BLOG

About spam

In these days and this era, it is not inaccurate to state that we have started shifting the focus of what we value—both individually and in groups. From tangible things such as gold and land, to harder-to-manage concepts such as time and information. As we fail to extend time and struggle to gather as much information as possible, we risk wasting large amounts of it filtering through the information channels we have opened—trying to identify what is relevant, what is new and, most importantly, what is reliable and true.

The term spam, or unsolicited mail, is well understood by everyone. Its existence and our inability to fully shield ourselves against it are equally accepted among everyone who holds an email account and uses it to reach out and be contacted by others.

There are, nevertheless, a few simple measures we can apply in order to reduce the daily effort of filtering through spam, while ensuring nothing important is dismissed and, most importantly, increasing protection against scams and fraudulent schemes.

At , we have implemented our own mechanism. It is probably overkill for most people, but it has proven so reliable for so many years that we decided it was worth writing these lines to present the scenario we challenged ourselves with and the solution we reached. In over 20 years of experience, and hundreds of third-party entities with whom we established contact, there has never been a case where a fraudulent email bypassed our system.

Let’s say we have an email account: wowbagger@gmail.com.
Our first instinct is to share this address with our family and friends, so we can discuss menus for Christmas and so on.
We sign a contract with a power company, water supplier, and other household or business service providers. We want to receive invoices by email, so we share the same address with these companies.
Our online games and multiple social networks also require an email address. Again, we register with the same one.

“It’s simple,” one would claim. “I see everything in one place. No need to check multiple mailboxes to stay in the loop.”
Soon we realize we are receiving an increasing amount of messages in that single inbox—some from clearly identifiable third-party entities we had never met before, others from companies with whom we already have a relationship.
At this stage, when we receive an email claiming to come from the bank we trust with our savings, there are several validations we need to perform before it is actually safe to open the message.

spam.png

At , we adopted a simple solution for this. Instead of sharing the same email account with everyone, we created two main accounts: one public (io@io-solinf.pt) and another private, shared only with family and friends. Then we made the effort to create a custom, unique email address for each new third-party organization that required one for registration.

In an ideal world, we would only receive spam in the public email account. However, carelessness or an accident in any private relationship may leak the private address to spammers. We believe this is still manageable.
In any case, now, when we receive an email, we check both sender and recipient addresses:

Anything not from family or friends in the private box gets deleted without a second thought.

Scrutiny of the public box is even lighter. Since we share private addresses with everyone likely to contact us, we usually infer that everything arriving there is spam.

In each of the other accounts, if the sender claims to be from an entity that does not match the recipient, we learn two things:

  1. The sender is not reaching out to us in the context of any existing contract or previous conversation. Even if the sender seems legitimate and is someone with whom we had already established contact, the email should have been received in the proper inbox. We can dismiss it as not credible.
  2. The entity with whom we shared that email account has, somehow, shared their contacts list with this email’s sender. If the leaking entity is important to us, we report what happened and take measures. This has happened only once, in 22 years.