• I’ve received a spate of bogus emails lately so I did some research. I hope you’ll join me in the defense effort. Sy and the gang will be back next week.

I hate electronic SPAM. You’re probably with me on this – Stupid Pointless Annoying Messages in your email inbox, cluttering up the place and getting in the way of communications you really want or may even need to receive.

The SPAM tide keeps rising – legit and fake ads, legit and fake charity pleas, legit and fake political pitches, fake personal notes, any of which may be phishing attacks or vehicles for malware.

You can do something about that.

When I get an email, I wonder: Is that email really from who it says it’s from? Does it carry hidden malware? Will that clickable thingie do exactly and only what it says it’ll do? If I reply, will my reply go to the sender and nowhere else?

Those questions bother the communications infrastructure, too. SPAM parasitizes server and carrier resources that cost real money. The Internet Engineering Task Force (IETF) is on the case.

IETF’s defense strategy tries to snuff SPAM early in the transmission process. The part of an email address after the @-sign is called its domain. Each domain has an owner who is responsible for protecting their domain’s output. If a mail item’s FROM: address names a domain it’s not authorized to use (called “spoofing” in the trade), IETF-supplied protocols (if you’re curious, they’re SPF, DKIM and DMARC) can block the item –  IF the domain owner has properly configured their system to block spoofing.

But suppose a slippery item aimed at you gets past that defense. Here’s where self-defense comes into play. You have help, but that help depends on you and many other email recipients raising penalty flags on the bad guys.

Your Mail User Agent, the place you go to look at your emails, is another gate-keeper along the path. These range from huge (Outlook, gmail, Apple Mail) to tiny (maybe you have your own personal mail server).  Your MUA may be configured with filters that can inspect and block incoming emails before you see them.

Inspect? Sounds like Big Brother, right? In some places and at some times it might be, but these inspections have a different intent. What’s important is that they depend on penalty flags. Different filters (a MUA may use several) look and feel different, but basically the system records a penalty flag against every email you’ve marked as “Junk” or “SPAM” or bounced to your MUA’s abuse@ or fraud@ mailbox. Check whether they have one — if so, save its address.

Conversely, it’s good to mark “Not SPAM” on something you find in your Junk or SPAM folder that shouldn’t be there. In the trade that’s a “false positive”; your “Not SPAM” lowers the penalty level.

Each filter has its own way to use our flags – some build a blacklist of heavily‑penalized domains; some look for suspiciously hidden links or known malware attachments; some use pattern matching to suss out significant phrases or graphics shared among groups of flagged emails, tactics abound. The tricksters are tricky, though, so catching SPAM is a continuously‑escalating game of whack‑a‑mole.

The threats have created a demand for A.I. in this application. I don’t want A.I. that’s been trained on the unpaid work of legitimate creators, but I do want A.I. that’s been trained on SPAM. Even A.I. needs real‑time updating, which is why we’re a vital part of the feedback loop. Our self‑defense is in recognizing and flagging each speck of SPAM we see.

What do we look for? Some caution signals:

1. If it asks for money AND it’s in a hurry. OK, political email does that, but so do scammers. (Yes, they may overlap, but.)
2. Poor grammar and spelling. Believe it or not, this is often on purpose. The idea is to make the recipient feel smarter than the sender, too smart to fall for anything, and thus actually a little bit less leery.
3. Requests for personal information, including as part of an online “survey.”
4. FROM: or REPLY: addresses that don’t look right. If it comes from gmail.com it’s probably not really from your bank.
5. Related: Links via bit.ly – you never know where they’ll take you until you’re there.
6. And this is basic: If it looks too good to be true, it generally is too good to be true.

Please use those flags aggressively and help us stay safe out there.

~ Rich Olcott