Smart Spam Fighting
How Do I Block Spam Email For Good?
“I marked an email address as spam, but I keep receiving emails from the same address!!! WHY!”
I’m going to explain the why, how, and how you can block these emails.
The reason your inbox is still full of annoying emails is because you’ve only blocked a randomly generated email address and not the real email address. Check out this example.
The email purports to be from jigar@tenderdetail.com but is actually from a randomly generated email address. Each time the sender sends an email the email name is changed. The actual email address is:
bounce-md_30518121.62e04141.v1-961a0f00d39545fc892d37fd85df1db4@mandrillapp.com.
Part of the Problem: Email Automation
Sounds nefarious, doesn’t it? But it isn’t all that nefarious when used as intended. Most (if not all legitimate businesses) use a dedicated email automation like HubSpot, Constant Contact or MailGun. According to CAN-SPAM, emails can only be sent to recipients who have opted into a mailing list. You are likely opting into mailing lists every time you buy something online, sign a contract with a vendor or attend a webinar. Also per CAN-SPAM, these emails must have an opt-out option included somewhere in the message. Here are a few reasons email automation is used:
- Sending emails directly from a personal email account risks getting your email address blacklisted, especially when sending to large lists.
- Most email providers have measures to prevent mass mailing. For instance, Microsoft 365 has a max daily recipient limit of 5,000 and a max per email message.
- Third party mailing systems include many tools that make sending emails easier and quicker. Plus they are often more attractive and include tracking. More robust solutions like HubSpot include a very powerful CRM that ties all the mass emails to a list of prospects.
- An enterprise can funnel all mass communications through a single contact method and control the message presented to clients. If you’re familiar with the book Building a StoryBrand, you know how important it is to tell the same story each time you talk to a prospect.
So what? You may be thinking: “I really don’t care WHY they do it, I just want the emails to stop!” Be patient. I’m going to get there, but I first need to explain how spam emails are sent. Legitimate mass mailers like Hubspot work hard to protect their platforms from partners that send emails to recipients that have not opted in. They do this by setting 5% hard bounce and .1% spam/block rates– among other things. If you send a mass email to 1,000 strangers using Hubspot then you’re likely going to be suspended from their platform. So, how do people work around this? The answer is free email accounts like Hotmail.com, Outlook.com, Gmail.com, Yahoo.com, AOL.com etc. On Gmail, a user can create a free email account and instantly spam 500 recipients. When that account is blocked by Google they simply create another account and repeat the process forever.
Now to get to the point. You have a few options to block spam.
1. Block Free Email Providers
The first and most effective is to block all email from free email providers. If you run a legitimate business that only does business with other well-known businesses then you can simply block all the free email domains like @yahoo.com, @gmail.com etc. To do this you should have a business class spam filtering solution like Proofpoint that includes a feature called “sender lists”. This feature allows you to globally block email domains. It’s also possible to do this with most mail clients, but in truth if you aren’t using a third-party email threat protection system then you have more issues to deal with than just spam. In that list you can add email domains you want blocked by using wildcards like “*@yahoo.com” which will block all email sent from @yahoo.com. But what if you want to receive an email from your mother? It’s simple, you just have to whitelist her email address to bypass these rules.
2. Block Mass Mailer Domains
Once you have all of the free email accounts blocked, you can begin blocking the mass mailer domains. These can be a bit tricky as the companies sending automated mail have worked very hard to make it difficult to block their mass emails. An example of a mass email is “@mandrillapp.com”. To block all emails from this mass mailer you just have to use a wildcard again” *@mandrillapp.com”, but many mass mailers are using multiple subdomains that change randomly. An example is: “@mail120.atl261.mcdlv.net”. This address can’t be easily blocked with a simple wildcard. The wildcard tells the filtering solution to disregard anything in front of the “@”, but still requires an exact match to the domain. Since the domain changes randomly you have to use additional wild cards. In this case you can use “*@*.mcdlv.net” to block any email from the root top level domain (tld).
3. Make an Email Quarantine List
Now that you have blocked all the generic free email domains, mass mailing domains and whitelisted Grandma1998@aol.com, how do you check to see if you are blocking an email from a legitimate sender like PastorBob@yahoo.com? There are two options.
- You wait for Pastor Bob to put you on a prayer list for not responding to his emails as he fears you are ill or fallen into a life of sin and debauchery.
or
- You send all blocked emails to your quarantine list that you check regularly i.e., once daily, weekly, monthly, etc.
This is another feature of Proofpoint that is very handy. I personally like to receive a daily digest of quarantined (by score) and quarantined (by custom filter). This allows me to see if one of my clients may have sent me an email from their personal @gmail.com account. In our case, all of our client’s utilize paid email accounts for legitimate domains, but if their computer dies they may have to send us an email from a personal phone or email account. Although we won’t receive it immediately, we can still see the email within 24 hours of sending.
Block Spam Mail, Get Back to Work
I hope this information was helpful to you. As always, don’t hesitate to reach out to me or my team if you have any questions or want to learn more!
Thank you!
Brian
Share the Knowledge
Managed Service Provider CHECKLIST
Land on the best IT solutions partner for your needs with this easy-to-follow, one-page download.