Understanding the various ways spam can infiltrate your inbox is crucial for addressing the root cause and preventing it in the future.
Below, you'll find the most common methods spammers use to reach your account, including effective strategies to combat them.
Spam filtering is disabled, or not strict enough
The first thing to check is to ensure that a spam filter is enabled for your mailboxes and set to an appropriate score.
For full instructions on enabling and configuring the spam filter on your account please see - How do I set up spam filtering on my account?
Email Spoofing
This generally manifests as you receiving an email from yourself (your name/email address in the From field) but you know you never sent the message.
To spot if a mail is spoofed, when you mouse over the From address in your email client it should reveal the actual email address the mail was sent from.
Email spoofing is a fraudulent activity where the sender's email address and other parts of the email header are forged to appear as though the email is coming from a different source. This technique is often used in phishing attacks to deceive recipients into revealing sensitive information, such as passwords or credit card numbers, by masquerading as a legitimate entity. Spoofed emails are also used to spread malware or cause reputational damage.
To combat email spoofing you can enable SPF/DKIM/DMARC authentication for your domain.
Contact form spam
Spammers will attempt to use the contact forms set up on your website to leave malicious comments on the site or attempt to bulk email targets by hijacking the auto-reply emails sent from your legitimate email account e.g. "We have received your request below" which can include a malicious link etc. entered by them on the form.
This type of spam will generally have an obvious subject line such as "New Entry from Contact Form" etc. or the content/body of the email will follow the formatting of your contact forms.
As the email is being generated "locally" on your site the mail will not be filtered by normal spam filters (as they would only run on external mail arriving to the server), you will need to update your contact forms to include some form of bot protection, such as adding a question that needs to be answered or adding a CAPTCHA form to your site/forms.
Using your email to sign up for random websites/newsletters
Often, websites will prompt the user to enter their email address to receive marketing emails
Entering your email addresses into these websites can result in your email address being spammed with emails from that website's services or worse if your information gets leaked as part of a data breach. (Even if you requested them not to contact you)
For this reason, we recommend providing websites with as little personal information as possible.
Hacked email
If you are receiving a large amount of bouncebacks ("Mail Delivery Failed" in the subject line) without you actually sending mail from your account, your email account has potentially been hacked and is being used to send large amounts of spam. This is typically the result of a compromised password.
If this happens, you need to change your email address password to stop the illegitimate access.
For more information on spam filtering and customising your settings please see our other KB articles on Spam Filtering
If you require further information/assistance on this, please Open a Ticket and a team member will be happy to assist further.