It’s difficult to define exactly what constitutes email spam. What might be a useful newsletter to one person could be unwanted advertising to another, and a welcome business opportunity will be ill-received if sent to the wrong recipient.
In most cases, however, a spam email is one that we did not solicit, that we can’t unsubscribe from, and which is sent to thousands and millions of recipients at the same time.
Email spam has dramatically evolved, but so have the tools to detect it. Here are some techniques that spam filters and email providers use to keep your inbox clean.
1. Unsubscribe assistance
A big portion of the spam email that arrives in our inbox is marketing emails and newsletters that we might not even have subscribed to. If sent from a source that does not have the intention to annoy you, it likely contains an unsubscribe link at the bottom or in the body text. Helping you find this button, by highlighting it or automatically triggering it, is one way your email provider can help you stay at inbox zero.
2. Sender reputation
Spam providers often use a newly set up domain to serve emails from a previously unseen IP address.
Email providers usually assign a poor reputation score to such new senders, resulting in the mail going straight to the spam folder. Unfortunately, this also means that if you set up a mail server with a new domain, you will also likely have difficulties getting your email delivered. Only when your contacts add you to their address book or pull your email out of the spam folder, will your reputation increase.
3. Text recognition
While spammers might send their advertisements from hijacked or newly set up servers, they will likely include a similar message to millions of recipients. This makes it possible to match words and sentences with those appearing in messages previously marked as spam.
4. User feedback
Especially if they have a large user base, email services can let its clients do the work of deciding which email is spam and which isn’t.
By showing only a small subset of users an email, the provider can decide whether the email is legitimate or spam.
5. Domain Name System-based Blackhole List (DNSBL)
DNSBL is a mechanism by which email providers can check whether a sender has been caught sending spam in the past.
The mechanism by which these lists are maintained widely differ. Some use honeypots to lure and identify spam email, while others are moderated. In general, emails are placed on whitelists and greylists. The greylists are noteworthy as they will reject suspicious email at first, but will allow it to pass when it is delivered the second time. The assumption is that a ‘legitimate’ email server will make more of an effort delivering mail than a pure spam server.
6. DomainKeys Identified Mail (DKIM)
DKIM is a mechanism to make it difficult to spoof a sender’s email address by recording which keys are allowed to send mail.
The nature of email allows anybody to send an email from any address, making phishing more dangerous, while also allowing spammers to imitate a reputable source. With DKIM, every email is digitally signed with a key. The recipient can verify this signature, and in addition, look up whether the key is permitted to send the message in the DNS records.
7. Sender Policy Framework (SPF)
In addition to DKIM, SPF allows the recipient to verify that the sender is permitted to send an email for a domain using a specific IP address. SPF can also be used to delegate the sending of emails to a reputable third party, without triggering anti-spam mechanisms.
8. Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DMARC is a mechanism that allows a company to publish an email policy.
Together with DKIM and SPF, it provides a powerful framework for making phishing and spam in your name very difficult. By publishing a DMARC policy, a sender can effectively tell the recipient not to accept any non-conform email.
Bonus: 2 better ways to get rid of spam email
Before the creator of Bitcoin pioneered the idea of cryptocurrency mining, others were already fantasizing about using ‘proof of work’ to stop email spam. The 1997 Hashcash proposal by Adam Back, for example, suggested that the sender of an email could spend a few seconds of arbitrary computer calculations to approve each email, similar to a stamp.
For a casual sender of email this would not be noticeable, but the time involved for anyone trying to send out millions of mail would incur a cost higher than the potential advertising reward. Alas, such systems were never deployed on a significant scale.
What if you got a small payment each time you received an email? Similar to the hashcash proposal, this would incur a small cost for each sent email, negligible for the casual sender.
If you send about as many emails as you receive, you will come out even. However, there currently is no payment network that could easily handle millions of payments per second without charging a substantial fee, and even open-source alternatives like the Lightning Network are still far from mass adoption.
To keep your inbox clean, unsubscribe from unwanted marketing emails, and don’t hesitate to click the ‘report spam’ button. You can opt-out of receiving alerts and notifications from services you use by logging into their website and apps. You might be able to regulate the sensitivity of your spam filter, though once in a while, it might be advisable to check if you missed something important!