As a company that helps legitimate businesses
Why Am I Getting Spam Emails?
In most cases, it’s one of the three scenarios: data breach, accidental self-exposure, or clicking on links in spam emails. Let’s dive into each scenario and see what you can do to protect yourself.
Data Breaches
Many web services and mobile apps require an email address to sign up. When you do, your email goes into a list. Companies use this list to send mass emails with notifications and marketing materials. However, if a data breach happens, entire contact lists, along with other personal data, can end up for sale.
Hackers often target big companies to get their hands on massive databases. One of the most recent significant data breaches happened in
As a user or customer, you cannot completely prevent your data from being leaked and then sold, but you can minimize potential damage, once you learn about the breach.
Significant breaches often get into the news, but you can check if any of your email addresses have been compromised at any point. Go to
If you discover that your email address has been compromised in a data breach, we recommend updating your password on the affected website or app and any other services that use the same login information.
Accidental Self-Exposure
Spammers do not always need to wait for the breach to happen, since they can use publicly available information that users expose themselves on social media and forums. For example, you commented on a post on Facebook asking for professional advice by writing “Contact me at [email protected]” or made your address available for other users on a job search website — online activities like these make you a target for
This doesn’t mean you should stop sharing your contact information online altogether.
Take these steps to limit risks with self-exposure:
- On social media, go to privacy settings and restrict the audience to those who really need to see your contact information.
- Share your email address in private messages instead of comments.
Clicking Unsubscribe Links in Spam Emails
Sometimes spam emails have an unsubscribe link, like the one on the screenshot below:
Spammers use fake unsubscribe links to verify that your email account is active. It’s often done as a part of dictionary attacks — spammers guess which addresses exist and send emails for a ping.
By clicking on an unsubscribe link in a spam email, you’re basically saying “Hey, this address is real and I’m using it actively, please send me more emails!”. This confirmation gets passed around and, as a result, you’ll get spam bombed.
Links in spam emails may also lead to compromised websites used for phishing or installing malicious software on your device.
For this reason, clicking on any links in spam emails, including the unsubscribe, or responding to them is dangerous.
If you notice a suspicious email in your inbox, don’t interact with its content and delete the email.
You can also flag such emails as spam, which will prevent more emails from that address from reaching your inbox.
How To Identify a Junk Message Quickly
Most email apps have spam filters. For example, Gmail uses a neural net system that continuously learns to separate junk mail from regular emails. But AI is not flawless. Sometimes, Gmail mistakenly marks social media notifications or emails with links and attachments as spam — and vice versa. That’s why we're sharing these key indicators to help you identify junk mail.
Suspicious Email Addresses
An email from an unfamiliar sender doesn’t automatically mean it’s spam, but there are a few red flags to watch out for:
- Random numbers and letters (e.g., [email protected]).
- Public email domain, especially if the message claims to be from an organization or business (e.g., gmail.com, yahoo.com). Companies typically use their own domains.
- Typos or extra symbols in the company domain (e.g., @amazonhelp.art instead of @amazon.com).
- “Donotreply” or other variations instead of the standard “no-reply” address for automated notifications.
Transactional or Support Emails From Unfamiliar Companies
Some spammers learned how to plausibly imitate corporate emails, or even use legitimate emails of existing companies to send spam.
Here’s how it works: spammers sign up for newsletters or leave requests at helpdesks of real companies, and put a phishing link and a message (usually about winning a lottery) instead of a username or a message.
Spammers will also use your email address as the contact info. So, it will look like you received a regular transactional email, a helpdesk reply, or a newsletter from a real company — except you’ve never subscribed to their newsletter or requested help at their helpdesk.
Unfamiliar or Mixed Languages
Spammers who send emails through newsletters and support systems of legitimate companies often pick their targets randomly. As a result, you might receive an email in a language you don’t understand. For example, spammers might exploit Japanese businesses while targeting an English-speaking audience.
Personal Data Requests
To provide their services, many businesses have to handle sensitive personal data, like credit card details. Look at the email from Benchmark asking to update billing information:
An important detail is that Benchmark doesn’t request personal data via email. Instead, they guide users on updating their billing information within their account on their website — unlike spammers. Look at a different email to compare:
This example is an obvious scam and “Douglas” asks for relatively harmless data. But some scammers will ask you for credit card information or passwords. Keep in mind that, for example, bank employees will never ask you for the CVV code. That’s why any personal data request, even as innocent as the one above, is a major red flag.
Impersonal Delivery
According to Campaign Monitor, personalized emails increase sales by
Spammers can imitate such notification emails in a pretty convincing way. Compare our previous example to this fake Amazon email:
At first glance, the two look close enough, but there’s one small detail missing: the recipient's name. Fake emails often contain design elements that are identical or, at the very least, similar to the original. However, they usually have generic greetings like “Dear Customer/Client” or “Dear Sir/Madam”. This is a key indicator of spam.
Sense of Urgency
Creating a sense of urgency and appealing to
In their email, Barnes & Noble offers a personalized book selection and a 15% discount that is active for a short period.
Compare it to the spam email, which also tries to invoke FOMO:
The spam email has an indefinite period instead of a precise expiration date, setting it apart from the Barnes & Noble email.
Additionally, the sender is really “pushing it” by using caps lock, multiple exclamation marks, and repeating words like “limited” and “offer”.
Such messages usually have clickbait email headers, too. They are also often written in all caps and with excessive punctuation.
What is considered bad practice for most marketers today is a staple for spam emails.
There’s one more sketchy detail: poor grammar at the end of the email, which brings us to the next junk mail indicator — bad writing.
Poor Writing and Jumbled Text
When it comes to poor writing in spam emails, most people recall the infamous
Nigerian scam emails were intentionally poorly written to appear more convincing, suggesting their senders didn't speak English as their first language. However, many other types of spam emails also feature typos, extra blank spaces, and odd phrasing for different reasons:
- Machine translation. Awkward syntax and word choices might be the result of bad machine translation. When scammers are trying to appeal to a larger audience, they usually don’t spend time writing messages in different languages from scratch.
- Filtering the audience. Cormac Herley, a researcher from Microsoft, suggested that bad grammar and comical stories in Nigerian scam emails are designed to
filter their readers . Smarter people won’t sit through an email full of typos, but a less discerning audience might. - Tricking spam filters. This tactic doesn't work with modern spam filters, but in the past, spammers deliberately misspelled words to bypass them. Now, poor writing triggers AI-based filters instead of fooling them.
Another tactic spammers use to trick spam filters is called
Needless to say, you shouldn't open the attachment.
Too Good To Be True
Last but not least, if something looks too good to be true, it’s likely not.
Some spam emails will promise you a reward for clicking a link, downloading an attachment, or sending personal information. It can be a ridiculous amount of money or any other bonus from a company or even a celebrity.
For example, the email below is definitely not from Mark Zuckerberg.
Wrapping Up
Spam emails might seem funny and clumsy but they are dangerous — phishing might lead to money loss and identity theft.
Above, we’ve listed all key indicators of junk mail. If you spot any of them in an email from an unfamiliar sender in your primary inbox, follow these steps:
- Don’t click on any links, download attachments, or respond.
- Mark this email as “Spam” to prevent more junk mail from the same sender, or delete it from your inbox.
If you want to learn more about common spam email formats, like subscription renewal scams, deceptive messages from HR, and fraudulent tax refund emails, we recommend reading the
