Spam—phishing, marketing, and scam emails—is annoying, that we can all agree on. One Macworld reader wants to take the ultimate step is stopping these emails.
Is it possible to set one’s iMac, MacBook Pro, iPhone and iPad to ensure scam, phishing, and marketing emails are blocked? I’d be grateful for any information you can provide.
Would it were so! Would it were so. Unfortunately, the basis of internet email is that every part of the system more or less mostly trusts every other part. It used to be that every part completely trusted every other part.
That’s one problem, because since server and messages are mostly trusted, scammers, spammers, and aggressive legitimate marketers can’t simply be blocked before the message lands at your email host, the site at which email is accepted for your address. Another is that return addresses can be forged—at least some of the time—because there’s no verification system that ensures an email you receive was sent from the address shown to have sent it. (There are ways for owners of domains and operators of mail servers to specify and validate the only legitimate servers that a return address comes from, but they’re not universally deployed nor perfect.)
And even if there were a way to prevent malicious and criminal parties from being able to send email from accounts under their control, an unknown, very large number of computers and email accounts have been hijacked or can be on a moment’s notice, sending scams through addresses that otherwise have only carried legitimate email until that point.
However, you can take steps that will help mitigate it, if you aren’t already.
Stop unwanted emails at your email host
Enable any spam-filtering options available. Apple automatically performs some blocking and filtering for iCloud. Some hosts, like Fastmail, plug in a well-known system called SpamAssassin, which uses a large set of rules to guess whether email is legitimate or not, or unwanted or not. You can train SpamAssassin, as you can train Gmail and other services by marking email as spam and, conversely, checking the junk or spam folder to mark messages as “ham”—desirable email.
SpamSieve ($30) is a very long-running, still regularly updated app that maintains its own database of spam and ham, and which plugs into Mail, Outlook, and other macOS email software. It relies on Bayesian analysis of spam and ham, letting it use word frequency to provide a probability of whether a given message is legit or should quit.
Set up rules to stop spam
Both on a mail host and in email software, like Apple’s Mail for macOS, you can set rules that filter incoming messages and mark them automatically as junk or throw them into the trash. I have a persistent spammer who, for some reason, isn’t automatically marked as spam and hasn’t been shut down despite operating openly from the same address and domain. Tired of marking by hand, I created a filter that marks the messages as junk.
Never click a URL in an email
Phishing relies on fooling you about messages, so even if you take all protections above, you’ll still wind up with messages that look real. I’ve taken to rarely clicking on a link, but instead visiting a site if I need to know something, unless I can absolutely be confident the URL looks exactly like what I expect.
Mail software could do a lot more. For example, you could blacklist and whitelist URLs, so that messages that contained certain paths or pointed to any domain would require extra steps to go through, while links to legitimate domains were highlighted to show they’d been both verified as secure and you’d marked them as acceptable.
Decades into the spam battle, the weapons of defense still seem pretty paltry.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to firstname.lastname@example.org including screen captures as appropriate. Mac 911 can’t reply to—nor publish an answer to—every question, and we don’t provide direct troubleshooting advice.