Anti-Spam Toolkit: User Resources

Should I be Concerned?

  • At its best, spam is a nuisance. How much time do you spend sorting through your email inbox just to find the emails you are interested in? Do you receive annoying SMS messages on your mobile offering you services you don’t want?
  • At its worst, spam you receive could contain malware, scams and/or be used for phishing attacks that attempt to lure you into revealing your personal data (e.g. date of birth, national identity number, residential address, bank or credit card details, passwords). And … your computer or mobile could become part of an illegal botnet, sending spam, participating in a DDoS attack, or causing other harm to other Internet users … without you even realizing.
  • Is your Internet access limited? Have you thought about how much of your monthly data limit is spam?
  • Reducing your risk of spam decreases hassle and lessens threats to your devices and personal data. It also reduces your exposure to scams.

What can I do to reduce the amount of spam I receive?

  • Be careful about disclosing your email address or social media name. (Spammers will use email addresses that are posted online and some businesses sell customer information to email marketing companies.)
  • Read privacy policies before submitting your email address online.
  • Use the filtering or spam tagging capabilities provided by email programs.
  • Be watchful of the selections that are chosen by default. When you sign up for some online accounts and services, the option to receive emails or other messages may be already selected. If you do not want to receive emails, messages and other notifications from those providers and their affiliates, deselect that option.
  • Use an alternate email account for completing online forms. The alternate account will attract spam instead of your primary email, which you can keep for personal use. Don’t volunteer your email address if it is not needed.
  • Use a disposable temporary email account for services you don’t trust (e.g. an unknown public Wi-Fi service).
  • Use privacy settings on social networking sites to restrict access to your email address and other personal data.
  • Report messages as spam in your email program. This helps train your filter to catch spam before it reaches your inbox.
  • Do not click links in spam messages as they confirm the validity of your email address and may expose you to malware.
  • Disable automatic downloads of graphics in HTML mail. Spammers use HTML mail with linked graphic files to determine who opens their messages

For more information, see US-CERT’s Security Tip: Reducing Spam, M3AAWG’s Best Practices to Address Online and Mobile Threats, or ICO’s page Spam Emails.

What can I do to avoid the bad effects of spam?

  • Enable junk mail filtering if your email program or service offers it.
  • Disable “load remote content in messages”. (This stops your email program from automatically loading content which could be used by the sender to know you viewed the message, that your email address works, your location (by observing your IP address), details about your computers and the applications you are using, etc. Note: If you trust the sender and are prepared to share this kind of information, you can manually change this setting in the email).
  • Do not open spam or reply to it. It is particularly important that you do not reply if you believe the spam may be a phishing attempt.
  • If you do open an email or other message before realizing it is spam, do not click on any links or pictures (links could be hidden in images), download or open any attachments, including ZIP files.
  • Report spam to your government anti-spam agency or consumer protection agency, or to anti-spam organizations. (There is more information about this below.)
  • Run frequent virus scans to help determine if your computer or device is infected with malware.
  • If you believe your email account is being used to send spam, change your password. If you are unable to do so, get into contact with your email provider to discuss the problem. (If you have used your email account password for any other service, you should change the password for those services too. Make sure each is unique.)

Note: You send and receive a lot of personal data via your email account. You use your email address as your username for many online services. When you forget your password, many of those services send you a password reset via your email address. You don’t want spammers and other criminals to gain access to your account. Protect your email account with a strong unique password, and two-factor authentication if it is available.

How do I know if my computer or mobile is sending spam?

Note: You may not be able to detect whether your device is sending spam, but here are some signs that your device may be sending spam:

  • You are receiving “bounce messages” for emails you do not remember sending.
  • Your sent box has emails which you did not send.
  • Your friends complain about receiving strange messages from you. (This may also be a sign that your address book or contacts have been compromised.)

For more information on “botnets,” see PCWorld’s article Is Your PC Bot-Infested? Here’s How to Tell and for information on “botnets” on the Windows operating system see Microsoft’s How to better protect your PC from botnets and malware.

Who do I contact if I want to report or make a complaint about spam that I have received?

  • First, remember to mark the messages as spam within your email program. (This will help train your email filter to catch spam before it reaches your inbox.)
  • Second, report the spam to your email or social media provider, along with the sender’s details.
  • Also, spam can be reported to different government entities, and anti-spam organizations. Some organizations are:

What can I do to help others?

  • The best thing you can do to help others is not be part of the problem.
  • Be mindful not to inadvertently spam others, particularly with forwarded messages.
  • Be aware of any strange bounced emails and use a strong password for your email.
  • Run frequent virus scans to lessen the likelihood of your computer being a part of a “botnet.”
  • Don’t post your friends’ email addresses publicly without asking first. (It’s also a good privacy practice.)