A new Email in your Inbox – Spam Or Legit?

Spam Introduction

Spam in simple words is “Unsolicited Bulk Email”. Any email received in your Mail user agent(MS outlook, Gmail etc.) that you never asked for is spam and should be transferred directly to your spam folder, right?

I have seen some people out there calling “Unwanted Mails” as Spam. Well, to those people – “Why did you even bother to share your email id in the subscription box on websites where you didn’t want to receive any mails from?” So, it was you who started the mess and now you don’t want its smell. Go, click on the tiny unsubscribe link they provided in their mails and make yourself free.

The first thing about spam is “You never shared your online identity to the sites you are getting mails from”.  Or “You have already unsubscribed from their mailing list though still you are getting those mails.”

About the harm of spam, i think i have already covered that part here: Spam – Harm is beyond imagination . Don’t wait, read it first. Check how an email that you might think legit can do things you never imagined.


It’s not about what, it’s about who…

This post is not about defining spam and it’s categories. It’s about how can you identify them with some cool tips and break heart of a spammer. 🙂


Somethings you should know first..

Before i start talking about what is legit and what is not, you must know the basics of email structure. No need to worry and start googling about it, we got it covered for you as well: Email Headers – The Base of Spam Analysis. I tried to make it as simple as possible and won’t take more than 15 mins to understand it. So, go through it once and come back, i’ll be waiting for you right here. For those who have already read this article and don’t need a revision, are most welcome to walk along further.

The main objective of spammers is to make sure that they get enough number of victims at the end of the day. They are getting smarter everyday, trust me they are. The way they are forging parts of Email these days, i must say they are doing hell of a job. Victim just finds himself helpless, get lured by the presentation of words spammers use and finally, clicks on the Call to Action. Did i forget to tell you about Call to Action? Ah, i did.

Let’s talk about CTA..

Apologies, i should have told you about it a bit early, but i don’t think it’s too late either. Call to Action(also known as CTA) is the direction or order to the readers or listeners which stimulates urgent response like Best Shoes in town.. Click Here or feeling lonely call me at 88-989-27-xxx . It’s easy to find CTA in a mail, you just have to follow the lead of the sender. Look for the link where he asks you to click or an attachment he asks you to open or a contact number he asks you to call or the email address he asks you to reply on.

job spam

In the above image, tell me what is the CTA in comments?

Back to the Real Question..

Judge Legit vs Spam:

Sometime it’s easy and sometimes tricky. It’s like judging between Black and White on a Grey Scale. My job is to make sure that after you finish reading this article and get back to your mailbox, you’ll start collecting the signs after looking at a mail and will be able to recognize on the spot whether it’s legit or spam.

Let’s move step by step..

1. From Email Address – From email address tells you a lot about if you look real close. When i got the mail shown in above picture from “[email protected]”, i scratched my head for a moment and thought about “Who the xxx is Manju Pal?” and more disturbing point “Did i ever subscribed for KVR Placement services?”  I was pretty convinced to give them a special place into my spam folder. Guess what, i did. I know, now you need more. Let’s try this one:

dating Spam

I got this dating mail 2 days back of this post. From header “msg center <[email protected]>” says it coming from alimamu.com site(or <random_subdomain>.alimamu.com) with user id “msgcenter”. I was a bit daring while opening that domain but i couldn’t resist myself to tell you the truth. I found this:

dating spam- page not available

Feeling Suspicious?? Well, i dig down more and searched for it’s whois. The domain was recently created on 15-feb-2016, just 18 days back.  dating spam- domain whois

I don’t remember using this site and subscribing on it using my email id. That’s it. Stop right there, It’s a spam. You don’t need to call the girl to prove it, i know it hurts 😉 But sorry brother, i wish it could be that easy.

So, be careful, specially when you get any mails from bank asking for your login details. Examine their from name with your eyes wide open and cross check if the name of bank and the domain, the mail is coming from matches.

Like i told you earlier, spammers are smarter these days and always try to stay one step ahead than the target. So, hold your horses right there, it’s not over yet. From mail addresses can easily be forged and made to look same as the legit mails. Therefore, you gotta analyze other stuff too before you click on CTA.

Let’s take second step..

2. Read the Intention – Of course, the intention of sender should be clearly understood before you act on mail. In the following case shown in image, sender is asking receiver to send his personal details on a gmail id. And look at the way he is asking his targets “Your Email has won $1 million Dollars”. I would really like to meet those interesting people who believed on it and replied back with their details. I mean, someone is ready to give you millions of dollar and asking you to mail back on “gmail id”, not even a registered company site.




Is there a way to get rid of future mails??

3. Unsubscribe link – It’s per the law that if you are getting mails from a site where you subscribed earlier and getting mails, then there must be an unsubscribe link present in the sample. So you are supposed to get the power of stop getting those mails any time you want to and if you don’t, there is something wrong with the mail. Spam mails don’t usually have unsubscribe link, and sometimes if they do, the link will take the target to some site hosting “unsubscribe” content which won’t be doing anything except fooling the receiver. For example, in following mail, i don’t see any unsubscribe link from gulfstaffinginc.com. To tell you the truth, i never asked for their service. So, pay attention to find legit unsubscribe link.

Job Spam

Where Spammer want us to click..

4. CTA links or Attachments-  Danger Alert!! Beware of clicking on any links including download attachments. As a matter of fact, Spams are used as one of the top 10 ways of spreading malware around the world in quickest way. It totally depends on the type of spam.

Let me start with the general cases. Sometimes the link in the mail is the actual site spammer wants you to go through and sometimes real site is hidden behind many redirection links.

In following porn gaming spam, the link “eerftxjvoh.antiphony.galaxisysteraimmore.com/c/cWpSL1BKSG1pQUpjOFE2eHk1Y1kxTUdiendIVzgrVVRwaWc3cWFHdjdtdz0=/Tk5QQzlJZ3h0djFnbHhGV3Bvc05BVm9qc1Q3dXFKcENUemVPRjlPS0hQVT0=/tmplnk/T1FCaUtjajhLQjRrNDg3WGRpcW5nVWV3NzdybFE4SWZKUzJVejFZV1ZhZz0=” takes me to the actual site “http://www.free-xxx-games.com/home.php?t=t12:index.inc&act=vip51584.44764-169222.37728.38304745.&short=n&r0=y&game=cob&n=nn&short=n” after hoping through many redirection links.

dating spam

Same mode of spamming can be seen in porn, dating and meds spam these days. The reason behind of doing it is honorable as spammer wants their customer sites(they are hired to do the advertisement for) to not get blocked before reaching their targets by spam filter.

In phishing mail, it’s very common that the link(sometimes embedded in Image) may look the legit one, but the real CTA link can be seen as different one while hovering your mouse over it. So be cautious and always verify the legitimacy of the link you are about to click.

5. Reply-to Header –  Well, as the header explained earlier, it’s supposed to have email address that sender wants the receiver to revert back on. And we know, headers are easily forged by a spammer. So, always check if a mail coming from a legitimate site/domain, it should have a same email address or a email address of same or related legitimate site. For example, if a mail is coming from a lotteryclub.com and reply-to header contains a gmail address, doesn’t that sound suspicious? So be careful and make it a habit of checking reply-to address before you reply on a mail.

Related Posts

Leave a Reply

Your email address will not be published.