The Eternal Spam Struggle: How To Fight It and Stop Your Emails From Landing in Spam Folders

Spam email

Everyone has at least once in a lifetime come across an email notifying you about an accidentally tremendous jackpot or an extremely rewarding job offer, while the only thing you need to do is to click just one link. The creativity of spammers knows no bounds, and sometimes such emails are even funny. But, unfortunately, they all pursue malicious goals, like stealing data or extorting money.

Let’s figure out what spam email is, how to identify and avoid it, and learn the legal consequences of spamming in different countries. Spoiler: spamming is considered a cybercrime by many countries across the globe.

What is spam email and why is it called that way

Spam in general means any unsolicited emails or text messages which are sent out to a large number of recipients. It is usually aimed at promoting or advertising questionable products or services, but the worst thing is that spam emails are quite often infected with malware.

Spamming has reached incredible scales. According to Statista, the record high volume of spamming was estimated in July 2021 with 282.93 billion of junk emails. It makes more than 84% of a total amount of emails sent across the globe. The activity of spammers increased due to COVID-19 pandemic as well. Now it reaches an unbelievable 90% of the world’s email traffic.

spam statistics over 2020-2021
Average daily spam volume worldwide from October 2020 to September 2021. Source: Statista

Let’s get back to the origin of this term. The word “spam” actually had no negative connotation some 80 years ago, in the 40s. Spam was the brand name for canned food by the Hormel Foods Corporation, which produced meat rations for soldiers during World War II. Many items were left after the war, so spam canned food appeared in aggressive advertisements literally everywhere for selling them before the expiry date. When annoying bulk mailings appeared, it reminded users of the omnipresent spam ads, so this word couldn’t suit better.

image of SPAM canned meat bran
Сanned cooked pork “SPAM” made by Hormel Foods Corporation. Source: iStock

How to identify email spam and eliminate it

Sometimes spam emails are written very skillfully so that you fail to identify them just at once. However, there are certain features that will help you recognize even the most outstanding spam masterpieces. Let’s check them out.

How to recognize It

If you pay attention to the details below, you will see the unwanted guests in your inbox even by a quick glance.

  • strange email address, typos, spelling mistakes in the subject line or preheader;
spam email example
An obvious example of a spam email
  • Mind the language and context: spam emails often sound urgent to get your immediate response;
  • Spammers usually add a link or attach a document (never click or open it, please);
a spam email with a link to another website
A number of spelling mistakes and a link to another website are obvious signs of a spam email
  • More advanced spammers create very authentic emails. For example, the address can differ from the original one just in a couple of symbols. If you have any suspicions, pay attention to these details and get in touch with the potential sender through another channel.
spam email with attachments
Pay attention to the typos, style and attachments of the sender. Source: Wikimedia Commons

Is it dangerous

Spam emails clutter up your inbox at best, if they fail to bring real damage. The motives may be different, but spam is mostly aimed at stealing money or personal data through malicious links or attachments. According to Sift Q1 2021 Trust & Safety Index, there was a 600% increase in email malware attacks in 2020 compared to 2019. Spam, as part of the email security problem, remains a challenging issue. Therefore, Greathorn 2021 Email Security Benchmark Report even named email security as the top IT security project of 2021.

Why emails go to spam instead of inbox

The attempts to fight spam result in situations where good emails get marked as spam and fail to reach the recipients. This is the other side of the medal, since getting emails to the inbox is an essential part for email marketers. Mail services have worked out sophisticated anti-spam solutions, which is fair for users’ comfort, but marketers need to take them into account while planning a campaign. Why? The answer is simple: security systems are smart, but not enough to detect legitimate senders and spammers without faults. Therefore, even one simple mistake may be regarded as a spam attribute and undermine your email campaign.

Here is a checklist to keep your emails out of a spam folder:

  • You are targeting the wrong audience which marks your emails as spam. It may happen if you, for example, have bought your list of subscribers. We have put together the best tips on how to build a quality email list quickly and effectively in our blog.
  • You ignore email design. A ‘brick’ of text without a page layout, images, buttons will be more likely perceived as spam.
an example of legitimate email perceived as spam
An email without design has more chances to be marked as spam. Source: Email Competitors
  • You share an IP address that has a bad reputation. Even if one of the previous IP users sent spam before, it may affect your work.
  • You use a misleading subject line that does not correspond with the mail content – this is even stipulated in the US state law regulating unsolicited emails (we will discuss legal requirements below)
  • You use spam triggers. Such words and phrases like “great offer”,”risk-free”, “this is not spam”, “order now” and others may, unfortunately, be seen by anti-spam software as unsolicited emails.
an email with spam trigger phrases
Spam trigger “risk free” phrase used even twice. Source: Really good emails

Common types of spam emails

Commercial Advertisements

According to the US CAN-SPAM Act, commercial messages are defined as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service”. So, even if you announce the launch of a new product in an email, it will be regarded as a commercial message. Thus, you should strictly comply with all the legal requirements to avoid a spam label.

new collection announcement email
Even a new collection announcement email should be well thought out to avoid spam filters. This email follows all the basic CAN-SPAM Act requirements. Source: Really good emails

Antivirus Warnings

It has already become a spam classic: an urgent warning that your computer was infected with a very dangerous virus, and the only thing that can help is to click the link with the necessary “software”. Usually, it is an obvious fake, but sometimes such emails look reliable for a recipient, for example, when the sender is allegedly an antivirus provider. Look at this screenshot:

an example of fake security alert
A fake spam alert allegedly on behalf of an antivirus provider. Source: Avast

This fake alert looks very authentic, however, exclamation marks, capslock and “a final notification” might warn the user.

Email Spoofing

Email spoofing is a technique that was used in the example above – the aim is to make a user think that a message came from a reliable or familiar sender. A spoofed email looks legitimate: though the address may be forged, the mail body contains a logo and other corporate identity elements. The ultimate goal of email spoofing is to deliver an injurious message or software. The attackers want to make a user open the email, and preferably respond to a message (provide a password, credit card number) or click a malware link. Spoofing often serves as a part of a phishing attack, which we will discuss in the next block.

Sweepstakes Winners

Another spam classic: a joyful notification about your alleged winning a lottery, a game, sweepstakes, etc. You should hurry up to take your prize, for example, by clicking a dangerous link or submitting sensitive personal data. Any promises of free money or prizes should be dismissed.

=lottery scam example
Lottery scams may use the name of the official nationwide lotteries. Pay attention to strange email addresses, requests for personal information, etc. Source: Australian Competition and Consumer Commission

Money Scams

This is the most brutal type of spam email. There is always a story behind it: a fantastic crime story (like in the example below), or a shameless begging to help a child who is allegedly suffering from a disease. Always double-check this information.

money extortion scam
Money extortion email. Source: CISCO

Spamming vs. phishing

Spam emails do not necessarily contain malware, as we may see, it may be unwanted ads, newsletters, coupons, adult content, or any other unsolicited information that clutter up your inbox.

Unlike that, phishing is a type of a cyberattack that is designed at acquiring sensitive information. Email phishing may look legitimate through spoofing, but the content will definitely have a request to fill in a form, share personal data, click a link, etc. The general recommendations are the same as with detecting spam: always pay attention to spelling, language style, the address and the links attached.

phishing email example
An example of a phishing email aimed at stealing your payment information. Source: Norton

Why do you get spam emails

Generally speaking, once you share your email somewhere, you are unable to control it further. The address may be added to some particular database or just sold. Here are some scenarios that may end up with you getting spam:

  • You purchased a product in an online store. Though it is already an essential part of our life, the online store privacy policies may be quite questionable. For example, they may stipulate that your email address can be shared with third parties. But you certainly clicked “agree with the policy” without reading. So, nothing personal, just business.
  • You downloaded free software. There is nothing completely free. The other side might definitely have its profit, for example, through selling your personal data.
  • You registered on some websites. Nowadays most of us have dozens of accounts on different websites, e.g. every online shop welcomes creating an account. But the privacy policies are sometimes not quite fair towards keeping our email addresses as secrets.
  • The party you shared your email address with was hacked. In this case, data-stealing may result in getting into a spam database.

How to avoid spam

We could have recommended not to do the things mentioned in the previous paragraph, but this is obviously impossible. Therefore, try to follow these recommendations that will help to reduce spam:

  • Share your email address carefully: never do it on forums or any other public platforms.
  • Think before you click.
  • Do not simply delete spam: report it and never reply to it.
  • Be careful with the unsubscribe buttons: if you suspect a spam email based on its style, spelling mistakes, etc., never click on the buttons, as they can contain malware.
  • Read the privacy policies through, as it may save you a lot of space in your inbox, not to speak of cybersecurity issues. Hint: to save time, check privacy policy update emails instead of reading full privacy policy documents.
a privacy policy update email
An example of a privacy policy update email. Source: Really good emails

Regulation and legislation

Governments across the globe fight with spammers at the legislative level. Let’s check out the legal requirements in different countries, paying  the punishments – the sums are quite impressive.

United States

Since January 2004, the federal law CAN-SPAM Act (the Controlling the Assault of Non-Solicited Pornography And Marketing Act) has been in effect in the United States. It regulates the rules for sending advertising emails and also establishes liability for spammers.

The CAN-SPAM Act contains several basic provisions which have become universal email marketing standards. To put it briefly:

  • No false or misleading information in the header: the recipient should be able to identify the person or entity who sent the email.
  • No deceptive or misleading subject lines: it should correlate with the email content.
  • Commercial messages should be clearly identified as such.
  • Location information: your email should contain a valid physical postal address.
  • The inclusion of an opt-out option: this link or button should be recognizable and clear.
  • The opt-out request should be processed and put into effect within 10 business days.
  • The sender should monitor and assume responsibility for the messages executed by third parties on behalf of the sender.

So,  the CAN-SPAM applies not only to spammers but to all commercial emails. The only exception is transactional” or “relationship” messages.

The punishment is tough: according to FTC, each separate email violating the CAN-SPAM Act is subject to penalties of up to $43,7928.

The United Kingdom

The Privacy and Electronic Communications (EC Directive) Regulations 2003 is the anti-spam policy in the UK. Its principal point is that all the direct marketing messages can be sent only upon permission from the recipient and only in case of a previously established relationship. Also, the identity of the sender should be clear, and an unsubscription option should be visible and simple.

The violation of the legal requirements in the UK can result in a fine of up to £5 000 ($6 699) and even criminal prosecution.

Canada

Canada’s anti-spam legislation (CASL) is the federal law dealing with spam and other electronic communication means. It took into effect in 2014. CASL establishes the definition of CEM, which is any electronic message that encourages participation in a commercial activity. As well as in the UK, the document requires Canadian and global organizations that send CEMs to receive consent from recipients before sending out messages. In order to protect users, their consent is valid only if your request has a clear description of the proposed content, detailed contact information, and an opt-out option.

The penalties for violation impress: the fines under CASL are up to $1 million per violation for individuals and $10 million for companies.

Australia

The Spam Act 2003 and the Spam Regulations set out responsibilities for spamming under Australian law. Its main features are familiar: before sending emails you should get permission, clearly identify you as the sender and provide an easy unsubscribe option for recipients. Note: it is illegal to use or supply address-harvesting software.

The fines are also severe – up to $400 per email that does not comply with the legislation.

European Union

Europe’s long-planned data privacy and security law – the General Data Protection Regulation (GDPR) – came into effect in May 2018. This is the core of the EU digital privacy legislation which is applicable in all the countries of the block. Under this act, any organization dealing with personal data from the EU is obliged to comply with the GDPR.

Concerning anti-spam policy, there are basic points that are common for other jurisdictions as well:

  • A recipient’s explicit consent before sending emails
  • No pre-marked boxes on forms to obtain consent
  • Transparent opt-out mechanism
  • Clear and full information about the sender
an example of a newsletter sign-up box
An example of a correct checkbox and a pre-ticked newsletter sign-up one. Source: Iubenda

The GDPR is the toughest privacy and security law in the world: the penalties for violations are up to $20 million or up to 4% of an entity’s total global turnover in the preceding year.

Conclusion

The spam folder is a problem for all the parties involved: a user, a business, and an email marketer. Fraud victims lose money or get their computers infected; clients receive no information about you since your emails end up as spam. Moreover, there can be serious consequences: domain disconnection, lawsuits and fines.

First, think of your own digital security and beware of spammers:

  • Think before you click
  • Share your email address carefully
  • Report spam and never reply to it
  • Double-check the suspicious information to avoid spoofing and phishing attacks

At the same time, every company’s email has a chance to be labeled as spam. But it doesn’t mean that you should give up: follow our tips to do everything right. Check out these factors:

  • The legality of the mailing
  • Domain reputation
  • Technical settings of the mailing list
  • Compliance with the mailing service rules

How do you fight spam?

Answer in comments
unisender

Comments