Cloudmark is now part of Proofpoint. Learn More

About Proofpoint

Fifty Shades of Spam

At first glance it might seem that the decision if an email is spam or not is a black and white one – either it’s spam or it isn’t. However, the closer you get to the problem, the more complex it becomes, and many shades of grey start to appear.

For example, last Thanksgiving I was keeping an eye on email related to Black Friday and Cyber Monday, to see how those were being exploited by spammers. The results were interesting. The real spam was caught by our automated filters as always. However, we received a lot of feedback where a recipient had taken a legitimate marketing mail from, say,, Petsmart, or Home Depot and manually flagged it as spam. These are legitimate companies who are sending mail that a lot of people want to see, so they are not likely to end up in any spam filters. If you are receiving legitimate marketing emails that you no longer want to receive, click on the Unsubscribe link and not the Report As Spam button.

More troubling than that was the case of a legitimate bulk email company that provides marketing services for a number of national brands. We noticed that they are forging the headers on their emails to make it appear as if they are coming from a single user email client rather than a bulk mailing service. This is a technique used by spammers to try to improve deliverability. However, for a legitimate business it will probably have the opposite effect. Spammers do not forge headers to get more emails delivered than legitimate bulk mailers. Spammers forge headers to try to get as many emails as they can through our filters. That’s never very many. The more a legitimate email source tries to use the spammer’s toolkit, the more likely their emails are to get classified as spam and consigned to the bit bucket.

The road to the Dark Side is insidious. It starts with an opt out check box hidden in the fine print and a six step unsubscribe process. Next a forged header line or two, and then adding a little word salad so every email is slightly different. Before you know it you are renting botnets or buying webmail accounts by the thousand and every step down into the pit you will convince yourself that there are legitimate business reasons.

There is a better road though. If your marketing emails are causing mass unsubscribes or getting flagged as spam, the first thing to do is not to tweak the headers, but to take a long, hard look at the content. If you are sending people information they want to receive in a way that is engaging, then your marketing campaign will work much better than one that goes to five times as many people who have no interest in seeing it. Know your audience, and tailor your message. Before sending out a mass mailing, test five or ten different versions on smaller groups and see what gets the best ROI and the fewest unsubscribes.

Most large mailbox providers will provide feedback loops to large mailers, which will notify them which recipients are marking their messages as spam. Not only does this provide vital statistical feedback, but that feedback can also be treated as unsubscribe requests by the mailer. It’s pretty obvious from our reports which mailers are not taking advantage of this service – and that adds another shade of grey.

Take the path of science and math, and measure response to emails. Give people who do not wish to receive your emails an easy way out – they’re not likely to buy from you anyway. Do not be seduced by the dark side of spam, or one day you may find yourself with vanishing response rates and a negative ROI, ranting about those filthy Nigerian scam artists who are giving bulk emailing a bad name.

2 thoughts on “Fifty Shades of Spam”

  1. Been using cloudmark for pope3 outlook on windows for many years. Just got an Android phone. Any plans for a version of clodmark that works on android? Hopefully I’d have one account and it would block spam on both devices.

  2. Hi Harris. We have no plans at present for an email client for the Android, but many major ISPs implement Cloudmark Security Platform for Email at the server level, so depending on who provides your email account you may be able to get our spam filtering that way.

Leave a Reply

Your email address will not be published. Required fields are marked

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2018 Cloudmark, Inc.