Before the invention of email, mail that arrived in your physical mailbox often contained pamphlets, sales brochures, credit card offers, and product catalogs. Much of this waste was thrown away and ended up in a landfill somewhere. Today, the equivalent and often more annoying nuisance is spam. Spam comes in many forms, and has evolved from dubious product claims, miracle supplements, conspiracy theories, and offers of easy money to more malicious threats such as ransomware attacks and targeted spear-phishing.
While the amount of spam as a percentage of total email traffic has gone down recently, the severity of email-borne threats has increased.
So how can users protect themselves from becoming the next victim to these malicious threats? There are numerous spam fighting tools in MDaemon and other mail servers, but server-side tools are only half of the spam-fighting equation. The other half is user education. With this in mind, here are 10 things users can do to reduce the amount of spam they receive.
- Unsubscribe – How often have you been asked by a store clerk for your email address or placed an order online? In either of these situations, chances are you may have ended up on a company’s mailing list. When you receive email from these companies, take the time to open the message and click on the Unsubscribe link. But first, make sure the email is in fact coming from a reputable company (Here’s how). If you’re not completely sure where the email came from, then report the message as spam instead of unsubscribing.
- Create a secondary email account – While we’re on the topic of retailers having your email address, you might also consider having a second email address that’s used solely for the purpose of store records or placing orders. This allows you to keep solicitations from these vendors out of your primary inbox.
- Keep your email address private – If your email address is visible on social networking sites like Facebook or Twitter, then it’s also visible to spammers. Spammers have tools that can easily detect visible email addresses and add them to their mailing lists. This is why it’s often recommended that, if you MUST use your email address on one of these sites, you mask it by changing its format. For example, type out “at” instead of using the “@” symbol. With the prevalence of Business Email Compromise (BEC) attacks, it’s even more important for executives to be mindful of posting their email address or other personal information, as scammers will use this information to send out well-crafted spear-phishing emails.
- Don’t reply to ANY spam or unsolicited marketing messages – Most spam messages use forged sender (return-path) addresses, so replying to a spam message will almost never result in the spammer getting your message. Replying to legitimate marketing messages tells the sender that your email address is valid, and thus, they may continue to send you spam.
- Never click on links – Often, when you click on a link in a spam email, it specifically identifies you to the spammer as having received the message. Not only can clicking links in spam messages identify you to the spammer; you can also end up getting infected with malware.
- Block Images – Even if you don’t click any links, an image opening in your email can alert spammers to a valid address. Spammers often try to be stealthy by inserting images that are only one pixel wide. If your mail client is configured to automatically open images, spammers can be alerted that your email address is valid. We recommend configuring your email client to automatically block images to reduce spam. You can always choose to view images in specific emails if you are sure the sender and content are legitimate.
- Make your email address unique – Spammers often use common names to try to guess email addresses. If your email address is unique, it makes it harder for spammers to guess your email address.
- Don’t fall for scams – If you receive an anonymous email from someone who appears to be in dire need, who promises you large sums of money for your small up-front investment, you may be witnessing the familiar Nigerian email scam, or one of many other variants. What are the odds that someone you’ve never met, who’s in a desperate situation, would contact you for help? Don’t fall for this scam.
- Never forward email from someone you don’t know – I often see email messages with some type of public service announcement, petition, or other bit of advice, and often, there’s a request to forward the message to your friends. Don’t fall for this, as it’s a prime opportunity for spammers to harvest email addresses.
Blocking junk email is not just the job of the mail server administrator. A well-informed email user can mean the difference between spam that is manageable and spam that is out of control. These ten tips will help you reduce spam, and help prevent you from becoming a victim to phishing or malware.