Why it’s happening
- When we sign up for web sites we effectively give them permission to use our email. These companies may sell your email address to other companies who will in turn send you spam.
- Whenever there is a data breach on a website where you have subscribed to something, email addresses can be repeatedly sold to other spammers. You can check if your email has been been in a breach here: https://haveibeenpwned.com
- Spammers use mechanisms that allow their emails to go through the spam filter. They will use valid email addresses such as a @gmail account, create look-alike domains that will look like a legitimate company, or even spoof your own email address because many people whitelist their own address.
- Because of AI, spammers and phishers can very quickly create mass campaigns. Previously, spam was often easily spotted because of bad grammar and lack of personalization (goodbye Nigerian prince). Now, spammers use artificial intelligence to make spam and phishing more convincing, and they use social media, online behavior and public information to generate personalized campaigns. The result is that we are bombarded with spam.
What you can do
- Use the spam filter. Anything you report as spam will be moved to your Spam folder.
- Automatically reject messages by adding email addresses and domains to your blocked senders list. Runbox will automatically move these messages to your Spam folder.
- Opt out of emails from legitimate sites when you can. This might minimize the amount of emails you get. Unsubscribe from mailing lists, although it could be that they’ve already sold your email address to other companies who then send you lots of spam.
- Do not respond to spam emails. Don’t click on any links. Don’t try to unsubscribe from obvious spam because clicking any links will validate your email address to the spammers. If an email looks like it’s from your bank or some other institution, don’t use the links in that email but go directly to their website by entering their domain name into the browser and only log in when you’re certain it is safe to enter your password. Read more about spam and phishing.
- Keep separate email addresses for personal and online use. Only use your online email address when you sign up for things. Anything you do online, use that email. Save your “real” email address for personal and business emails. You might even want to start from scratch if you’ve been getting a lot of spam. You can create aliases and sub-accounts for personal and online use, and even use plus-addressing to more easily filter spam away from legitimate email.
What we are doing
Internet Service Providers (ISP) and email providers used to be really good at blocking spam emails. It’s not that our spam filters have gotten worse at blocking spam, the problem is that spammers have gotten a lot better, especially with the use of AI.
Runbox uses the popular SpamAssassin spam filter system which works to assess and filter spam by analyzing each email using over 700 tests. Each email is given a score value to assess how spammy it is. The test scores can be positive or negative, with a positive value indicating spam, and negative value indicating non-spam. A global score system indicates the probability that a message is spam. You can delve into all the fun details here and here.
We don’t like spam either, and we are working hard to improve the spam filter rules and the way spam is filtered. We have recently upgraded SpamAssassin across our service and are evaluating the various tests to ensure they are working properly. In addition, we are enabling a trainable filtering component in SpamAssassin that should improve the situation further.
For more in-dept discussion on spam and phishing, including do’s and don’ts, see this post: What is spam, and how to avoid it
Keep in touch via our chat community or check status updates.
Stay tuned!