Friday, September 25, 2009

How email service providers tag spam

As a former technical support representative for two big Internet Service Providers (ISPs) in the United States, I have come to understand how their mail servers work in reducing spam. Of course, the one I would like to discuss is just the basic manner of recognizing spam. Providers may have other means of identifying spam.

First: For definition, we will work on "spam" as unsolicited email--be it business, advocacy or commercial email. I will not talk about IM spam or SMS spam or gaming spam. I will discuss spamming in emails.

Spam identification is the key to spam reduction, so ISPs actually focus on that aspect. As soon as they determine that an email is spam, what they do with that spam is just a matter of creativity on the email address owner or the email service provider.

There are two key strategies in spam identification: Keyword monitoring and Spam tagging.

Keyword monitoring is (of course) monitoring key words in the email's subject line. Based on the ISP's pre-studied list of words that are most likely to contain spam, ISPs control the distribution of messages that have these words. Instead of going to the recipients' Inbox, they go to the Junk or Bulk mail folder.

This means that if you send email with words such as "tits" or "dicks" in your email, this will probably be sent to the Spam folder of the recipient if the email server has that approach in spam detection.

While this seems logical, the downside of this is not supported by certain groups as this same rule may be applied to the words such as "breasts" or "penis" which may be required in medical professions. Useful emails may be forwarded to the spam folder without knowledge of the recipient (obviously) even though they intend to receive it.

Spam tagging refers to the use of the "Report Spam" or "This is spam" feature of your email service provider to report that the email you are reading is actually a spam. Most of the email service providers have this feature, but the level of effect of the feature varies.

With this feature, what happens usually is that the email you use is transferred to your Spam folder. What you may not know, however, is that what you actually do is not just tag the email as spam, but tag the sender as a spammer.

This indicates that if a certain number of users tag that email sender as a spammer, the email server of the recipient will automatically tag it as spam, resulting to the future emails of that sender to be forwarded to the Spam folder, even for other receivers.

Spam identification focus on two parts of the communication model: the message (Email subject line)b and the sender (Email sender / address), with the channel (email service provider) processing also the setting of rules in spam identification.

The implication of these technologies is simply discretionary use of spam identification. Spam costs a lot of money for organizations as they have to deal with wasted resources (bandwidth) and time (for deleting spam), not to mention privacy and other security issues, so proper identification of spam is really useful. On other hand, be careful with tagging an email as "spam" if you are in an organization where the sender is sending relevant information that only you do not appreciate receiving. You may be costing the inconvenience not just to the sender but to the other recipients.

Resolution for recipients who have discovered they have received an email but it is in the Spam folder when it is actually not spam:
  1. Use the "Unmark as spam" or similar feature
  2. Add the recipient's email address to your address book. This adds a rule to your email that the sender is a valid contact.


  1. I keep getting a response on my website in an inquiry box from a barney182@hotmail there is no attached question just the address repeated. My spam filter identifies it as 50% chance of you recognize this email? I'm trying to sell a house but don't want to infect my contact info and website. thanks

  2. that email address shows up on my server logs too. I can tell by the data collected it is a robot account used to find vulnerabilities to attack in your forms