Incoming spam is no joke. At a minimum email spam can be annoying, but in extremes it can contain malicious phishing attempts or catastrophic malware. With huge quantities of spam, your inbox can be overflowing to the point where you can barely engage with real customers. Instead you may be bombarded with spam emails proclaiming ridiculous things like, “You have won a lifetime supply of velvet armchairs!” Sound familiar?
Combating spam on email and websites is a tug of war. Fighting spam is a back and forth conflict where tools and technology grow to help mitigate spam, but then spammers turn right around and try to catch up. So the question is, where does that leave you? Your website or email address may get stuck in this classic spam conflict, but you can benefit from tools to push back.
Your email client is a primary level of defence against spam. Modern email providers have become anti-spam experts and help bridge this gap. Gmail is 99.9% effective at blocking incoming spam with tools such as anti-virus scans for malware and identifying patterns in phishing attempts. When an email is marked as spam, the email provider pays attention to trends from feedback their users provide. Algorithms and machine learning are also used to help email providers systems to identify and block spam.
On your website, there are several best practices which can help stop spam. First off, you may consider a simple contact form instead of posting your email address everywhere. Robots can crawl and harvest email addresses like this, allowing your address to be an easy target.
On the contact form itself, there are additional tools to check to make sure that submissions are real like a Captcha. Timers and visual questions work to trick or block spam bots, preventing them from making submissions. The goal is to have an automated way to tell people and machines apart. Another way to do this is with a Honeypot feature. The spam bots will fill out a “Honeypot” field which is only visible by machines, but hidden for people viewing the page. So figuratively, the flies are drawn to the honey, and those submissions with the machine visible field completed are dismissed.
But what if the spam is probably coming from a real person? They can easily get through Captchas and Honeypot because they are not computers at all.
Server side, there are further options on the mail server to help combat spam. Think of this level as a colander or sieve to filter out incoming email. Some options include blocking keywords, or blacklisting “from” email addresses. Troublesome domains can be caught like this too. The difference with this approach is that spam is sent to your platform, but your mail server will not pass it to you. There are also ways on the system level to block IP addresses. While those can be spoofed and changed, sometimes blocking IPs can be a helpful tool to help mitigate incoming spam.
These options are a starting point for fighting against annoying and disruptive spam. It is an ongoing process and strategies have grown and will continue to change over time. Spam is troublesome, but does not have to be a hopeless situation. We want to hear about your situation. How has spam affected your organization? We are here to listen and will equip you with the right tools to combat spam.
Links:
https://security.googleblog.com/2020/02/improving-malicious-document-detection.html
https://support.google.com/a/answer/1217728?hl=en
https://cloud.google.com/blog/products/g-suite/ridding-gmail-of-100-million-more-spam-messages-with-tensorflow
