What is spam email?
Spam or junk emails are unsolicited emails, typically sent in bulk. While some spam emails are promotional and not overtly malicious, they can also be used in a variety of attacks. For this reason, inbox owners should exercise caution when opening emails and take steps to reduce the amount of spam they receive.
Are spam emails safe?
Spam emails should generally be considered dangerous and approached with caution. This is because spam emails are used to execute different types of attacks:
- Phishing attacks, which the FBI named the most common type of cyber crime in 2020, often employ email. In these attacks, recipients are tricked into sharing personal information like login details, often with the use of a spoofed email. (A spoofed email is one that an attacker has tampered with to make the “from” address appear legitimate.)
- Spreading malware is relatively easy to do with email. Attackers can embed it within images, links, or attachments. Recipients who suspect an email is spam should not click or download anything within it.
- Advance-fee scams, in which attackers promise a future payment in exchange for loaning them money, are also a very common spam technique.
How to stop spam emails
Spam emails are very common, with 45.1% of 2021 email traffic being attributed to spam. But the following tips can reduce the amount of spam that makes it to a recipient’s inbox:
- Marking emails as spam: While email providers offer some level of spam filtering by default, these filters are not foolproof. The more details recipients give their email providers, the more accurate their blocking will be. So be sure to mark any suspicious emails as spam.
- Using and updating filters: On top of the built-in spam filtering features, many email providers include an option to set rules about what emails to block. This may include restricting emails from certain domains or those containing certain phrases.
- Layering on a third-party filter: If built-in features are insufficient, users can also add an external anti-spam tool. These tools may have different filtering rules from the email provider, improving overall protection.
- Being judicious about sharing email addresses: Unfortunately, some organizations will sell user data to other companies. On the flipside, a data breach can also expose user information. The fewer places people share their email, the less likely this is to happen. Because many sites and applications require an email address, some people opt to use temporary or disposable email addresses. Website owners can also play a role in reducing the frequency of spam emails by not publishing complete email addresses on their sites. This is because attackers will harvest websites for email addresses to spam.
- Unsubscribing from email lists: A high unsubscribe rate can hurt an organization’s deliverability over time. Thus, unsubscribing will reduce the amount of mail hitting a recipient’s inbox and can help signal when an organization is sending spam.
- Never opening spam emails: Opening an email alerts the spammer that the inbox is actively monitored by someone, making that email address a more valuable target. Users should refrain from opening suspicious emails or those marked as spam altogether.
How to spot spam emails
While some spammers are particularly adept at masking their emails, there are a few giveaways that can help recipients identify spam emails:
- Asking for personal information: Attackers constantly try to get information they can use out of their victims. Unless this is a request the recipient is expecting to receive, a message seeking personal information could be a sign of spam.
- Generic or misspelled email addresses: Sometimes spammers will claim to be someone from a recipient’s workplace but send the email from an address that is not part of the corporate domain. Or they may trick recipients by using a domain with a slight misspelling, like “Cloudfiare.com” instead of “Cloudflare.com.”
- Messages labeled ‘urgent’: Attackers will often try to establish a sense of urgency to encourage the recipient to act quickly by incorporating phrases like “act now” or using artificial deadlines. This way, they can get the information they need before the recipient becomes suspicious.
- Grandiose promises: If an email is promising something that feels too good to be true, it probably is. Be wary of any emails telling recipients they have won or are being gifted something they did not explicitly sign up for.
- Messages from organizations that do not generally use email: Be suspicious of messages that appear to come from institutions that do not traditionally use email. For example, the IRS has stated that they do not use email to discuss debts or refunds with taxpayers.
What is the CAN-SPAM Act?
The CAN-SPAM Act is a law in the US that sets rules about what commercial organizations are allowed to send in their communications, including emails. It specifically applies to messages that are promotional in nature.
One of the most important rules in the law is that recipients have the right to be removed from mailing lists. If organizations violate the CAN-SPAM Act — for instance, by continuing to send emails after someone unsubscribes — individuals can report them directly to the Federal Trade Commission (FTC).
Can spam emails be stopped permanently?
Unfortunately, there is no way to guarantee an end to spam emails. However, following some of the above steps should help reduce the number of spam emails people receive. Practicing good inbox hygiene, by marking emails as spam or using filters, can improve an email client’s ability to block spam in the long run.
How does Cloudflare help with email security?
Cloudflare Area 1 Email Security preemptively crawls the Internet to find attacker infrastructure and analyzes the content and context of emails to identify suspicious messages. This means stopping phishing attacks and other forms of spam before it reaches inboxes.