Browsers, E-mail, & Web Apps forum

General discussion

Are my efforts to fight SPAM/phishing emails fruitless?

Over the past couple of years I have dealt with SPAM by forwarding it to email addresses that I found online. Here in Canada it is spam@fightspam.gc.ca, and in the USA it is spam@uce.gov,

I am not sure where a lot of these SPAM and phishing emails come from as addresses are spoofed, as are recipients' addresses as well. I was wondering what actually happens when I submit an item, or in my case hundreds over the years. Is it even making a difference? Is this an exercise I should continue (forwarding the emails to the spam fighters) or would it be just as easy to just delete the item and continue to ignore them and save my time and effort?

PayPal and Apple are about the only companies that respond back to me (automatic message) when I submit messages to them. There are a few SPAM emails that I get that I can’t submit as the company does not have an address to forward spam emails to, they only have a form that you need to fill out to get a response. I would like to be able to forward them the emails as the email is obviously about brand name products to get your money and or supply counterfeit items in the process.

What happens when a foreign diplomat perishes and I get an offer to share untold millions? Does some authority just freeze that email account and the scammer has to create a new one to carry on with their less-than-honorable intentions?

My ISP does provide a pretty good SPAM filter, but on occasion, a legitimate email is flagged by mistake and there have been instances where a fraudulent email sneaks through. With these cases, I can flag the legitimate email as not a spam item and forward it to my ISP. The spam email that snuck through gets forwarded to the federal spam inbox.

I'd like to know what you all do, and tell me if my efforts to fight SPAM and phishing emails are fruitless? Or should I continue in hopes I am making a difference? Thank you.

--Submitted by Tracy W.

Post was last edited on February 24, 2017 4:49 PM PST

Discussion is locked
You are posting a reply to: Are my efforts to fight SPAM/phishing emails fruitless?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Are my efforts to fight SPAM/phishing emails fruitless?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
I've given up

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

I used to use Spamcop, back in the early days, when it made reporting spam to ISPs (to shut down zombies) and open mail servers (to lock down access) pretty automagic. A quick skim for false positives, click on "Check All" and then "Send." I don't remember if they also reported to any government agencies.

After they switched to pretty much just filtering, I dropped my subscription with them. Surprisingly, my personal email address has been getting very little spam over the last few years. I don't have any kind of filter on it, and I think I only get a half dozen a week.

My work email used to get a lot of spam. Our sales email address routinely had a coupla hundred on Monday mornings. We moved our server to Pair, where they have greylisting. That by itself knocked the spam load down by well over 90%. Most of the rest is handled by the Spamassassin filter.

As for the value of reporting to government agencies, it might help a teeny bit. They did arrest a few of the biggest spammers some time in the last year or two. I'm sure the forwarded emails helped make them aware of who were among the worst offenders. (BTW, you do "Forward as Attachment," correct? A simple "Forward" will not preserve the headers, which they need.)

So, my feeling is that, if you have a procedure laid out that makes it trivially easy to report the bulk of spam you have to deal with, then continue to do so. If you have to put forth very much effort or time at all, then it is probably not worth it.

Drake Christensen

Collapse -
"Forward as Attachment"

In reply to: I've given up

Thanks for the "forward" options info.

Collapse -
SP** is truly the scorge of the Internet

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

Unless someone else can conclusively prove different, it is my belief that you have already answered your own question :That is to say that reporting the spam you receive is truly an exercise in futility spammers quite often spoof addresses to make it appear as though it's coming from someone you know
and I once had to defend myself in court when an ex accused me of sending her a spam message. But, that's a story for another time... Anyway back to the question at hand: the reason spam continues to proliferate is it's relatively inexpensive to deploy and usually makes money for the senders. So by all means, if you feel satisfied when you report spam, have at it. Just know that reporting spam rarely results in any actual reductions to your inbox

Collapse -
I'm in agreement with

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

MightyDrakeC.
I used to do as you say you do but it became too much trouble. The wife still does something similar with junk mail. If on has a post paid envelope she fills it with all the other junk mail.
How ever on the email side I recieve very little spam. Most is caught by att/yahoo ( occasionally I go fish out the not spam ) and what it lets through my 2007 Outlook catches.

Collapse -
I don't know whether it does any good or not

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

I don't use spam filters (because of the high probability that a legitimate email will not get to me). I prefer to change my email address every few years and be careful who I give it to. I have an account with a free provider that I give out for general purposes. I would, though, forward anything that had to do with a potentially serious matter (such as banking) to the appropriate address simply because they need to know. I don't care what they do with the information. If they don't act and they get in some sort of trouble, then I have done my part and they have nobody to blame but themselves.

I have noticed that the addresses to forward such spam to are getting fewer and fewer. I suspect that the problem is just so big that they can't devote energy to pursuing every one. I would assume that all we are doing is alerting them to patterns. In other words, the lone spam mail probably doesn't receive much attention. However, if they get thousands of notices that a particular message is circulating, then they can take action of some sort. This seems reasonable to me.

Collapse -
There's nothing the banks can do

In reply to: I don't know whether it does any good or not

There's nothing that Apple nor the banks can do. The email never went through their systems. Whether simply spam, or phishing emails/websites, it's completely out of their control. The best they can do is educate their users.

About the only other thing they can do is try to register domain names that might be confused with their real address. For example, Chase might register "chasebank.com" and "chasethebank.com" etc. They might also register "chace.com" and "chade.com" and other common typos.

Collapse -
There is something that I have seen done

In reply to: There's nothing the banks can do

Occasionally, a bank or other entity will notify their customers that a certain spam email is making the rounds. How do you think that they find out about this? This might seem like "nothing" to you, but it can make a world of difference to the customers who don't respond because they were warned.

Collapse -
Yep. That's education

In reply to: There is something that I have seen done

Methinks that falls under "educate their users" which I mentioned.

Collapse -
Agreed

In reply to: Yep. That's education

Education is the best defense.

Collapse -
Yes it is.

In reply to: Agreed

Computer users are getting more savvy. But, so are the phishers. Gone are the days when you could necessarily spot one immediately from the bad grammar. The work of the graphics departments of big banks is getting pilfered (so there's intellectual property theft going on too).

Collapse -
Who to forward SPAM to

In reply to: There is something that I have seen done

When I get a phishing email, they are usually financial sites/banks. I forward those to abuse@theirdomainname.com .
That way, their security group knows about it and if necessary, will advise public relations to "educate the users". Off topic note - I forward big errors or things that need attention to webmaster@domainname.com, as that is the person in charge of those webpages.

Collapse -
Banks can do more!

In reply to: There's nothing the banks can do

I disagree that banks and other financial institutions and credit card issuers can't do more. I routinely send a complaining email when a bank legitimately sends an email that includes a link. They can just stop doing this! I've had personal contact with several credit unions that needed education about this. Of course you will not stop the big guys from this bad practice, but your local credit union or small bank might be persuaded to stop this practice. That would go a long way to stop phishing, if people could be told that ANY email with a link didn't come from their bank.

Collapse -
The link is the trick.

In reply to: Banks can do more!

In South Africa all our banks send explicit e-mails to the effect that they will NEVER ask for ANY information by e-mail. So, anything with a link is taken as phishing. Delete it immediately! Sight unseen. Banks do react, they can and did ask their server people to build filters. One of our banks was badly hit and by typing the information in mails we could identify the baddies by the type of content. Soon stopped.

Then there's the Duh? factor. Yours. Anything that causes you doing that is suspicious, again delete it. Teach yourself to recognize that reaction (What? Hey?) and react to it, not with the mouse, use the Delete button. That strips it completely.

Then BUILD FILTERS and folders. This will make your mail management much easier all round. Keep it up periodically, your mail will be no burden any longer. Quick recognition, quick sorts, quick responses to the business/relevant stuff. Leisure later.

Recognize the patterns and the key words in this kind of junk mail. Note notorious names and surnames. All of this filters into your Trash. Later on you can spin through Trash with the Delete button again. Seamonkey and Thunderbird will delete the next one down. Just do NOT go too fast! You may delete THAT one. Once you have deleted the last one down, it deletes UPwards.

Benefits.
Containment, Speed and the best one is finding that the stooges disappear of their own. No response from you. You do not see them in any case. The positive management work is definitely worth it.

Same goes for Windows phone calls. The key is being asked to switch on your computer. Immediately answer by saying you know this is a scam. Thank you, have a good day. Hang up. Nowadays they recognize my voice and put down themselves. Ten seconds?

Collapse -
Keep Up The Good Fight

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

Hi Tracy

Fighting cyber crime in the form of Spam and Phishing emails is never a waste of time. It’s just hard for the average person to know if their efforts make a real difference.

Tracy, if you have been using the same email address for years and are being flooded with Spam and Phishing emails (hundreds as you say) maybe it’s time to change your email address. Obviously, your current email address is compromised and the bad guy’s have your number.

I realize what I just suggested is easier said than done. Your current email address may be so intertwined with your personal and business life that changing it is tantamount to changing your name. However, sometimes we have to bite the bullet and move on for the greater good. Change is never easy; but in some instances very necessary.

That being said I don’t have a lot of advice to offer as to whether or not your efforts of forwarding Spam and Phishing emails to a 3rd party or government agency does any good. I do suspect that the number of emails received by the agencies you mentioned is daunting. Most likely; depending upon the algorithm used, only the most severe are investigated. I would also imagine there is a threshold where after X number of complaints are received against an identifiable organization an investigation may be triggered.

Companies like Apple and PayPal take Spam and Phishing emails more seriously because it involves their brand which if left unchecked would result in loss revenues. I’m not saying they don’t care about the consumer but big business is all about the bottom-line and profitability. I hope that didn’t come across as being too overtly cynical.

FYI, I had to report Apple to the Better Business Bureau (BBB) over $25 to get them to do the right thing. I’m still a big user of Apple products and services but business is business. I assume there’s a similar consumer advocate organization like the BBB in Canada which may be another option to fight Spam and Phishing emails.

What can you do…

As I said at the beginning you can change your email address.

Stop relying heavily on your ISP to filter emails. Supplement it by investing in a good 3rd party Internet Security package (software). Using a product like Norton, McAfee, Kaspersky and the like typically come with an email protection client/module. You can set the program to recognize specific addresses to block and/or place them in quarantine.

Don’t double click an email to read it. Especially one from which you don’t recognize the source. Use the reading/preview pane. Expanding an email (if Spam/Phishing) can trigger malware to send back confirmation that it reached a legitimate address.

Ask your friends and relatives not to include your email address in group distributions for the joke of the day being sent to people they know, but you don’t. Eventually (unknown to you) your email address will end up where you don’t want it to be.

Don’t sign-up for free trials of “whatever” just because they say they won’t distribute your personal information to others (like your email address).

Lock down your personal information on social media accounts.

Limit who you allow to see your profile and friend you. Most certainly don’t allow friends of friends to friend you. Your person information (and email) can end up all over the world.

Tracy, I hope this and other information provided by the members helps you to alleviate some of your frustration with Spam and Phishing emails. Good Luck and Safe Computing!

Together Everyone Achieves More = TEAM

Collapse -
I'm not sure whether it does any good...

In reply to: Keep Up The Good Fight

...for an individual unwanted message but I imagine most of the companies that offer a report address will have some kind of analysis system that looks for trends and then act when a threshold is triggered.

If you do forward a message for investigation, remember to check the "All Headers" option (in the view menu in Thunderbird, not sure about other clients). This will show the route the message took and may be more useful to investigators.

That said, the best safeguard is your ISP's spam filter - I had just four spam/phishing emails get through last year and no false positives (yes, I track them - is that sad?!) and that on an email address I've had for 20 years.

And, as you clearly do, the final safeguard is to be alert yourself. Realistically, I think this plague will be with us forever.

Collapse -
Fighting SPAM is difficult

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

I use MailWasher Pro. It lets me know when my mail server has email ready for me to download. I open up MailWasher Pro to look at headers. it is obvious if any messages are SPAM; if it is a new site, I click on Blacklist, or it might already be blacklisted. I click on Wash Mail and the SPAM messages are deleted off the server and only good messages are allowed to be downloaded to my PC. This method does work. You can check out the application at: http://www.firetrust.com

Collapse -
How Southwest Airlines would handle it

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

I'm reminded of an experience I had 20 years ago with Southwest Airlines. After waiting on the phone several minutes to make a reservation (long before you could do it online), a voice came on saying "If you have been waiting more than 3 minutes, press the 7 key". After a short pause "It won't do any good, but you'll feel much better."

Collapse -
Yes, take the time do something about them.

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

Your question and many of the replies do not distinguish a difference between SPAM and Phishing. They are quite different and I believe there has been great strides in reducing the amount of both on the internet. SPAM is irritating, starting off with "Hi, honey..." or "I thought you might like this..." and the moment you respond they forever have your email. These come from bulk mailings and my ISP (Comcast/Apple) shutdown bulk mailings pretty well. I don't get much SPAM on Mac Mail and Mail tells me if the email is from a bulk mailer.

Phishing emails are fraudulent. It's an email that attempts to impersonate a website you "might" be familiar with to extract login information. A couple of months ago I signed up for a LinkedIN account and filled out a profile - dumb. The next day I got a very expertly crafted email that looked like it came from Schwab asking for information. The header gave it away in that it passed through LInkedIN. I deleted my LinkedIN account because I do not want any institution passing on financial information. My point is I expect my financial institutions to take Phishing seriously and I believe they do. They have the resources to track the bad guys down and cut them off. Regardless I DO NOT CLICK on any links in emails I receive from my critical websites. Get religious about not clicking on links within emails you receive.

I take the time to pass on Phishing emails to my affected organization. As you pointed out they don't always take or say they want to have you send them Phishing emails, but those that do I reward them by maintaining my association with them (Fidelity and Schwab are the best). SPAM I don't bother with except business organizations that you sign up for. I can handle their sales emails weekly/monthly, but daily-no way.

Lastly, you can do something about it all. Start over, get a new email.

Collapse -
It Came with the Spread of the Internet in the 1990's

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

When the Internet was in its early stages (DarpaNet) it was only the military and the government and industrial complex that used the Internet. After all, very few desktop computers existed (I had to hook a mainframe computer to the Internet and SMTP (email) was more like a non-graphic test message.
With the widespread use of the ISP concept and desktop computers, everyone looks at this "NEW" Internet as a way to make money. I had an argument with some kid back in the 90s who was saying "The Internet is Free!" over and over. I asked how he connected to the ISP and he admitted that his parents were paying for that. Not adding up that if his parents are paying like $40/month, that means less money going towards him. So what does this have to do with it?
Spam is a way that many can lure you to a web site where you become "click bait". That is, you get to see advertisements that make money for those providing the free web page. Even Cnet. Did you pay anything for this experience? Yes, they are getting money. Lee Koo gets paid. In fact, to sit here and type this reply to you, Ghostery tells me that I had to visit 32 tracker websites.. In terms of SPAM, spam goes hand-in-hand with the overall concept of people making money off of the Internet. And you (as well as everyone else) is part of that. Could Cnet afford to pay someone as talented as Mr. Koo without making money? Of course not. Google services all seem to be free-of-charge to most who use them. But the Internet equipment alone must cost a fortune to them and they are a multi-billion dollar company.
Spam has couple of purposes. First, it is a form of advertising hoping to make money for both the advertiser and the sponsored product company. There is also a dark side: Spam is a delivery method for malware. In the old days, someone who made malware would be doing it to get themselves 15 minutes of fame in terms of headlines. They can tell their grandchildren: "I did that!". Even a piece of malware that wiped your hard drive was nothing more than a nuisance (provided you had complete and current backups). Today, that all has changed. It's all about the MONEY! If they can send you spam that will get you to click on a link where you are downloading a payload or revealing a user name and password, they make money while you (and/or your financial organization but, ultimately YOU) loses money. As long as this continues to work out for the bad guys, they will continue to send out spam.

How to fight it

Some will argue that you can't fight it. Well, you may not "win" but you can put up a fight. First, my email address is really a re-mailer (pobox.com). In addition to hiding my TRUE email address (that is, my ISP), they provide different levels of spam protection and send me a summary of what they did. That way, I can check for the infrequent mistake and get a feel for what and how much bad stuff is out there. In addition, my anti-malware solution has an anti-spam mechanism built in. There is also one associated with my email program.
None of all this is perfect. Nothing ever is, but it filters out the bulk of what I don't want to see. You also have to pay attention as you alone know what kind of mail you want and expect. Anything outside of that, I just hit "delete". It's a pain in the you know what but, a single mistake can cost you. And it's not just YOU the consumer. It's also YOU the company employee. Trojans can come wrapped in very pretty email ("Oh, look, a cute cat video..."). How that snuck past the hardware and software solutions of where I used to work, amazes me.
Some, I agree with most. You will NEVER completely get rid of spam but through the use of online remailer spam filters, hardware and software that you employ, you can reduce the quantity. These things will never replace your good eye in keeping you safe.

Howie

Collapse -
Howie, I'm sure spammers make a heck of a lot MORE money...

In reply to: It Came with the Spread of the Internet in the 1990's

than I do. I'd do it, but I like to think I have good moral and I like to go to sleep with a clean conscience. Happy Ads on our site, that's what keeps CNET and sites like us running. Unfortunately, there is no such thing as free lunch, ever.

Phishing email while spammed are a different breed, as member Tkirsch brings up, these are not advertisement rather ones with malicious/criminal intent. These shouldn't be deleted but reported to the businesses and organizations. In good faith those businesses will notify their customers and let them know it is happening.

Post was last edited on March 3, 2017 5:28 PM PST

Collapse -
Agree But

In reply to: Howie, I'm sure spammers make a heck of a lot MORE money...

The definition of Spam used to be, any email that you don't want. I am well aware of "there ain't no such thing as a free lunch" and have argued that there is no such thing as a free (of charge) Internet. So I am write with you there. CNET provides great information and, without ad revenues, you guys wouldn't exist. But there are things some people don't agree with. One are ads that are actually "trackers" that gather data about us (note I did not say anything about legality with this either) and SPAM that may come from web sessions where users have not agreed to have their information given to other organizations. Here is a dilemma that just happened to me just as an example:
I belong to a sports organization that also maintains certifications and licenses. They recently implemented "digital certifications" through a third party website. The organization I belonged to GAVE complete contact information of all of their members to this third-party without permission of any kind of the members. The third party has a privacy policy I can't live with including the right to freely distribute all of that information. Since I had been working in government criminal justice systems (and may start working in government HIPAA systems), this information should be secure. It is the same reason I refuse to use any Google services due to lack of government compliance on their part. I asked both parties to remove me but none of the members have agreed to have any of the information on that site.
With ads, we are seeing that you guys have revenue coming in from the ads, but these same ads contain links to trackers and, in many cases, I have noticed spam (advertising is spam if you never agreed to receive it) that I could trace back to ads. Nothing concrete on CNET, but on other sites.
Still, I'm not complaining about ads on CNET but I've very leery of "trackers". I agree with what you said but spam is a lot more than phishing which is a form of malware. So we could be talking about straight phishing/malware or we could be talking about unwanted emails (spam) which fills up our inboxes with junk. CNET, well I apologize. I was more or less pointing out that advertising runs the Internet.

Collapse -
Cat + mouse

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

This stuff is like robo-calls.
As soon as the blockers catch up with the phone number they change their number and continue on.

Best thing to do with spam is just delete it.
Don't open it, don't forward it, don't do anything with it other than delete it.
You or your isp can setup a spam filter but if the filter is too tight it will block legit stuff.
If your trying to achieve zero spam I wish you luck with that.

Collapse -
just leave email online

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

imo, most wars fighting spam and phishing emails is a waste of time. When I used to download my emails using outlook or thunderbird, I would use mailwasher pro. It was one of the few utilities I actually purchased. It worked great identifying spam and it kept a database of known spammers. when you reported your spam, it kept that database updated. Now most of the email services does the same thing.

I no longer download my emails. I read them online. my rules are to never open spam emails, to always move it to the spam folder and to never bounce it or unsubscribe unless it is someone I generally trust like amazon. I have been known to forward spam to customer service of the company it is coming from. it seems some of them don't like it when you forward it to them.

Collapse -
Excellent, good and simple..

In reply to: just leave email online

Good advice.

Collapse -
Yes, Good Example

In reply to: just leave email online

One of the things to pay attention, though, is that many times the "FROM:" address is spoofed. That is, not real. I can send you an email and make it appear that it came from someone on Mars. The "from:" field is never validated. So, with the right piece of software or just using the command line and telnet, anyone can send out mail and have it look like someone else sent it. Unfortunately, that is the way TCP/IP was designed and they really can't change that.

Collapse -
I've been the recipient of misguided rants

In reply to: Yes, Good Example

Spam software puts in random email addresses into the return address. A coupla times my email address has ended up in the return address of thousands of spam messages. In addition to hundreds of bounces and AOL TOS warnings (Terms Of Service), I also received a coupla dozen angry emails. I pointed them at Wikipedia's entry on Joe Jobs.

Collapse -
Malware

In reply to: I've been the recipient of misguided rants

One of the things that used to happen and continues to this day is that someone (NOT necessarily you) will have malware on his or her computer. This malware will intercept an email with a list of To: or CC: or From: people (email addresses) and then it will send out spam (either from the computer or by upload to some site) to all of the email addresses on this list and, for the "FROM: address", it will simply pick one of the addresses that it obtained so it looks like YOU are the sender and YOU are the reply-to: address even if you've had nothing to do with it. How do you avoid this?
You may not be able to do but it is a good idea to notify all of the people that you know that SOMEONE, in the group, may have malware on their computer and they should scan with a respectable malware scanning software. Some people don't use one because they think they only go to safe places, like my boss, who brings a laptop into the office, plugs it into the network and causes an estimated $10 million in damage.
All you can really do is to write back to the "complainers" and suggest that ONE of them (at least) may have a virus/malware on their system. I would also suggest checking your system carefully. Most of the malware that does this to you is pretty old as in late 1990s.
I feel for you as its happened to many of us. We have to look at several things here related to email: SPAM, Phishing and other malware.

Collapse -
Deep six the rogue messages

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

Check the sender's email address. If the name says Bill Gates, but the email address has a suffix from a foreign country (sa, ru, eu, etc), block the sender or just delete it without opening it and without clicking on any links in it. This is not a joke. I did receive an email from Bill Gates, it was not THE BILL GATES we all know. Never heard from him again!.

Hope this helps.

Collapse -
Phishing

In reply to: Are my efforts to fight SPAM/phishing emails fruitless?

Some companies like Apple have a specific address to forward phishing mail.
reportphishing@apple.com
BofA has a site as well, abuse@bankofamerica.com.

Collapse -
Recommended report site

In reply to: Phishing

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.