SPAM – Part 3

SPAM – Part 3

SPAM – Part 3

Continuing with this series, we are going to look at:

  • How can we spot SPAM and tell the difference from legitimate email
  • Adjust our emailing habits to protect our email identities
Spotting SPAM

Things have progressed significantly since those early days in 1990. Email remains the killer messaging app in terms of sheer volume of users and data. WhatsApp, Facebook Messenger, and all the others combined don’t even come close. Global estimates place the number of email users between 3.5 and 4 billion, with approximately 250 billion messages sent per day. It’s easy to see why a spammer would be attracted to this marketing tactic.

Before we discuss how to identify SPAM, let’s consider the spammer’s goal: to get you to click on a link, any link in the email. The moment you click, you verify that your email address is legitimate to the spammer, i.e., there is a real person behind your email address. Instead of reacting to the email, please send it to your Junk filter.

Different types of SPAM are easier to spot than others. Traditionally, spam emails are little more than advertisements for alternative health products, penny stocks, and financial services, among other things. These are easy to spot. More insidious is the ‘phishing’ type of SPAM email. Have a look at the image below: Is it genuine?

The astute among you will notice that the Amazon logo is not displayed. This is because I have set my email application to not automatically load external links, graphics, etc., as a precaution.

It appears genuine on the surface, except that I have not made a purchase from Amazon. So, how can we tell? In the image above, all the words in blue are links to external websites or servers. So we might assume that those links point to Amazon’s servers. In your email client, being careful not to click, hover your mouse over those links to reveal the true destination, e.g.

Here we see that hovering the mouse over the “Order Details” reveals this link will take us to mileageindia.com, not amazon.com, as we would expect. Oh dear.

Let’s take a closer look at the origins of this email. Behind every fancy or straightforward-looking email are what are called the email headers. These headers tell the whole story— and reveal the truths —of the journey of every email.

Refer to this link for instructions on revealing email headers in various email applications.

There’s a lot of gobbledygook here, so let’s examine the first line. Although the email reply address says “auto-confirm @ amazon.com,” the email headers reveal the truth: that if you replied to this email, it would actually go to “f.marmol- @ -trendnet.com.” Red flag number one. This email is not from whom it pretends to be—looking at the “Received From:” header lines, we can see that this email was sent via a mail server with the domain name “reflexion.net,” which does not handle email for amazon.com. So.. off to the Junk folder with this one.

Change your habits

Once your email address has found its way into the spammer’s collections of people to annoy, it is virtually impossible to get yourself removed from these lists. In some cases, the abuse of an email account (especially one that has been active for several years) may lead to abandoning the account altogether.

As we often need to use an email account for practically everything we wish to do online these days, we suggest using “burner/free” email accounts to register with online services wherever possible. Use Google™ or Yahoo™, for example, and have them forward mail to your real account. That way, if your “burner” account starts attracting too much adverse mail, simply delete the account and set up a new one, leaving your genuine account spam-free.

In the final part of the series, we will explore ways to be proactive in the war against spam and how we can collaborate to rid the world of this scourge.

Until then, be vigilant and click safely!

Series Navigation<< SPAM – Part 2SPAM – Part 4 >>

2 Comments

  1. Lilyan

    Hi, Stewart,

    Although I personally have long time ago discovered how to handle these spams sent from pretending e-mail addresses (not sure about the moment when one day I will probably miss 🙂 ), your contribution is an excellent example of taking care of your customers.

    But why on the first place the e-mail transferring channels allow for a real e-mail address to be so easily masked: auto-confirm@nullamazon.com ?

    It was good to learn the trick of using the ‘burner’ e-mail account.

    Thanks and regards,
    Lilyan

    1. OPQsysAdmin

      Hi Lilyan,

      Thanks for your comments and encouraging words. The final part of the SPAM series should be out next week. This part explains how we can be more proactive in tackling the issue.

      As for the fake “Reply-To” address. There really is no way
      of using this as a blocking mechanism. The “Reply-To” header should be considered as nothing more than a tag or marker rather than the legitimate sender. There are legitimate uses for the ‘Reply-To’ being different from the actual sender, think of mailing list servers for example.

      Kind regards,

Please leave us a message

This is a shared package.

Contention ratio sharing: 4:1

Looking for dedicated, unshared Internet?

Contact us or

OPQ Support

This product requires an activation fee of

P1,400.00 excl.

Want to spread the cost? Select options from the

'Activation Fee' menu.

*N.B. An 8% handling charge is added for spreading set-up

costs over 2 months, and 10% for the 3-month option.

This product requires an activation fee of

P3,400.00 excl.

Want to spread the cost? Select options from the

'Activation Fee' menu.

*N.B. An 8% handling charge is added for spreading set-up

costs over 2 months, and 10% for the 3-month option.

This package requires a once-off installation of

P1,200.00 excl. VAT

Want to spread the cost? Select options from the

'Installation Fee' menu.

*N.B. An 8% handling charge is added for spreading set-up

costs over 2 months, and 10% for the 3-month option.