Our mail servers are integrated with a number of spam filtering services:. eg SpamCop, SpamHaus, Abusix, SpamAssassin, and more. These services block so much spam from your inbox, so the spam you do get is just a drop in the ocean of the spam that is blocked from your inbox. We desire to block as much spam as we can, but we also do not want to block legitimate email.
This help file will attempt to answer this question with some context of the issues.
It is very hard to determine what spam is. We have thousands of customers, who each have multiple inboxes. Each person may subscribe to weird and interesting mailing lists. Chemists legitimately want to know about new medications. Fashion stores want to know about the latest sun glasses. Vets and animal breeders use all sorts of language that are legitimate in their industry, but not to all mail recipients. It's not easy for a mail server to tell the difference between when you enter your email address to a new mailing list, or if someone has copied your email address onto their mailing list without your permission.
The easiest spam to block, is when email is sent from servers that are not authorised to send for a domain name. eg if the SPF, DMARC or DKIM rules do not validate, then we can easily block that email as fraudulent.
The next step is to consider if the email was sent from a known IP address that many people have flagged is spam. We use services such as SpamCop, SpamHaus, Abusix for this purpose. We simply block all email that comes from IP address on the blacklists.
The much harder job is completed by SpamAssassin, that looks at the content of an email, and attempts to determine if an email is spam, simply based on what it says. This is where we need to be very careful, that we block email that has a high spam score, but never to block legitimate email.
Some spam is sent via legitimate mail services like mailchimp, campaign monitor, mailerlite etc, but from less reputable users of those services. They upload mailing lists, then spam hard, until their account is frozen. It is very difficult for any spam filter to identify when you receive an unwanted email from one of these providers, versus, receiving a wanted email from some other weird and interesting source.
It's likely that your email address is listed on the contact page of your website. Robots find email addresses and harvest them. It's good to have your email address visible to your customers, but the downside, is both spammers, and even cold calling sales reps will make use of that.
Hackers sometimes gain access to the mailing list from legitimate businesses to whom you once subscribed (or unsubscribed). Once your email address is in the hands of a hacker, or spammer, its likely those lists are sold or shared with other spammers.
Another way is when one of your friends computers get hacked. The hacker gains access to your email address by that means. The hacker may even attempt to contact you via your friends email, using their computer, and therefore, it would be hard for us to identify that email as spam.
If spammers are sending email to addresses you never use?
Typically these emails will be sent to a list of common first names or departments prefixed to @yours-and-every-one-elses-domain name.
Solution: Under Domains & Email > Domain Name > Email, delete the blank "catch all" email address and specify only the email addresses you use in the forwarding rules area. And only use specific email addresses. Any email address that is not allowed for will bouce back to the sender as undelivered.
They're probably not accessing your email account at all. Anyone can send an email to anyone using any reply/from address. Mail servers tend to send an undelivered report trying to be helpful. Unfortunately, these will all bounce back to you, if the spammer used your outbound address?
Sometimes the issue is that your mailbox was hacked. This happens when you did not use a complex password. The best thing you can do to fix this, is to quickly change your password. Use a password manager service like LastPass, that will create long and complex passwords, that are not easy for hackers to guess.
Probably not, but one of your friends may have. What the viruses do once they've infected any computer is to look at the address book. They will then send emails from everyone to everyone. Since many people have the same friends, then there is no reason that you or the person the email was sent to/from is the infected person. It could be any other person who you both know in common. This error is less likely to occur if you keep your security up to date on your computer, or if you use a web based email program
I Still Get Too Much Spam
The problem is that once you start getting spam, you will keep getting it.
If the email looks like it was sent through a reputable mail service, then please use the unsubscribe links to remove yourself from the mailing lists. Unsubscribing doesn't just clean your future inbox, this also helps mail providers identify when they have spam accounts that need to be shutdown.
If the email does not have a functional unsubscribe link, do not respond to them. Responding may cause you more grief.
Purchase your email service from a professional email service like Microsoft365 or Google Workspace . Such services will cost about US$8 per month per user, but as industry leaders, they have a focus on cutting edge techniques to reduce spam. One of the key features those providers have, is that they consider your "contact list" when deciding what is and is not spam. Professional spam filtering providers may also offer you the ability to have custom rules per user.