Why Spam Is More Than Just Annoying
Spam email is a persistent problem that goes beyond cluttered inboxes. Spam campaigns deliver phishing attacks, malware attachments, scam offers, and credential-harvesting links. Understanding how spam works — and how to stop it — is a core part of digital self-defence.
How Spammers Get Your Email Address
Before you can stop spam, it helps to understand how senders find you:
- Data breaches: Your email ends up in leaked databases that spammers purchase or scrape
- Website scrapers: Bots scan public pages, forums, and social profiles for email addresses
- Sign-up forms: Some free services sell subscriber lists to third-party marketers
- Email harvesting from contacts: If a contact's device is infected, your address can be harvested too
User-Level Techniques to Reduce Spam
1. Use a Secondary Email for Sign-Ups
Keep your primary email private and create a secondary address for newsletters, promotions, and account registrations. Services like Gmail or Outlook make it easy to create multiple accounts.
2. Use Disposable Email Addresses
For one-off registrations you don't care about, use a temporary email service. These generate short-lived addresses that forward to you (or nowhere) — your real address is never exposed.
3. Never Unsubscribe from Suspicious Spam
Clicking "unsubscribe" on spam from unknown senders confirms your address is active — and often results in more spam. Use your email client's built-in spam/junk reporting instead.
4. Train Your Spam Filter
Email clients like Gmail, Outlook, and Thunderbird use machine learning filters that improve with feedback. Mark spam as junk consistently — don't just delete it. Over time, the filter learns what to block.
5. Use Email Aliases
Services like Apple's Hide My Email, SimpleLogin, or AnonAddy let you create unique aliases for each service you sign up with. If one alias starts receiving spam, you know which service leaked it — and you can kill that alias.
Server-Level Spam Filtering (For Domain Owners)
If you manage your own domain or email server, these configurations will significantly reduce inbound spam:
SPF Records
A Sender Policy Framework (SPF) record tells receiving mail servers which IP addresses are authorised to send email from your domain. This helps prevent spoofing and improves deliverability.
DKIM Signing
DomainKeys Identified Mail (DKIM) adds a cryptographic signature to outgoing emails. Receiving servers can verify the signature to confirm the message wasn't tampered with in transit.
DMARC Policy
DMARC ties SPF and DKIM together, telling receiving servers what to do when a message fails authentication — quarantine it, reject it, or just report it. Even a basic DMARC policy dramatically reduces spoofing of your domain.
Greylisting
Greylisting temporarily rejects messages from unknown senders, asking them to retry. Legitimate mail servers retry automatically; many spam bots don't. It's a low-effort way to cut spam volume at the server level.
DNS Blacklists (DNSBLs)
Configure your mail server to check inbound connections against real-time blacklists such as Spamhaus, SORBS, or Barracuda. Connections from known spam IPs can be rejected outright before the message is even accepted.
Choosing a Good Spam Filter Service
If you don't want to configure things yourself, many email providers offer built-in filtering. For business use, dedicated anti-spam gateways (cloud-based services that sit in front of your mail server) offer a higher level of control and logging.
A Note on Phishing vs. Spam
Not all dangerous email is bulk spam. Targeted phishing emails may appear personalised and pass spam filters. Always verify unexpected requests for credentials, payments, or sensitive information through a second channel — especially if they create urgency.
Combining user-level habits with the right technical configurations can reduce spam to a manageable trickle. The goal isn't perfection — it's making your inbox a safer, quieter place.