Security

How to fight spam emails in Gmail and G Suite

Google already identifies spam messages. However, users and G Suite Admins can take additional steps to block spam sent to and from accounts.

In my experience, conversations about spam like this happen too often:

Client: "This person keeps getting spam emails from me."

Me: "Let me look at the spam emails."

When I opened the emails and looked at the header, the sender's name matched that of my client, however the sender's email address was an address of an internet service provider — not my client's address.

Me: "This isn't actually from your account. Do you happen to know anyone with the address of (email address withheld)@chartermi.net?"

Client: "Yes, that's someone we hire for projects."

Me: "Tell them to change their password. Their email account is the source of the spam."

To avoid these types of conversations, here are steps that each person in an email chain — an email recipient, administrator, or email sender — can take to prevent spam.

Get spam out of your inbox

First, look for the sender's email address, not just the sender's name. Oftentimes, any name can be listed. The name field doesn't have to correspond to the email address. In the case above, my client's first and last name displayed, but the email address was someone else's account. If you know the person whose email account the spam appears to be from, let them know so they can change their password to protect against a potential password breach. But don't email them: call, text, or tell them in person.

Screenshot of drop-down mail header details of a spam email in Gmail.

Suspect spam? Check the details. The name and address might not match the actual email sender's account. (Image shows an email that Gmail accurately identified as spam.)

Next, get spam out of your inbox. In Gmail, select the message, then tap the "Mark as Spam" button. In Inbox, select the message, choose the vertical three-dot menu in the upper right, and "Move" the email to spam.

Screenshot of Gmail menu that includes 'Report Spam' icon option

Select a message, then 'Report Spam' to train the system to identify an email as spam.

If you continue to receive a specific unwanted message, create a filter. For example, if you receive a variety of spam messages from different addresses at "163.com," create a filter to handle them: In Gmail in your browser, select the spam message, then choose "More" from the drop down-menu, then "Filter messages like these." Adjust the filter settings as needed, then select "Create filter with this search." Review the selected messages to make sure they match. Choose "Delete it", then "Create filter." You'll no longer see messages that match the criteria: they'll just be deleted. (Alternatively, you can block a sender.)

Block incoming spam for your domain

If you're a G Suite administrator, you can block incoming spam for everyone. Login to the Admin console (https://admin.google.com), then go to Apps > G Suite > Gmail > Advanced settings, and look for the Blocked Senders option, then choose "Configure." Add one — or more — individual email addresses (e.g., spammer@spammer.com) or domains (e.g., spammer.com). Either way, this keeps email from specific sender email accounts and/or domains out of people's inboxes.

Screenshot of G Suite admin 'Blocked Senders' configuration options.

A G Suite admin can block email from a specific address or domain. This identifies spam before it arrives in inboxes.

A G Suite administrator also may configure G Suite to "Be more aggressive when filtering spam." With this setting enabled, more incoming email may be categorized as spam. If you change this setting, let people know, so they can check the spam folder more often for any potentially misclassified messages.

Screenshot of advanced Spam settings in G Suite Admin console

A G Suite admin may also tell the system to 'Be more aggressive when filtering spam.' This may sometimes classify 'good' email as spam. If you activate this option, advise people to review spam folders periodically.

Stop spam at the source

Make sure your email provider supports modern email standards that help prevent spoofing and reduce spam. And use tools that it difficult for spammers to send email that appears to be from your account such as: SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication Reporting and Conformance).

To verify security settings for any email account, go to https://internet.nl. In the "Test your email" box, enter an email address, then choose "Start test." For example, I checked both my email address (at wolberworks.com), as well as the email address of an account known to be sending spam (at chartermi.net). Note the difference: I've taken steps to protect against spam.

Top screenshot of Internet.nl results for a chartermi.net address, bottom: screenshot of results for wolberworks.com address — with "green" to show settings OK.

Configure SPF, DKIM, and DMARC to prevent spoofing and spam from your domain. Go to https://internet.nl and enter an email address in the 'Test your email' box to see if these are configured. (Image shows results for two different email addresses. Top: SPF, DKIM, and DMARC not configured, bottom: SPF, DKIM, and DMARC configured.)

You'll need access to both the G Suite Admin console and your domain's DNS records to configure SPF, DKIM, and DMARC. To enable SPF, add a DNS record that identifies which mail providers may send email on your behalf. (Make sure to authorize any external bulk mail service providers your organization uses.) To enable DKIM, create a public key within G Suite, add it to your domain's DNS records, then enable DKIM signing in G Suite. With those set up, then add a DMARC record in DNS that specifies what to do when an email fails checks: no action, quarantine, or reject.

Fighting spam is a choice

As a Gmail user, you can block spam you receive. And a G Suite administrator can block incoming spam for everyone in the organization — and help prevent outbound spoofed email from your domain.

But people have to choose to use these spam defenses. Until they do, insecure accounts (like the one maintained by my client's freelancer) will continue to inflict spam on the rest of us.

How do you fight spam at your organization? What effective spam reduction techniques have worked for you? Let me know in the comments below or on Twitter (@awolber).


Also see

Funnel: Email and Spam entering top; word G Suite blocking 4 pieces of spam; word Gmail blocking more spam. Pieces of exit email bottom of funnel.
Image: Andy Wolber / TechRepublic

About Andy Wolber

Andy Wolber helps people understand and leverage technology for social impact. He resides in Ann Arbor, MI with his wife, Liz, and daughter, Katie.

Editor's Picks

Free Newsletters, In your Inbox