to a large recipient list, request that they use BCC instead of TO or CC, so that other recipients cannot see your email address; or request they stop including you if you do not want to receive the emails.
- Do not list your email address on your website or anywhere the public can access it.
By using these precautions you can greatly mitigate what spam you do receive and prevent most spam from ever happening.
Free Spam Filtering Options
Unfortunately, once spammers figure out your email address then your options for how to prevent spam are limited. The first and most highly recommended option is to set up user level filters to automatically route emails that are likely to be spam to the trash or to a folder where you can quickly check for legitimate mail routed there by mistake before bulk deleting the mail.
In addition to server side filtering, many third party email clients, such as Outlook, have additional spam filtering built into their programs. Using one or a combination of these options can assist with cleaning out the spam that you receive.
The majority of email accounts that suffer from large quantities of spam do not have these tools configured and can greatly benefit from using these steps first.
Premium Spam Filtering and Prevention Options
There are a few premium options that will help prevent and filter spam more easily and with less configuration and setup. The following premium services are recommended by HostGator:
- WHOIS Information & Domain Privacy - Spammers may use your WHOIS information for your domain to identify valid email addresses which they may send spam to. Purchasing WHOIS privacy protection can prevent spammers from gaining your email from publicly available information.
- Google Apps for Work - Google offers tools that allow you to use your personal domain with a Gmail inbox, allowing you to take full advantage of their advanced pre-configured spam filtering tools.
The Nuclear Option
If you have tried all other options and have reached the point where you are extremely dissatisfied with the experience of checking your mail every day then you may wish to consider deleting the email account and creating an email account with a different name. This option is extreme, and not recommended due to the importance of being able to have access to email addresses you have used to sign up for important services or used for contact information.
If after attempting all of the previous options you are still receiving unmanageable quantities of spam, you may reference the following article for how to remove an email account and create a new account using a different name: