Dealing with junk mail

Technology is a double-edged sword. On the one hand, it allows for wonderful means of communication—free voice and video calls, no-cost text messaging, and the ability to share your life with thousands of strangers you can call friends. On the other—like in the real world plagued by department store flyers jammed into mailboxes, robocalls, and acolytes moving from door to door to spread The Word—it provides a means for others to junk up your inbox with unwanted missives. In this lesson we’ll look at Mail’s junk mail protections, as well as at other ways you can keep from being overwhelmed with Internet offal.

Spam, Spam, Spam, Spam …

You’ve likely heard the term spam used to refer to junk email. This is a reference to a sketch from the BBC’s Monty Python’s Flying Circus where the word spam is chanted over and over. It was specifically applied to unwanted communications thanks to miscreants of the era who filed posts on electronic bulletin boards that repeated the word often enough to scroll other users’ messages off the screen.

Today we use the term generically. While most often invoked to describe unsolicited (and unwanted) email, it’s not unusual to hear it applied to likewise junky text and voice messages, Internet forum and message-thread advertising, and Twitter messages containing links to unscrupulous websites. Because some people are confused by the term, companies such as Apple and Microsoft refer to it instead as junk mail.

About Mail’s Junk Mail feature

When taking you on a tour of Mail’s interface I mentioned the toolbar’s Mark As Junk Mail button (Command-Shift-J). This button hints that you can take action against the spam messages you receive. But that action goes beyond simply selecting a message and spanking it with a junk button. When marking a message as spam, you’re teaching Mail what is and isn’t a viable message.

Built into Mail is a technology that seeks out obvious spam. This can include, for example, messages from Nigerian royalty who believe you’re the kind of person who can be trusted with $25 million dollars, offers for cheap pharmaceuticals, and proposals of a more salacious variety. These are well-known scams designed to drain your bank account or steal your identity—so well known, that Mail is aware of them and will automatically mark them as spam when they arrive in your inbox.

But spammers are a crafty lot who spend a fair amount of time designing ways to skirt junk mail protections. That's why you must continually teach Mail about new spam strains. And that’s the purpose of the Mark As Junk Mail button. When Mail gets it wrong and lets one of these messages through, you must mark it as junk so that the application doesn’t get it wrong the next time. Likewise, if you receive good messages that Mail has determined to be junk—you’re a urologist, for example, who deals with drugs like Viagra as part of your working day—you must tell Mail that they're good by selecting them and marking them as such. (When you select a message marked as junk, the Mark As Junk Mail button changes to Mark As Not Junk. Click this button to mark as good a message that Mail mistakenly calls junk.) Through training the feature becomes more accurate.

The Junk Mail preference

The Junk Mail feature is configurable—you can see how by choosing Mail > Preferences and selecting the Junk Mail tab. The following are its options.

Mail's Junk Mail preference.

Enable junk mail filtering: At the top of this preference, you see that you can turn it on or off with a single click. Why turn it off? If you’re using a third-party spam-filtering application (which I’ll discuss later), you don’t want Mail’s junk filtering to interfere with it.

When junk mail arrives: By default, messages deemed to be junk will be left in your inbox but marked in an orangy-brown color, making it easy to spy them in your message list. This is the default behavior, because Apple wants to make this stuff obvious so you can take a peek at it and then correct any mistakes Mail has made. (In other words, it’s a way of forcing you to train Mail.) Once you’ve become used to the idea of receiving and marking junk mail (and gaining a sense of how accurate Mail is at identifying it), enable the Move it to the Junk mailbox option. This creates a Junk mailbox in Mail’s Mailboxes pane. Any future identified junk mail you receive (and any messages you mark as junk) will be moved from your inbox to this folder.

Note that it pays to check the Junk folder from time to time. Mail’s junk mail detection is reasonably good, but it’s not perfect. You don’t want to miss an important message because you put too much faith in this feature’s powers.

There’s a third option under the ‘When junk mail arrives’ heading—Perform Custom Actions. In a previous lesson I showed you how to work with Mail’s rules. You can put that information to good use by selecting this option and clicking the Advanced button at the bottom of this window.

A sheet descends, and you see a list of pop-up menus that contain conditions—rules that a message must meet to be considered spam. If you find that the junk mail feature over- or under-identifies junk mail, mucking with these conditions may help. For example, you might add a condition that reads ‘From Contains X' where X is a domain that routinely sends you messages you don’t want to read—an online shopping emporium, for instance, that refuses to remove you from its mailing list. And, as with other rules, you can add or reconfigure the actions taken on messages determined to be spam. You can, for example, change that orangy-brown color to something a little more eye-pleasing, as well as flag junky messages so that they really stand out.

The following types of messages are exempt from junk-mail filtering: This section contains three options, all designed to keep Mail from falsely identifying good email. The first two—‘Sender of message is in my Contacts’ and ‘Sender of message is in my Previous Recipients’—assume that anyone you’ve chosen to communicate with is unlikely to be a spammer. The third, ‘Message is addressed using my full name’, exists because it’s rare that spam is addressed in this way. This could help the urologist who prescribes the drugs we discussed earlier.

Trust junk mail headers in messages: As email works its way through the Internet’s various servers, it can be identified as junk mail before it gets to you. This identifying information is planted in the message in areas that you can’t normally see. When this option is enabled (as it is by default), you’re telling Mail to trust that when a message has been marked as spam prior to you receiving it, it really is junk and should be treated as such.

Filter junk mail before applying rules: This option, which is off by default, gives junk mail filtering priority when your mail is filtered. As the name implies, the junk mail technology examines your incoming email first and deals with the results. Then your rules kick in. Because I have created some rules that help filter unwanted mail, I leave this option off.

Reset button: If you’ve failed to train Mail or done it so rarely that you get bizarre results, it may be time to start over and commit to doing it right the next time. You do this by clicking Reset at the bottom of the preference. This erases any training you’ve done and restores the junk mail feature to its default settings.

Additional measures

Normally I’d wrap this up with “And that’s junk mail filtering under Mail.” But because Mail can do only so much (and I really, really hate spam), I’m going to suggest that there are more things you can do. (As well as things you shouldn’t do.)

Do

Get a prefiltered account: With the right email account, you can unburden Mail (or any other email client) from dealing with junk mail. All the major free email services—Gmail, Yahoo, and iCloud—have some variety of server-side spam filtering in place. This means that the junk is weeded out and filed in a special folder before it reaches your inbox. Gmail has the best reputation for offering junk-free inboxes. AOL, perhaps the worst. I’ve seen reports of varying results from Yahoo and iCloud—some people see virtually no spam while others find these services wanting.

Use Gmail to filter mail from a POP account.

Gmail offers the additional advantage that you can redirect mail from other accounts (these must be POP accounts) through your Gmail account. When you do this, Gmail’s spam filters kick in and clean your mail before it reaches you. To set up this option, visit your Gmail page via a Web browser, click the Settings button, select the Accounts tab, and click the Add a POP3 Mail Account You Own link. You’ll be walked through the process of redirecting your account through Gmail.

Consider a better spam utility: As I’ve said, Mail’s junk mail filtering is reasonably good, but it’s not great. If you want great then you want C-Command Software’s $30 SpamSieve. It’s a far more comprehensive and effective tool than Mail’s built-in junk mail feature. It’s easy to train and, once trained, it gets the job done. I’ve used it for years and can’t recall the last time it made a mistake. If Mail fails to identify spam to your satisfaction, SpamSieve is a must-have.

Don’t

Reply to spammers: One of the purposes of spamming is to accumulate addresses that someone actively uses. If you click an “unsubscribe” link or send a reply along the lines of “You filthy brute!” you’re only confirming that they have a live address. They will then sell this address (along with thousands more) to other spammers. When you reply to spam in any fashion, you’re inviting more spam.

Bounce messages back to spammers: At one time Mail had a “Bounce” feature. The idea was that Mail would concoct a message that looked like a “Sorry, there’s no one at this address” missive and fling it at the sender’s email address. There are two problems with this technique in today’s world.

The first is that spam is automated. There’s no one guy sitting at the other end of the line who reads such messages and reacts “Ah, a bad address. I’ll just remove this from our nefarious list.” There is no such removal because it costs almost nothing to send out millions of spam messages. Spammers don’t care if the bulk of them go to dead addresses. So, this technique does nothing to have your address removed from spammers’ lists.

Secondly—and most important—the return address for spam messages is invariably faked. When you bounce a message it may very well go to some poor shmoe whose address was hijacked by spammers. By bouncing the message, you’ve just spammed this innocent person. Now imagine thousands of people doing that.

In short: Bouncing messages is ineffective and only compounds the problem. Don’t do it.

Believe everything you read: There’s a particularly nasty form of spam called “phishing.” Its purpose is to get you to visit what looks to be a legitimate website and provide that site with such personal information as your bank account, credit card, and social security numbers. Do that and you’ve set yourself up for a bad case of identity theft—the results of which may be an empty bank account and a fleet of yachts charged to your credit card.

This email can look like it came from your bank, a credit card company, an online shopping site, or the government. And it often comes in the form of a dire threat: “We’ll disable your account unless you confirm your account information immediately!”

The first step in protecting yourself is to cock a sceptical eye at this stuff, regardless of how legitimate it looks. Next, look for spelling and grammatical errors. Some of this crud is composed in countries where English isn’t spoken natively. If a message seems badly translated from another language, it probably was and isn’t legitimate.

You can also hover your cursor over any links that appear in these messages. When you do, a small yellow window will appear that contains the real address that link directs to. On the surface it may read amazon.com, but when you hover your cursor over it you find that it directs you to the true address, which is youareasucker.net. Finally, before acting on any of these things, travel to the site that supposedly sent it (using links you enter in your browser, not ones contained in the message) and check your account. If you see a notice that confirms the information in the email—you need to update your credit card information, for example—then act on it. If you’re still not sure, contact the company directly.

This message claims a Facebook connection, but the link points elsewhere.

Open attachments: If you’re not familiar with the sender, be very cautious about opening any attachments. Attached files from spammers are never what they claim to be. More often than not they’re some kind of virus designed for Windows PCs so they have no effect on a Mac. Still, better safe than sorry.

Protect yourself via a challenge/response scheme: In the last decade someone came up with what seemed to be a brilliant idea: When people sign on for an account with our service, we’ll ask them to create a list of people who they always want to hear from (a whitelist). Messages from these individuals will be delivered to the recipient with no problem. If, however, someone not on the list attempts to send that person a message, they’ll be told that they have to visit a website, click a link, and enter a code to confirm that they are who they say they are. The intended recipient will then approve them so that they’re not bothered with this rigmarole again.

Sounds great, right? It’s not. To begin with, it shifts the responsibility for dealing with spam from the recipient to the sender. If I want to send you a message, somehow it’s my job to make sure it gets through rather than you taking measures to deal with your spam problem. Rude.

And the result of this “Hey, you deal with my problem, buddy” scheme is that many people simply won’t make the effort. Confronted with one of these “Please verify” messages, they’ll delete the message they intended to send to you and vow to never bother again. Yes, you may see far less spam, but you’ll also receive far less legitimate email because it won’t be sent.

Earthlink was responsible for a lot of this stuff. I haven’t seen one of these messages in ages, so perhaps the company finally wised up and stopped using this scheme. If your email service offers it by default as a way to protect you from spam, disable it and find another way, or switch to a different service.

Be a spammer yourself: Finally, consider the golden rule. If you don’t like receiving unsolicited email, there’s a very good chance that others don’t either. You may have the most adorable cat on earth, believe fervently in a political or religious cause, have the greatest business plan ever devised, or have faith that good luck comes in the form of chain mail, but sharing this stuff with everyone in your address book makes you the spammer. You absolutely want to spread the word to people who have indicated their willingness to listen, but be sure you have very strong evidence that this willingness exists. Ask, rather than assume, and your email life will be far more harmonious.

Next week: Getting started with Calendar

Subscribe to the MacWeek Newsletter

Comments