When Gmail’s Filters Aren’t Enough: How To Tackle Spam On Your Own

When Gmail’s Filters Aren’t Enough: How To Tackle Spam On Your Own

If you’re really lucky, you won’t have to deal with too much spam making its way into your inbox. Email providers have never been better at blocking and filtering spam, but you still probably get unwanted newsletters and notifications. Here’s how to deal with the spam that makes it through your filters.

Picture: Dejan Stanisavljevic/Shutterstock

Remember, not all spam is sent by mindless robots harvesting email addresses from around the web. We’ve discussed what to do if someone’s impersonating you online, but someone may just decide you need to be on a mailing list that you can’t unsubscribe from — even if you’ve tried. Other times, someone may use your email address to sign up for free web services — whether it’s an innocent typo or deliberate. Maybe the spam that hounds you comes in languages you don’t know or with short links that are hard to filter. Whatever it is, you’re not powerless, even when the filters in Gmail, Outlook or Yahoo fail you. Here are some options.

The Passive Approach: Lock Down Your Account and Filter/Whitelist Everything


Most of us don’t feel like wasting a lot of time and energy on the spam we get. It’s easiest to just filter it, get it out of our inbox and move on. All of the tools you’re familiar with will do the job when used together: some well-designed Gmail filters won’t hurt, and turning on smart labels will also work wonders. Finally, learning your way around Gmail’s new layout goes a long way as well. If it’s really newsletters and spam that’s pretending to be legitimate, you can always filter on the word “unsubscribe” to get rid of it all.

If you’re ready to really lock down your account, it’s time to turn on the whitelisting features. For example, enabling Gmail’s Priority Inbox is a great way to start training Gmail to understand who’s important and who isn’t. Once it knows, it will only notify you of the people who are actually important. To take it another step, you can add some useful organisational toggles to your inbox so you only see the emails you actually want to see. From there, if you really want to go crazy, you can set up a whitelist so only the messages from domains you approve make it into your inbox and everything else is routed elsehwere. Similarly, mobile apps, such as previously mentioned Dextr for Android can be configured to only show you email from the people you allow.

If you do think someone’s been impersonating you or your account is somehow compromised, change your password, enable two-factor authentication and — especially if you use Gmail — check your activity history to see if there are any unrecognised devices or IP addresses in the list of devices that have recently accessed your account.

The Middle Path: Filter Everything, Set Up Bounce-Backs and Notify Site Owners


If filtering and whitelisting aren’t enough, it’s time to set up canned responses and notify service owners that you want to be removed from their mailing lists. With traditional robot-based spam, responding or clicking “unsubscribe” is the kiss of death and will inevitably result in more email (there’s some debate over whether this is as true as it used to be), but with email from companies you actually do business with, or services you know are legit, clicking unsubscribe is the fastest way to put an end to the unwanted email. You just have to be smart about when you click unsubscribe and when you just mark as spam (and when you do both).

With above-board marketing list operators, like the folks behind SafeUnsubscribe, ConstantContact and MailChimp, if unsubscribing from someone’s list isn’t working, you can file an abuse report with the service itself and they will actually act on it. It’s surprising, I know, but they do take them seriously. When you get those persistent messages, take a look at the service the company is using to send them to you, and then look up that service directly. You may be able to get a hold of someone there and insist you be put on a company-wide blacklist, so none of their clients can email you.


Finally, another great way to put the kibosh on annoying newsletters and spam is to pretend you don’t exist. We’ve explained how to set up canned responses to auto-reply to unfriendly or abusive email in the past, but it doesn’t take much to turn that canned response into a full-fledged “bounce” message that looks to the recipient like your email address doesn’t exist. I copy the text from a standard bounce message, change out the dead email address to my own, and insert the text into the canned response. When I get something I really don’t want, I hit back with the canned response, then create a filter so any email I get from that address also gets the same canned response. With luck, the sender will get the picture and remove me from the list.

It’s not a perfect solution: the “bounce” comes from my email address, not a generic “[email protected]” address for the domain, like it would if it were a real bounce message, and if the sender emails me from a different address, I would have to set the filter up all over again. Still, it’s worked more than it’s failed for me.

Finally, you can turn to technology to take the whole problem off your back. Services like previously mentioned Unroll.me and Unsubscribr all promise to tidy your inbox without you having to lift a finger.

The Aggressive Route: Change Passwords, Notify Their ISPs and Disable Their Accounts


The worst spammers are the persistent ones — the ones that either have it out for you specifically, or they serially add you to new mailing lists. If you have the time on your hands and you’re that angry about it, you do have some options. The easiest — and perhaps most effective — method to exact your revenge is to look at the message headers to find the IP address of the sender. From there, a quick WhoIs or reverse lookup will tell you at least the ISP (if not the full hostname) of the machine that sent the messages to you. Those headers may not be reliable, but they can tell you which mail service you should report the spam to and which ISP you can report the spammer to.

If someone is using your account to sign up for free web services or other accounts, presumably they would need access to your account for the confirmation links, but not every web service demands you click a link confirming your email address before you start using it. If you’re inundated with someone who’s email address is one character off yours, or someone using your address as filler, grab those confirmation links, visit the site, change the account password (or delete the account outright) and log back out. You may not be able to stop them from just doing it again (or trying to reset the password using your address), but you can annoy the hell out of them.

Finally, if you do have the spammer’s email address, you can give them a little taste of their own medicine with Mailbait. Keep in mind though that this is the equivalent of looking into the abyss and seeing it stare back at you (and actually may qualify as harassment in your jurisdiction) so use your powers wisely.

Whichever path you choose, you have plenty of options. Dealing with spam doesn’t necessarily have to mean having to continously report on the same sender or building a list of filters that would take you longer to scroll through than it would to just delete the message. You can leverage some of these tools to keep your inbox that much cleaner.

Log in to comment on this story!