Spam is not just annoying, it can be harmful.

While we all know the frustration of sifting through mass, unsolicited commercial emails (also known as junk mail), there are individuals out there who take it a step further:

• Some send spam containing viruses, putting your computer at risk of ransomware attacks,
• Others try to trick you into revealing your usernames and passwords for financial websites through phishing attempts.
• And the list goes on.

The purpose of this article is threefold:

1. To help you understand what spam is and how it originates.
2. To provide you with basic safety measures to deal with spam on a daily basis, avoiding the hassle of receiving junk mail or falling victim to fraud.
3. To give businesses essential information on how to market their products or services without crossing the line into spam territory and violating the CAN SPAM ACT law.

Defining Spam & Its Origins

According to the government:

spam is defined as the sending of unsolicited emails to a large number of recipients via the internet.

While spam is often associated with commercial emails sent by businesses trying to boost sales or website traffic, the term "spam" actually refers to:

any mass email sent without the recipients' consent.

Before we discuss how to eliminate spam and unwanted junk mail, it's important to understand how spam typically originates. Here are a few common methods:

Bad Business Practices

Some businesses collect email addresses as part of their regular operations.

While most of these businesses are legitimate and don't engage in unsolicited spam, there are also illegitimate businesses that sell customer lists for spam, junk mail, and unwanted phone calls.

Computerized Random Address Generation

There are computer programs known as random address generators that create email addresses using dictionary words, phrases, and standard names and configurations. With millions of email addresses available, finding a working one isn't too difficult.

These programs also target typical addresses like:

• support@ yourcompany.com,
• sales@ yourcompany.com,
• accounting@ yourcompany.com,
• and so on.

Spiders

Major search engines use spiders or bots to crawl the web and gather information about each page. Some computer programs also crawl the web, specifically looking for email addresses.

If a website publicly lists an email address, these spiders will index it and potentially use it for spam purposes.

Protecting Yourself from Spam

While it's impossible to completely eliminate all spam (unless you get rid of your email account altogether), there are several steps you can take to minimize its impact:

• Be cautious about sharing your email address with just anyone. Make sure the business or person is reputable and check their Privacy Policy to ensure they won't misuse your email.
• Check if your email client or service offers spam filters, whitelists, and blacklists. These features allow you to block specific email addresses or domains (blacklist) and specify certain email addresses to always allow through (whitelist).
• Take advantage of email client rules. These rules allow you to determine how emails containing specific terms or phrases should be handled, whether they go to your inbox, junk folder, or get deleted immediately.
• Consider creating a separate email account for friends, family, and important correspondence. Only share this account with trusted sources. Use another free account for newsletters, chat rooms, and other less important communications.
• Both Apple and Google have similar services called Hide My Email; both of which allow you to provide an on-demand, unique email address when signing up for services that is only for that site, and can be canceled and deleted at anytime to avoid spam.

When all else fails, remember that the delete key is your friend. Emails from unknown senders are likely not worth opening and could potentially be spam. It's safest to mark them as junk or spam and delete them to avoid phishing attempts or virus attacks.

Businesses & CAN SPAM Act Compliance

Understanding the CAN SPAM Act is crucial for successful marketing in today's world.

• The CAN SPAM Act doesn't prohibit businesses from sending commercial emails to clients and potential prospects.
• However, it does establish guidelines that must be followed to stay in compliance and avoid severe penalties.
• This law applies not only to business-to-consumer emails but also to business-to-business emails.
• ANY email sent for commercial advertising or promotional purposes must adhere to the following guidelines, not just bulk emails.

Violations of this law can result in penalties up to $16,000 for EACH email in violation of this law.

This law does not cover transactional or relationship emails.

Transactional or relationship emails are defined as emails with the primary purpose of facilitating or confirming commercial transactions that the recipient as already agreed to.

This can include receipts, warranties, recalls, safety, security, change in terms, and so on.

Transactional and relationship emails are exempt from this law so long as there is nothing false or misleading.

If there is any mention of advertising or promotional services within the email, then the email may fall under the CAN SPAM Act and must follow these requirements:

Email Requirements

All commercial emails MUST include the following:

1. Accurate header information: The From, To, Reply-To, and related routing information must clearly identify the sender's domain and email address.
2. Non-deceptive subject lines: The subject line must accurately reflect the content of the email.
3. Clear advertisement disclosure: The email must clearly and conspicuously identify itself as an advertisement.
4. Sender's location: The email must provide a physical postal address, which can be the business's actual address, a P.O. box, or a private mailbox registered with a commercial mail receiving agency.
5. Opt-out instructions: The email must explain how recipients can easily opt out of receiving future emails from the business. These instructions should be clear and easy to understand, without any unreasonable requirements.
6. Timely processing of opt-out requests: Opt-out mechanisms must be able to process requests for at least 30 days after the email is sent. All opt-out requests must be processed within 10 days of receipt. Businesses cannot charge fees for opting out or require additional personally identifying information beyond an email address.
7. Accountability for third-party emails: Businesses are legally responsible for any emails sent on their behalf by others, such as contracted advertising agencies. Both companies can be held liable for non-compliance.

By following these guidelines, businesses can ensure compliance with the law and improve recipients' understanding of the emails they receive, increasing the chances of a positive response.

Technical Requirements

In addition to the email requirements mentioned above, there are technical measures businesses can take to prevent their emails from being marked as spam or rejected by receiving email servers:

DKIM (DomainKeys Identified Mail)

DKIM is an email authentication method that helps prevent spoofing and phishing attempts. Receiving email servers can use DKIM to verify that an email was indeed sent from a specific domain and authorized.

For example, historically many hackers attempted to send phishing emails to users pretending to be PayPal, in an effort to get recipients to follow a fake link and enter their PayPal username and password, which the hackers would then steal and use to break into the user's real PayPal account.

However, with DKIM, a receiving email server will see that the DKIM is non-existent, or does not match that of PayPal.com's. Hence this will mark it as potential spam, thus alerting the user to potential fraud.

SPF Record (Sender Policy Framework)

SPF records specify which domains, mail servers, and IP addresses are authorized to send email on behalf of a domain. This helps prevent spoofing attempts from external sources trying to send spam with a forged "From" address.

DMARC Record (Domain-based Message Authentication, Reporting, and Conformance)

DMARC records define how strictly DMARC should check messages, and the recommended actions for the receiving server, when it gets messages that fail authentication checks.

In Summary

Following these guidelines, consumers can avoid unwanted spam, while businesses can ensure compliance with marketing and advertising laws. Email remains a powerful marketing tool, but it requires common sense, safety measures, and adherence to regulations to avoid negative consequences.