5 ways to fight spam in your iCloud email account

Apple iCloudI have been an iCloud email user for a while, even before “iCloud” existed (iCloud is Apple’s online email service and other online tools). I was originally a MobileMe and .mac user. Until recently, my iCloud email addresses were relatively free from spam. However, for the past few weeks I have been getting five to ten spam emails a day and I didn’t even sign up for anything.

A search of internet discussion boards shows that I am not the only one with a recent onslaught of junk in my iCloud account. So is there anything that can be done about it? Well, there are a few steps you can take to help reduce the junk in your iCloud inbox.

Don’t click ‘Unsubscribe’ links

First, and most importantly, do not click any unsubscribe links in any of these spam emails. This will, most likely, just open the door to more junk. These links basically tell the senders that your email address is real and is read by a human.

Help report spam to Apple

The second thing you can do is help Apple improve its server-side filters by emailing the emails to them. You do this by forwarding the email from your desktop app as an attachment to spam@me.com. This is Apple’s spam address. To do this from Mail on your Mac select the email and choose “Forward as attachment” from the Messages menu. Address the email and send it off.

Add spam filter rules to iCloud

A third part of the plan includes setting rules through the iCloud webmail settings. If you log into your email through iCloud.com, locate the gear icon in the top right of the screen. Clicking that will present you with a menu of options. “Rules” will be one of these options. Choose that and you will see a window where you can set up rules.

If your junk emails have similar words in the subject, you can set up a rule to send emails with that subject to the “Junk” folder or the “Trash” folder. If the emails seem to be coming from the same email address, as many of mine have been, you can set the parameter based on that email address. It is very easy to do and setting the rules online instead of your mail program will prevent many of these emails from even making it into your inbox of the program you use.


Flag spam as ‘Junk’

For those spam emails that still manage to sneak through your filters, you can mark them as “Junk” in the Apple Mail program or the webmail interface . iCloud is supposed to learn what is junk and what is not based on how you mark emails. I don’t know how well it works, but it is better than doing nothing.

Buy spam filtering software

Finally, there is the pay option. There are several spam filter apps for the Mac and several online spam filtering services. SpamSieve is an app I have used in the past.


There have been small flurries of spam through Apple’s email services in the past and it eventually works itself out. Hopefully it will do so again. If not, you now have some weapons to help fight spam in your iCloud account.

Have any tips for fighting iCloud spam? Share them in the comments below!

Image courtesy: Bas Boerman

Why You Shouldn’t Talk to Strangers on Facebook

Facebook, for the most part, is a safe place to meet friends and talk to people. However, it’s good practice (and simply common sense) to stick to conversations with people you actually know.

Recently, I’ve been receiving messages from complete strangers asking seemingly-legitimate questions about my livelihood, such as programming or brewing, since both are listed on my (up until today) public profile. Of course, when you get random messages from people outside of the country, your mind detects that something is amiss.

Don’t ignore your instincts when it comes to the internet.

Before responding to any of these messages, I decided to trust my gut and do some investigating into possible scams that could be run through innocent message exchanges on Facebook. What I discovered is that if you respond to a message on Facebook, you grant the person receiving your message permission to view your profile as a friend would for one month.

Just for clarity, I’ll reiterate:  If you respond to a message on Facebook, the recipient can view your profile for ONE MONTH.

It doesn’t take a month for somebody to copy your photos, copy your information, and set up a fake account on Facebook under your name or otherwise steal your identity.

The other possibility is that you’ll be lured into a sorority house pillow fight. The risks are real!


Maybe this comes across as paranoid, but play it safe and just ignore/block messages on Facebook from people you don’t know. Hopefully Facebook decides to change its policy on profile viewership by non-friends in the near future. In the meantime, you can change your visibility to be non-public (so that you cannot be searched and found), or you can simply not reply to suspicious emails.

Is TwitPic Becoming Twitter’s Newest Spam Source?

TwitPic is one of the most popular ways to share photos on Twitter, but is it giving spammers an easy way to send you unwanted messages?

Spam in Twitter is simpler (but arguably more sophisticated) than good-ol’ email spam; instead of getting an unsolicited email full of FREE V1AGRA links, you’ll instead get a short, tantalizing message with a shortened URL attached. Shortened URLs are the perfect delivery for spam links – many users have grown so accustomed to blindly clicking them that they don’t consider the link’s source. [We previously wrote a guide about expanding shortened URLs.]

Even though Twitter has long-suffered from spam problems – it’s quite easy for a malicious user to create dozens of fake accounts to send messages – they’ve always taken an aggressive stance against unsolicited messages with tools like their @spam account and Block and Report Spam links on user profiles. But my recent experiences have made it clear that spammers are finding new ways to breach the popular social network through third-party connected sites like TwitPic.

When a picture is uploaded to TwitPic, other users have the ability to post comments on it. These comments are then sent directly to the person who uploaded the picture as an @ reply on Twitter, giving spammers a simple way to hit you with messages while avoiding using Twitter.com or the Twitter API directly.

Here’s an example of a spam message on one of my TwitPic pictures:

Which is immediately sent to my Twitter account:

As you can see, I’ve been getting spam on almost every picture I’ve posted to TwitPic recently. After expanding the bit.ly shortened URLs in the messages (this can be done by simply adding a plus sign (+) to the end of the URL), the source URL was revealed to be a spam URL offering free iPhones in return for all of my personal information. Gross.

Even though these accounts didn’t last long – Twitter blocked them almost immediately, as shown in the picture below – there still were dozens of accounts sending unique spam messages simultaneously. Even if they only send a few messages each, the scale of the operation suggests that many of these messages reached unsuspecting users who may have clicked the links, and studies have shown that even with terrible conversion rates, spam can still be mind-blowingly profitable.

So far no comment has been made by Twitter or TwitPic regarding this new type of spam. If you ever receive a suspicious message with a link on Twitter, follow these steps:

  1. Expand the shortened URL. If it’s a bit.ly URL, you can simply add a plus (+) sign to the end of the URL to reveal its source.
  2. If the URL doesn’t look familiar to you (tell-tale sign: ends with an uncommon domain name or has a lot of random characters), do not click it!
  3. Check out the profile of the user that sent you the message. If it looks like they’re sending the same type of spam messages to others, click the Gear icon on their profile and select Report for spam. This will automatically block them so you’ll never get a message from that account again.

A Bigger Problem

Spam on my personal TwitPic account isn’t a big deal overall, it’s just an irritation for me and spammers aren’t making much money off the 50-200 views my pictures get. But my suspicion is that the annoying spam messages sent through Twitter aren’t the goal, the real goal is to get those links posted to the TwitPic photo page of a popular user.

Think of it this way: if spam like this is posted on a celebrity’s TwitPic photo, the resulting tweet sent to them is inconsequential and nobody will notice. The message posted on their TwitPic photo page will be noticed though, and if it gets posted early enough so that it is on the first page of comments, every person that checks out that photo could potentially click it.

A TwitPic photo from Britney Spears which was posted 6 days ago already has 2.5 million views at the time of this writing. If a spam link was posted on this page, it won’t be removed when the spammer’s Twitter account is suspended – those messages are cached independently on TwitPic. TwitPic also has no restrictions besides having a valid Twitter account, so tools like captchas or post limits aren’t present to slow spammers down.

We may have a big problem here, and the engineers at TwitPic need to do something about it soon.

Update 1: Check out the comments for a response from a TwitPic engineer – it looks like they’re working on a solution.

Update 2: I received a response from TwitPic founder Noah Everett confirming that a fix is on the way:

We’ve been working on a better spam filter the past few months. Before we were monitoring and purging this manually and as we grew, the spam did as well, which is an unfortunate side-effect of growing.

Our new spam filter which we hope to have out this week (ironically before I saw your article we were talking about launching it today) will be much more intuitive. Spammers have been using url shortening services like bit.ly to hide the true url, but now we translate shortened urls into their real counter-part so we can make a better automatic spam decision. The new spam filter will also look for spam patterns to use as a blocking mechanism.

Once we get this launched we’ll keep tweaking it to catch more and more.

Image courtesy: Matt Lavery on Flickr

Psych Out the Email Spammers By Using 10 Minute Mail

If you are like me, you have a few email accounts doing very specific things.  One account is most likely for work, another for personal, and then there is the illustrious spam account. This account is like a neglected shelf in the refrigerator.  Stuff comes in, sits a while, piles up, and before you know it, you are spending an entire afternoon trashing the junk and filtering the items that have accumulated.

Although I cannot help you stop the current influx of internet spam that enters that rotten, overflowing email account (or can I?), I can show you how to get important information immediately from sites that spam you and have them never bother you again.

How is this done?  By giving those pesky sites a temporary email account that expires.  That is exactly what 10 Minute Mail does for you.

When you go to 10 Minute Mail’s website, it looks like this.  At the center of the page, a temporary email address is given to you and below that 10 minutes of time to use it.  Just copy and paste the email address into whatever site you wish and watch the spammers go to town.

Man, this sender is ESPECIALLY annoying.

As long as you keep 10 Minute Mail open in your browser, you can view and read any mail that comes in on that temporary email address.  The site works exactly like a normal email account.  Read, reply, forward, 10 Minute Mail does it all.  But remember the catch: once 10 minutes are gone, so is your address and your accumulated mail.  Just like that.

Time is almost up!

…Okay, that is partially true.  There is a button on the page to ask for another 10 minutes with that email address.  But just remember, the longer you have the address, the longer you are letting them win.

Side Note: If spam filtering seems right up your alley, but you are looking for different method to get rid of email junk, try TrashMail instead (we’ve got a great article about TrashMail here). Which ever way you choose, the results will speak for themselves.

Spam Image Courtesy: freezelight’s Flickr

Significantly Reduce Website Spam with the ‘Bad Behavior’ Plugin

Spam is everywhere and can easily overrun a website.  If not controlled, it is possible for spam comments to infiltrate your WordPress blog, forum, guestbook or other content-management system, redirecting your readers to malicious websites.

The graph below shows the distribution of comments on a site.  As you can see, spam comments make up the largest majority, with just over 97% of the total comments for the site.

Bad Behavior is a free, open-source, PHP-based solution for significantly reducing you website spam.  While originally developed for WordPress installations, the PHP code can be downloaded and implemented into your website or other CMS.  Installation directions are available for popular content-management systems such as WordPress, Drupal, MediaWiki, and others.

Bad Behavior works by looking at the source of the comment and checks for spam-like or other malicious activity.  If invalid requests are received, the source is blocked, preventing the spam from reaching your site.  This is different from other spam-prevention solutions which look at the content of the comment for links and other common keywords, not the source of the comment.

It’s often hard to judge whether these plugins work or not, but that’s not the case with Bad Behavior.  Check out the image below showing a graph of spam from Akismet before and after Bad Behavior was enabled.

It’s pretty easy to see the effect Bad Behavior is having on spam reduction.

Spam on Techerator Before and After 'Bad Behavior'

If you’re looking for a sure-fire way to reduce and almost eliminate spam on your site, then I suggest you give Bad Behavior a try.

Have any other tips on reducing website spam?  Let us know by commenting below.

Photo credit: ines

Keep Your Inbox Spam-Free with TrashMail

email_thumbI’m not comfortable giving out my email address freely on the internet, but many websites require a valid email address when registering.  While this is typically harmless, it does open you up to the potential for spam – and who wants that?

TrashMail lets you sneak past compulsory email registration by generating a disposable email address and using it to forward messages to your actual email account.  This semi-fake account can be set to expire after a certain period of time, or even after a specific amount of messages have been received.  TrashMail allows you to register anywhere (while still receiving initial registration/validation emails) – but once your disposable address has expired, you won’t receive any more messages!

TrashMail.net: TrashMail can be used in any operating system by visiting TrashMail.net.  You can create your disposable address name (a random name will be generated automatically), and specify your real email address.  Below that, you can choose how many emails you want to receive and how long the disposable address will last.


TrashMail in Firefox: If you use Firefox, using TrashMail is even easier.  To get started, install the TrashMail add-on and after a browser restart the service will be integrated in your browser.  The next time you’re required to enter your email address, right click the field and select Paste disposable address.


A new window will open that lets you customize your disposable address, your real address, and choose the number of emails and life span of the disposable account (just like on the website).


Once you click ‘Create email’, your disposable address will be immediately inserted into the form.

firefox_trashmail_finalemailA few limitations: With the free version of TrashMail, your disposable email accounts can only receive a maximum of 10 emails and can only last one month.  These restrictions can be removed if you purchase TrashMail Plus for $3.99/year, but the free version has been more than sufficient for my usage.

TrashMail is a great way to keep your inbox free of spam, and is incredibly simple to use with the Firefox add-on.  Just remember to only use a disposable email address on non-essential websites, in case you need to log in or receive emails in the future.