GET A DEMO
See why 9,000+ companies trust Darktrace
Thanks, your request has been received
A member of our team will be in touch with you shortly.
YOU MAY FIND INTERESTING
Five Key Takeaways from Black Hat 2023
Hives & Frankensteins: The Half-Year Threat Report
¡Ups! Algo salió mal al enviar el formulario.
CONTENTS

Email spam definition

Email spam includes unwanted or unsolicited emails that arrive in a user’s email inbox. Usually, email spam is sent to a large number of recipients. Spam can be sent automatically by a botnet or by human senders.

If spam is not appropriately dealt with it can become troublesome for users to conduct work activity without disruption from unwanted emails. Email spam also poses a security threat because messages can contain malicious links or malware that can allow a cyber-criminal access to a user’s device or ability to find sensitive data/account information.

Graph depicting different levels of email cyber attacks and security coverage

What is a spammer?

A spammer is a person who sends unsolicited or unwanted emails. Typically, this entity is advertising or promoting something. However, they can also be cyber-criminals who are distributing a large number of malicious emails that contain malware or phishing scams.

How does spam email work?

The method of spamming has been around for quite some time and since then has become a common method of cyber disruption. To launch an email spam attack, a cyber-criminal will use spambots, computer systems that conduct repetitive tasks designed to assist in spamming activities, to gather emails available on the internet and send out a large amount malicious emails. Spam emails use a “spray and pray” tactic which involves sending spam emails in masses with hopes that a few individuals will mistakenly interact with the spam content.

How to identify spam emails

Certain characteristics of an email will reveal to a user that it is spam. Here is what to look for:

Sender credentials

check the sender of any unsolicited email to make sure that it is coming from a legitimate source. 

Subject line

Spam emails will have vague subject lines or ones that attempt to alarm or call for urgent action. This might come in the form of an alert or a fraudulent notification that your “account” is closing.

Requesting information

Spam emails are always trying to divulge sensitive information from their victims. Never share your personal account information unless you are 100% certain of the senders identity.

For organizations

Identifying spam emails can be a time consuming task given that they come in large quantities and from a variety of senders. Automated filtering can maximize productivity of employees and declutter their inboxes while reducing the the workload of the security team. Below is an example of a non-productive email identified in Darktrace/Email's UI. Darktrace/Email can identify and tag emails that are suspicious of spam and other security risks like phishing scams, giving detailed explanation of the potential threat.

Darktrace UI of non productive emails

How can individuals stop receiving spam?

Most popular email services have automatic spam identification that will use an algorithm to identify spam content and send it to your spam folder. However, if you find that you are still receiving a high degree of spam emails you can mark these emails as spam instead of deleting them right away. This will identify that particularly sender as spam email, and it will not appear in your inbox.

Challenges organizations face with spam emails

Organizations want to ensure that their employees are able to communicate and conduct business activity without disruption. However, email spam can stand in the way of employees who want to quickly communicate via email. Having an inbox that is cluttered with emails will cause employees to get distracted and have to parse through hundreds of emails just to identity which are legitimate, and which are malicious. 

How to protect against spam email

There are several systems in place that protect email inboxes from spam mail. However, some organizations might want to take extensive action in order to protect their employees’ inboxes to ensure business continuity and productivity remain optimal. Email security options include: 

Secure email gateways

A secure email gateway (SEG) or a secure email server (SEC) is a type of email security software that sits between inbound and outbound email communication. Every email that is sent to and from an organization passes through this gateway to ensure that its contents are not malicious or a sign of a data leak. It prevents unwanted emails in user inboxes like spam, phishing emails, emails containing malware, etc… In many ways email gateways are the first line of defense for email security.

AI Email solutions

Darktrace/Email uses artificial intelligence and machine learning algorithms to prevent, detect, respond to, and heal from email attacks. Through its unique understanding of you, rather than knowledge of past attacks, Darktrace/Email stops the most sophisticated and evolving email security risks like generative Al attacks, BEC, account takeover, human error, and ransomware.

Related glossary terms

Email Security
Secure Email Gateway (SEG)
Malware
Phishing

Featured Resources

View all resources
Ficha técnica
¿Por qué Darktrace?
Blog
Building for the AI Attack Era
Blog
Using AI to Help Humans Function Better During a Cyber Crisis
Informe técnico
A CISO's Guide to Incident Management