Protecting Against Spam
Emails
Spammers collect email addresses and verify that
each address is a valid address before they start
sending unsolicited or spam messages. To reduce
the possibility of receiving spam emails, there
are things you can do to protect your email addresses
and accounts, on your computer. The following
tip will help you and your company combat the
amount of spam you receive:
Tips
for End-users on Handling Spam Emails
Dos
- Check the privacy policy of websites or companies
before you provide any personal information
when filling out web registration forms, online
surveys, etc.
- Look for options in websites or emails that
allow you to unsubscribe from receiving further
emails, offers or other marketing information.
- Be careful when subscribing to free email
account services, especially when filling in
the account profile. Check the terms and conditions
of the email service.
- Use the anti-spam solutions offered by your
ISP, or install email filters to reduce the
amount of spam email you receive.
- Whenever feasible, use separate email addresses
for different purposes. For example, use one
email address for public newsgroups or chat
rooms, and another for personal email messages.
- Avoid using an email address that contains
simple dictionary words, or common names. Spammers
can use brute-force techniques to guess valid
email address at a specific domain using words
from dictionaries, or combinations of common
words.
- Install and enable anti-virus software, and
keep it up to date using the latest virus signatures.
Enable real-time detection to scan for computer
viruses, malicious code for active processes,
executables and document files that are being
processed.
- Install and enable personal firewall software.
- Apply the latest security patches/hot-fixes
from product vendors to your operating system
and/or the applications installed in your computer.
- Be cautious when opening emails and email
attachments, especially when receiving emails
from strangers.
- Simply delete emails from unknown senders
or dubious sources because if you reply or click
on any link in the email message from an unknown
source, you are confirming to the unknown sender
that your email address is a valid one.
- Check the "sent" folder or outgoing
mailbox of your email programme (or webmail
account) to see if there are any outgoing messages
that were not sent by you. If there are such
messages, your computer may have been hacked
and used by spammers to send emails from your
account. You should disconnect from the Internet
immediately and scan your computer with anti-virus
or anti-spyware software (make sure the software's
signatures are up-to-date).
Don'ts
- Do not disclose your personal information
too readily, including your email addresses.
- Do not publish your email address on public
websites, contact directories, membership directories,
or chat rooms.
- Do not be caught out by the spammers' favourite
tricks, such as the use of subject headings
like "Remember me?" that try to trick you
into thinking you should know the sender.
Tips
for Companies/Organisations on Handling Spam Emails
Companies can implement a variety of methods
to reduce the amount of incoming spam, such as
protecting company email addresses, using filtering
software and adopting well-defined security measures
for employee workstations and email servers.
- Establish and enforce clear information security
policies, and educate staff not to respond to
spam emails. By responding to spam emails, employees
are actually confirming their company email
address as a valid address to spammers.
- Restrict the use of office email addresses
for personal messages or participation in newsgroup
or chat rooms by employees.
- Use a web-based contact form on the company
website. Ensure that site visitors use the form
to contact the company, instead of via a company
email address that may be vulnerable to spam
harvesting.
- If you need to publish a business email address
on your site, consider writing it in a way that
makes harvesting by spammers more difficult.
For example, write the email address as "info[at]xyz.com.hk"
instead of "info@xyz.com.hk", and
consider adding a statement stating that the
company does not wish to receive unsolicited
emails, such as "No spam, please".
- Use anti-malware software and solutions at
your email gateway and at individual employee
workstations to filter spam and virus infected
emails.
- Install email filter software at the server
level if your company has its own email server.
Filtering software can screen incoming messages
before they are delivered to staff.
- If your company uses a web-based email service
from an ISP, they may provide you with a number
anti-spam settings. To reduce the risk of mistakenly
blocking non-spam messages, also consider adding
a holding folder to the filtering system, so
that messages can be reviewed before deletion.
- Adopt good security measures such as server
hardening to protect your email server and web
server from being hacked and used by third parties
to send spam emails.
What
can you do if you receive a spam email?
- Ignore and delete spam: this is the simplest
and most effective way to handle junk emails.
Never reply to a spam message.
- Report the case to your Internet Service Provider
(ISP) attaching the header of the spam email.
Most ISPs have service terms that prohibit subscribers
from using ISP services for spamming activities.
Depending on the policy of your ISP, a spammer
may be warned, have their service suspended
or even terminated;
- Report any suspected contravention of the Unsolicited
Electronic Messages Ordinances (UEMO) to the Office of the Telecommunications
Authority (OFTA) if you suspect that there are professional spamming activities
going on. If the spam emails contain suspected fraudulent or illegal information
pretending to be sent from an identifiable organisation such as a bank, you
may also complain to the related organisation.
- Consider discarding or shutting down your
current email address and creating a new one
if your email account becomes clogged with spam
messages.
Copyright 2009. The Government of the Hong Kong Special Administrative
Region.