Why is spam so hard to stop?

without comments Estimated reading time: 5 minutes

By Craig de Fasselle


Not a week goes by without someone asking “Can’t you stop all this spam?” If I could stop all spam, I’d be typing this from a private island!

Believe it or not, if we host your email, we’re already rejecting about 70 percent of the junk coming your way. So why does so much still slip through?

There are four basic categories of fighting spam… none are perfect.

1. Filtering Software

Filters may be on your web host’s server and/or on your computer; Blitz Media Design does have filtering tools installed on the server. These filters generally scan the text of some portion of the email. Filters are literal, and the idiots sending spam know how to circumvent them.

For example, were I to set a filter to reject the word Ohio, it would still allow the following to go through: 0hio, Ohi0, Oh10, O-h-i-o, O_h_i_o, O*h*i*o (and so on). With this type of character substitution and adding punctuation, there are thousands of ways I could “spell” Ohio, and each would require a matching filter. So adding a filter rule for each spam that slips through requires much more time and effort than just clicking the “Delete” button.

The same can hold true of setting filters on your computer. Most modern email programs have some sort of spam filtering you can set locally. There are third-party software products that do a nice job of identifying spam. If you’re a Mac user, I strongly recommend SpamSieve. It works with most Mac email programs, and over time, learns what is or is not spam.

I’ve used it for years, and I doubt more than one legitimate email ends up in my spam folder in a year. Clicking an icon teaches SpamSieve not to flag that type of message again. I will get one or two spams in my inbox each day, but those are easily spotted, and another click tells SpamSeive to treat those as spam in the future.

Unfortunately, SpamSieve doesn’t have a Windows, iOS or Android version. So while spam isn’t really a problem on my Mac, it’s a royal pain in the backside on my iPhone or iPad.

2. “Community” Screening

This is one the approaches used by Gmail. When users report emails as spam, Google records that in their network, and redirects those emails to the spam folder of every user. The net result is you rarely see spam if you use Gmail (yes, Gmail can be used with your domain name—the approach differs a bit when using free versus the paid version).

Please note that Gmail isn’t blocking all spam—what comes through lands in your spam folder (many people don’t even realize they have this folder if they collect their email from a browser, as it’s under a “More” link).

The downside—based on my own testing of the free Gmail version and iOS app (where a copy of my regular email is forwarded to Gmail)—is that quite a bit of legitimate email is flagged as spam. During a recent vacation, Gmail incorrectly flagged about 5% of good emails as spam.

While there are options to mark good messages as “not spam,” I’ve found this time-consuming and imperfect. Perhaps the paid version is better, but even an email reminder I sent to myself ended up in the spam folder (come on, Google, you could see it was from my email address and server)!

Personally, I’d rather delete a few spams a day from my inbox than search through hundreds of spams on Gmail to make sure a legitimate email hasn’t been falsely flagged.

The paid version (there are plans at $5 or $10 per user per month) has some features and advantages over the free version, and may be better.

3. Challenge-response Verification

We do offer an option called “BoxTrapper” to our hosted clients. Upon receiving an email, BoxTrapper automatically responds with a verification email to the original sender. The sender must complete the verification process (clicking a link) before the email can pass to your inbox. If the sender does not verify the email, the verification fails and BoxTrapper never clears the message for delivery. After a period of time, the system automatically deletes the spam.

BoxTrapper can be set so that once a sender has been verified, they will not be challenged again. You can enter a list of email addresses during BoxTrapper setup so they aren’t challenged.

It will put an end to most if not all of your spam (it doesn’t protect you from a human sending an unwanted solicitation). The drawback for businesses is that potential customers may regard this challenge with suspicion or irritation, delete it, and move on to someone else.

4. Third-party Services or Hardware

There are various mail services or hardware add-ons that individuals or companies can add, but they tend to be expensive, often running $1000 or more a year. They will cut your spam significantly, but nothing will completely eliminate it. Once again, some legitimate emails may be erroneously flagged as spam.

What Should I Do About It?

The answer depends on whether or not the amount of spam you receive is a significant drain on your time, or a minor irritation. Some email addresses (including my own) just seem to attract more junk than others.

First and foremost, do NOT click the “Unsubscribe” link on spam. Spammers will not honor your request—you’ll just confirm you looked at their message and encourage them to send even more!

Second, be very careful about clicking links unless you’re 100% certain of the sender. Spams often look like they’ve come from PayPal, LinkedIn, Amazon, or others who contact you.

Third, see what junk mail settings you can configure within your email client. For example, Outlook allows you to create customized filter lists of safe senders, safe recipients, and blocked senders. You can find more in the help section of the software.

What Do You Guys Do About It?

Scott and I let the server deal with most, and use SpamSieve with our desktop email, so it’s not really an issue. Were I spending more time on the road and reading most of my email on my iPhone or iPad, I’d consider Gmail (pro version).

Written by Craig de Fasselle

December 5th, 2014 at 11:41 am

Posted in Internet Help

Leave a Reply