Dealing with junk mail

Additional measures

Normally I’d wrap this up with “And that’s junk mail filtering under Mail.” But because Mail can do only so much (and I really, really hate spam), I’m going to suggest that there are more things you can do. (As well as things you shouldn’t do.)

Do

Get a prefiltered account: With the right email account, you can unburden Mail (or any other email client) from dealing with junk mail. All the major free email services—Gmail, Yahoo, and iCloud—have some variety of server-side spam filtering in place. This means that the junk is weeded out and filed in a special folder before it reaches your inbox. Gmail has the best reputation for offering junk-free inboxes. AOL, perhaps the worst. I’ve seen reports of varying results from Yahoo and iCloud—some people see virtually no spam while others find these services wanting.

Use Gmail to filter mail from a POP account.

Gmail offers the additional advantage that you can redirect mail from other accounts (these must be POP accounts) through your Gmail account. When you do this, Gmail’s spam filters kick in and clean your mail before it reaches you. To set up this option, visit your Gmail page via a Web browser, click the Settings button, select the Accounts tab, and click the Add a POP3 Mail Account You Own link. You’ll be walked through the process of redirecting your account through Gmail.

Consider a better spam utility: As I’ve said, Mail’s junk mail filtering is reasonably good, but it’s not great. If you want great then you want C-Command Software’s $30 SpamSieve. It’s a far more comprehensive and effective tool than Mail’s built-in junk mail feature. It’s easy to train and, once trained, it gets the job done. I’ve used it for years and can’t recall the last time it made a mistake. If Mail fails to identify spam to your satisfaction, SpamSieve is a must-have.

Don’t

Reply to spammers: One of the purposes of spamming is to accumulate addresses that someone actively uses. If you click an “unsubscribe” link or send a reply along the lines of “You filthy brute!” you’re only confirming that they have a live address. They will then sell this address (along with thousands more) to other spammers. When you reply to spam in any fashion, you’re inviting more spam.

Bounce messages back to spammers: At one time Mail had a “Bounce” feature. The idea was that Mail would concoct a message that looked like a “Sorry, there’s no one at this address” missive and fling it at the sender’s email address. There are two problems with this technique in today’s world.

The first is that spam is automated. There’s no one guy sitting at the other end of the line who reads such messages and reacts “Ah, a bad address. I’ll just remove this from our nefarious list.” There is no such removal because it costs almost nothing to send out millions of spam messages. Spammers don’t care if the bulk of them go to dead addresses. So, this technique does nothing to have your address removed from spammers’ lists.

Secondly—and most important—the return address for spam messages is invariably faked. When you bounce a message it may very well go to some poor shmoe whose address was hijacked by spammers. By bouncing the message, you’ve just spammed this innocent person. Now imagine thousands of people doing that.

In short: Bouncing messages is ineffective and only compounds the problem. Don’t do it.

Believe everything you read: There’s a particularly nasty form of spam called “phishing.” Its purpose is to get you to visit what looks to be a legitimate website and provide that site with such personal information as your bank account, credit card, and social security numbers. Do that and you’ve set yourself up for a bad case of identity theft—the results of which may be an empty bank account and a fleet of yachts charged to your credit card.

This email can look like it came from your bank, a credit card company, an online shopping site, or the government. And it often comes in the form of a dire threat: “We’ll disable your account unless you confirm your account information immediately!”

The first step in protecting yourself is to cock a sceptical eye at this stuff, regardless of how legitimate it looks. Next, look for spelling and grammatical errors. Some of this crud is composed in countries where English isn’t spoken natively. If a message seems badly translated from another language, it probably was and isn’t legitimate.

You can also hover your cursor over any links that appear in these messages. When you do, a small yellow window will appear that contains the real address that link directs to. On the surface it may read amazon.com, but when you hover your cursor over it you find that it directs you to the true address, which is youareasucker.net. Finally, before acting on any of these things, travel to the site that supposedly sent it (using links you enter in your browser, not ones contained in the message) and check your account. If you see a notice that confirms the information in the email—you need to update your credit card information, for example—then act on it. If you’re still not sure, contact the company directly.

This message claims a Facebook connection, but the link points elsewhere.

Open attachments: If you’re not familiar with the sender, be very cautious about opening any attachments. Attached files from spammers are never what they claim to be. More often than not they’re some kind of virus designed for Windows PCs so they have no effect on a Mac. Still, better safe than sorry.

Protect yourself via a challenge/response scheme: In the last decade someone came up with what seemed to be a brilliant idea: When people sign on for an account with our service, we’ll ask them to create a list of people who they always want to hear from (a whitelist). Messages from these individuals will be delivered to the recipient with no problem. If, however, someone not on the list attempts to send that person a message, they’ll be told that they have to visit a website, click a link, and enter a code to confirm that they are who they say they are. The intended recipient will then approve them so that they’re not bothered with this rigmarole again.

Sounds great, right? It’s not. To begin with, it shifts the responsibility for dealing with spam from the recipient to the sender. If I want to send you a message, somehow it’s my job to make sure it gets through rather than you taking measures to deal with your spam problem. Rude.

And the result of this “Hey, you deal with my problem, buddy” scheme is that many people simply won’t make the effort. Confronted with one of these “Please verify” messages, they’ll delete the message they intended to send to you and vow to never bother again. Yes, you may see far less spam, but you’ll also receive far less legitimate email because it won’t be sent.

Earthlink was responsible for a lot of this stuff. I haven’t seen one of these messages in ages, so perhaps the company finally wised up and stopped using this scheme. If your email service offers it by default as a way to protect you from spam, disable it and find another way, or switch to a different service.

Be a spammer yourself: Finally, consider the golden rule. If you don’t like receiving unsolicited email, there’s a very good chance that others don’t either. You may have the most adorable cat on earth, believe fervently in a political or religious cause, have the greatest business plan ever devised, or have faith that good luck comes in the form of chain mail, but sharing this stuff with everyone in your address book makes you the spammer. You absolutely want to spread the word to people who have indicated their willingness to listen, but be sure you have very strong evidence that this willingness exists. Ask, rather than assume, and your email life will be far more harmonious.

Next week: Getting started with Calendar

Subscribe to the MacWeek Newsletter

Comments