There was a time in the Noughties where it looked as if email’s days might be numbered.
Between 2003 and 2015, the majority of emails sent worldwide were spam. And in July 2010, an astonishing 225 billion spam emails were being sent on a daily basis.
Such figures could have killed email as a concept. Fortunately, consumers didn’t lose their appreciation for electronic messages, particularly in the business community.
As a result, Internet Service Providers and email companies were forced to become more adept at providing protection against spam.
The relative purity of most consumer inboxes is testament to their efforts.
And while their processes aren’t fool proof – the odd malicious message still slips through the net – these are some of the ways ISPs and email hosts keep spam out of our inboxes…
Sender blacklists. Huge volumes of spam may originate from a single person or computer.
A now-deceased Russian hacker was claimed to have spammed every single person in the country.
And companies sometimes specialise in distributing huge volumes of junk mail, making healthy profits on the tiny percentage of recipients who respond or engage with these emails.
ISPs and email providers can often identify the source of bulk mail traffic, from unique data including Internet Protocol addresses.
In some cases, they scan email traffic as it leaves a device or network, blocking suspected spam before it enters cyberspace.
The percentage of legitimate messages sent from each email account establishes what’s known as a sender reputation.
Even legitimate firms might find themselves being blacklisted by specialist companies like Spamhaus or Barracuda, if more than a handful of spam complaints are filed against them.
Normally, the owners of these blacklists will whitelist companies able to prove they’re delivering a genuine service.
However, this can’t be taken for granted, since these firms exist purely to provide consumer protection against spam. Once suspected, you’re guilty until proven innocent.
Rule-based filtering. Given spam’s ubiquity over the last two decades, some kinds of message have become very familiar.
There are 419 scams – badly-written emails from wealthy foreigners asking for help unlocking their fortunes – Viagra deals, and promises of cheap Rolexes.
ISPs and email hosts have developed sophisticated algorithms which scan incoming messages for potentially spammy content, pre-emptively blocking anything suspicious.
Dubious messages will be delivered into a dedicated Junk or Spam folder, while those known to be spam will never make it to the recipient’s inbox.
Common methods of identifying spam include large volumes of recipients for a single email, and the use of words or phrases associated with previous spam.
This explains a brief trend for words being spelled with numbers – V1agra and R0lex, for instance. ISPs quickly wised up to this, and such techniques no longer work.
Attachment scanners. While spam and malware are two very different entities, there is a degree of crossover. Both may be sent with unwholesome attachments, most commonly .docx or .pdf files.
Gateway filters established by ISPs examine attachments for potentially malicious content, like the presence of macros.
If they’re unsure, they might quarantine the attachment until the user verifies it. If they’re confident it’s spam, it will generally be permanently deleted.
Machine learning. This tends to happen in the recipient’s inbox, when they label an incoming message as Spam, Junk or Not Spam/Junk.
Every time a selection is made, an algorithm is updated to recognise future messages with shared characteristics.
This is a rare example of ISPs and email providers basing protection against spam on information provided by end users, rather than on their own algorithms and expertise.