Everybody knows that (email) spam is annoying. Receiving and deleting up to hundreds of emails per day is not fun... But over the years I realised that I can protect myself against it by receiving more spam. Sounds strange, doesn't it?
My spam folder looks like this and I believe everyone else's looks similar:
Dubious looking emails from random, usually hacked email accounts, trying to sell unnecessary and random products...
It can be really annoying when you have one important inbox that gets flooded with those random emails. However, when you have multiple addresses and inboxes at different domains, the huge amount of spam can help you.
For example, I have a handful of domains of which some are actively used (read: there's a website) and some that are just a playground for pentests/ctfs/other things with nothing else than a MX record. Fact is, that even the "unused" domains and email inboxes receive spam. It is likely that malicious actors who collect and sell email lists simply scrape WHOIS or domain databases and prepend
contact@ to the domain.
So how can we use multiple domains to identify spam? Here is a small example:
There are a bunch of emails with subject
hi from different senders. I believe that at that point it should be clear, that this cannot be a legit email. Also the user agent
PHPMailer 5.2.22 (https://github.com/PHPMailer/PHPMailer) is a big red flag.
However, lets have a look at the other domains/inboxes:
Despite the fact, that all those mails were catched by my DSPAM powered spamfilter, all three domains seem to be on the same list! So whenever the particular actor sends out spam, I only have to wait one or at most two days, until it hits my other inboxes, and I can be 100% sure that it is spam. A sane and serious person would not sent the same email to different inboxes on different days, would she?
You might think, what does this method help except for using more disk space? Let me tell you about the following situation, where I nearly fell for a spam mail:
I ordered something on Amazon and a day later I received an email from "amazon" saying that the product was shipped with a link to track the package. I was about to click on the link, but then saw two emails with the same subject and sender arriving in my other inboxes! Close call!
In that particular moment I began to laugh. The spammer nearly got me to click on the (probably malicious link) by coincidently timing it with my purchase, but then disqualified himself by sending the email to all my other inboxes...
Since then, I wait up to a day when a half-legit, half-dodgy email passes my spam filter.