MSU IT Techbase

Avoiding Spam: Prevention and Solutions - TB2940

This article has been retired and moved to a new location. To view the current support article, please click 402636 to be redirected to the new document within the Knowledge module of the MSU IT Service Desk application.

Please Note: As another step in enhancing our customer experience, MSU IT Services is consolidating all technology help information into one repository. This process will begin Friday, April 15, 2016, with MSU IT moving all public facing techbase.msu.edu documents to the MSU IT Service Desk application. The techbase.msu.edu service will be retired in the future and replaced with a new help portal. More information will be shared as timelines are confirmed.



Anyone with an email address knows how spam has become a major problem. It has become such a persistent problem that many people view spam as a necessary evil for using email. However, not many people understand how all those spam messages end up in their inbox day after day after day. This article will explain how spam gets to your inbox, how to protect your email address from falling into the hands of spammers, how to deal with spam, and how to stop or reduce the amount of spam. Finally, the article will list some resources you can use to become better informed.

How Spam Gets to Your Inbox

The number one reason you get spam is because the person sending spam (i.e., the spammer) has your email address. Your address gets put into a large list along with millions of other addresses that spammers use to send email. Spammers can then sell these lists to other spammers - making their job easier and yours harder. The question becomes, how do spammers get your email address in the first place?

Every time you fill out a form on the web and you type in your email address you are potentially giving your address to a spammer. Whenever you register for a website, sign up for a free offer, buy something online, or enter in an online sweepstakes, it is a bet that they ask for your email address. The company that you give it to may compile a list of these addresses and either use it to send spam, or more likely sell the list to someone who will.

Note: Not all companies who ask for your email address will give out or sell it. Before you think of giving out your address to a company read their privacy policy, which will tell you exactly how they intend to use the information they collect. However, keep in mind that even if their privacy policy states that they won't give out your email address, there will probably be a clause in it that states they will notify you if they decide to change the privacy policy - and if they do they'll already have your address.

Another way in which spammers collect email addresses is by harvesting them from the Internet. If your email address is posted anywhere on the Internet like in a newsgroup, on your personal website, or in a directory - they have a method of finding it. Every email address uses the symbol "@" and if it is in the lanuage of the Internet, html, it will begin with "mailto:". Spammers know this and have developed programs called spider bots. These programs search the Internet and record all the characters before and after the "@" symbol, or anything after "mailto:" command. This gives them your email address.

Believe it or not, a third way in which spammers get your email address is they simply guess. If you have a common last name, such as Smith, spammers have programs for generating email addresses. For example, they could try sending spam messages to smith456@domain.com, smith41@domain.com, smith911@domain.com, etc. Spammers can then tell which messages are received and which are rejected (sending an email to an address that doesn't exist is bounced back to the sender).

Finally, spammers will find a way to send spam to you by enlisting people you know - albeit without their knowledge. What they do is create a virus or trojan that is designed to create spam and send it to all the email addresses it can find on the infected person's computer. For example, imagine you have a friend named Bob. Bob has your email address somewhere on his computer and becomes infected with a trojan. That trojan finds your email address, sends you spam, and puts Bob as the sender of the spam - making it impossible for you to find out the identify of the spammer. As an added bonus, you may become infected with the same trojan if you inadvertently open the email attachment - causing you to send spam to everyone you know.

Preventing Yourself from Getting Spam

Now that you know some of the ways spammers get spam into your inbox, what can you do about it? Use these tips from Microsoft for protecting your address from getting into the hands of spammers. See the section below for what you can do if you're already getting spam.

From "How to prevent spam e-mail from reaching you":

  • "Set up an e-mail address dedicated solely to Web transactions. Consider using a free mail service to set up an e-mail account for your online transactions. This will help you keep your real e-mail address private."
  • "Only share your primary e-mail address with people you know. Avoid listing your e-mail address in large Internet directories. Don't even post it on your own Web site."
  • "Disguise your e-mail address. Use a disguised address whenever you post it to a newsgroup, chat room, or bulletin board. For example, you could give your e-mail address as "s0me0ne@example.c0m" using "0" (zero) instead of "o." A person can interpret your address, but the automated programs that spammers use cannot."
  • "Watch out for checked boxes. When you buy things online, companies sometimes pre-check boxes to indicate that it's fine to sell or give your e-mail address to responsible parties. Click the check box to clear it if you don't want the company to contact you."

These additional tips may be helpful:

  • Make sure you have an anti-virus scanner and that it is up-to-date. This will protect your computer from getting trojans that can use your computer to send spam.
  • Take a minute to read the company's privacy policy. Know what how they intend to use your email address before you give it to them.

When You Get Spam: Dos and Don'ts

Despite your best efforts to prevent it you can still get spam. How you respond is crucial in determining whether you get a little spam or a LOT of spam. You don't want to pour salt on an open wound, so there are some dos and don'ts:

DON'T reply to a spam message - ever. If you reply to spam, spammers will know that you looked at it and will send you even more.

DON'T be fooled if the message says "Click here to be removed from our list", "Remove Me", or follow any other instructions in the spam message for removing yourself from their list. Spammers are under no legal obligation to remove you from their list. It is just a ploy to see if there is a person reading their spam.

DON'T open any file attachments that come with the email - even if it is from someone you know. That file attachment could contain a virus or trojan. Only open a file attachment if you are expecting one from the person.

DON'T assume that the email address where the messages says "From" is the original sender of the spam. As mentioned before, spammers can use people who have your email address to send you spam. Additionally, spammers can "spoof", or forge the email address from where the spam says it's "From". If you have a desire to track down where the spam is coming from, use the resources below on how to do that.

DON'T ever respond to an email that asks for your personal information, password, credit card number, or bank information - even if the email claims to be from MSU, your bank, your credit card company, or an online retailer like Amazon.com. This is a form of fraud called phishing, by which spammers create official looking emails and websites designed to deceive you into giving out your private and financial information. See below for more resources on phishing scams.

DO delete spam immediately. If you are suspicious about who the email is from or don't know the sender the best and safest thing to do is delete it.

When Spam Becomes a Problem

When your emails become a needle in the haystack of the spam that floods your inbox you have a spam problem. Don't worry, there are a few things you can do to fight back and greatly reduce the amount of spam you receive.

First, for MSU e-mail accounts, basic spam processing is automatic, regardless of forwarding (as of 12/22/08). During processing, known spam will be rejected, with notice to the sender. Suspected spam will be tagged with "*****SPAM*****" prefixing the subject line of the message and delivered to your Inbox

If you receive a large number of tagged messages, you may want to use the filtering capabilities of the new service (or of their e-mail client) to sort the tagged messages into a separate folder or into the trash.

What about spam filtering programs for my computer?

Running spam filtering on your own computer in addition to the spam processing on the central email service can be advantageous.

Please be aware that because MSU NetID email accounts use a secure sockets layer (SSL) connection in order to protect email from being intercepted by third parties, only SSL compatible e-mail clients and spam software will work properly. Check specifications before purchasing a spam filtering program make sure it is compatible with SSL.

Additional Resources

Phishing Resources

Keywords for this Document

spam, SpamKiller, spamcop, phishing, fishing

Related Documents

Date Last Modified: 5/3/2016 10:52:53 AM

Was this document useful?