Is it SPAM?

Malicious email comes in many forms.  SPAM, Phishing, and Scams.  There is no 100% perfect way to detect and eliminate all Junk-mail, as the scammers are getting more creative all the time.  There are however, some ways you can protect yourself and your customers.  A sensible eye and some basic understanding about how these different scams operate, can go a long way to reducing the amount of SPAM and Junk-mail you receive.

1. Never post your email address online.  If you belong to a user forum or manage your company's website, avoid posting your email address openly.  Instead pass along your contact information in a private message, or use a "blind emailer" on your website.  A quick search for your email address on Google or Bing will show you just how public you address is.  Spammers use malicious bots to crawl websites and harvest email addresses.  If you can find it in a search engine, so can they.
2. Do not automatically load images in your emails.  Spammers want to scam you but they want to do it efficiently.  They know, blindly sending out bulk attacks will get them blacklisted.  So they really only want to send emails to valid addresses.  Often times a SPAM email serves no more purpose than you validate your email address for later scams.  They do this by placing serialized links and even 1 pixel serialized images in your email.   Those serials trace back to your address in their system.  When you click that link, or load that remote image, they see the request and you just verified your email address is active.
3. Never automatically trust/whitelist all email from your domain.  When you select this option, you are telling your email client (Outlook, Thunderbird, etc.) or even your email server, to skip all the usual SPAM tests and simply deliver the email.  This can result in one of the worst scams, "Email Hijacking".   The email appears to come from a co-worker, who is likely out of the office, but is in fact a real person scamming you and spoofing the coworker's email address.  They will respond to you personally, and may pose a crisis, like "I'm stranded on vacation, can you send me some money so I can buy an emergency flight home." or "We're in the midst of a merger and I (the CEO) need you to contact this lawyer (email address) and arrange to wire/transfer funds so we can complete the acquisition."  These are real examples, they happen every day, so always allow your spam filter to do it's job and only use the whitelist/trust option as an absolute last resort.
4. Know your accounts.  I don't mean email accounts, I mean service providers, vendors and other companies you do business with.  Keep them consolidated and documented, so your bookkeeper, accountant and managers can easily find and recognize who they are.  Extortion is a big game with hackers and scammers.  They will pose as a Domain Registrar, a Utility Company, and various other entities trying to get you to blindly pay or transfer service to them.  Domain names are a big game.  If you are registered with Registrar A, and you get an email from Registrar B saying your domain is up for renewal, be wary.  By paying Registrar B, you may wind up authorizing them to take ownership if your domain, transferring it away from your trusted Registrar A.  This can result in your company paying out several thousand dollars to get your domain back.
5. Monitor your account.  There are various paid and free services out there that can help you keep track of your email account and login credentials.  https://haveibeenpwned.com is a free, legitimate, service where you can enter in your email address and they will tell you if and where it has been compromised.  You can also subscribe for free to have them continuously monitor for your email address and notify you if and when any new breaches occur.  As an IT admin, you can even validate you domain and obtain a list of all the email addresses which are know to be involved in data breaches.  Be sure, if you use your email address as a username for a website or service, that the password is different than the one to access your email account.
6. Use SPF, DKIM, and DMARC records in your DNS.  The Domain Name System is like the phone book of the internet.  Your computer takes a human readable Fully Qualified Domain Name (FQDN) like biznetix.net and turns it into a computer readable IP address like 205.209.96.203.  Along with that IP address you can pass along additional information like SPF (which states what email servers are allowed to send email from your domain), DKIM (a secure key take proves your email was sent from an authorized email server), and DMARC (which defines how to handle suspected junk-mail from your domain and where to send junk-mail delivery reports).  Most major services like Microsoft, Google, and Yahoo require all 3 of these records to ensure proper delivery of your email and to build trust in their network.  Your customers have a much better chance of receiving your emails if they exist in your DNS.
7. Get trained!  There are numerous services out there where you and your employees can get trained to recognized and handle SPAM.  The FTC is a good place to start.  They have an excellent article on SPAM, Phishing and other online scams.  https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams  It also tells you steps you can take if you need to report a scam or have inadvertently fallen for one.   Services like https://www.knowbe4.com/ can offer web-based training for your company, and provide you with feedback about which employees have completed the training.  This can help to ensure your employees are aware and doing their part to protect your company from SPAM.

SPAM is not just a annoyance, it could cost your company untold sums of money.  If you have any questions, or would like more information on how we can help your company fight SPAM, please call us at 585-426-6519 or visit our Support page and use our "blind emailer" to contact us.  We look forward to serving you.