How to Prevent Spam Messages
A guide to preventing and stopping spam messaging
By Alice Zhang
April 5, 2021
Nowadays, it seems like spam messages are an unfortunate but inevitable part of our lives. According to a recent report, 5.69 billion robocalls were made in the month of February 2021 alone. This amounts to nearly 21 spam calls for every person in just the U.S. Unwanted calls are the Federal Communications Commission’s top consumer complaint. Unfortunately, the statistics for other spam messages aren’t any better. Thankfully, certain strategies exist to prevent spam messages. For companies, following the strategies listed below will help protect users and as a result, garner greater client trust.
How and why are spam messages sent?
To start off, spam messages are usually implemented by bots. Simply put, bots are software applications programmed to do specific tasks such as simulating human conversation or arranging an agenda. These bots send spam messages, which are inappropriate or unwelcome messages sent to a large number of users. Although most of us know spam messages to be nuisances, many spam messages hold malicious software or have otherwise deceptive motives. In fact, even if their messages do not hold malicious software, spam messages posted to popular social media networks are responsible for unbelievable amounts of misinformation.
Additionally, most spambots are also responsible for spam messaging on messaging apps, email providers, and social media platforms. Typically, creating an account of any of these types of platforms requires few select pieces of information. Among these are name, phone number, email address, etc. For most attackers, programming bots to fill these forms out is a relatively simple task. CAPTCHAs, Completely Automated Public Turing tests to tell Computers and Humans Apart, are often implemented by platforms to prevent bots from making fake accounts. However, CAPTCHAs are becoming increasingly ineffective against bots because algorithms have been developed for bots to solve CAPTCHAS easily. For example, in 2014, Google developed an algorithm that yields a 99% success rate when implemented in bots to solve CAPTCHAs.
How can we differentiate spam messages?
Once a spam bot has successfully created an account, it will start sending premade messages. More specifically, the types of messages spam bots send out typically take the form of emails, social media comments, and text messages. A common example of a spam email may include a message from what looks like the sender address of a trusted corporation (firstname.lastname@example.org) claiming that a user’s account has been compromised. The email would then include a link for the user to sign in with. Once the user opens that link, any personal information the user enters would be stored inside the spammer’s database (email, phone number, etc.). All these actions follow a technique called phishing. Phishing allows for a spammer to trick a user into taking actions that harm themselves. Hackers who gain hold of such personal information then have the potential to access financial accounts, spread malware, and spread misinformation. Thus, spam messages can do drastic damage for those unaware of Additionally, spam chatbots and social media chatbots send similarly unwarranted text messages through social media platforms like Kik, Facebook, and Instagram. Though spam chatbots by definition operate by messaging individuals on these platforms, whereas social media chatbots’ roles also include commenting on posts, both types of bots typically send out messages with offers that are too good to be true on consumer services or products.
Given how dangerous spam messages can be, it seems like a daunting task to try to avoid all of these dangers. Users may even give up on a platform altogether if there are too many spam messages. This deterrence towards certain platforms could cause companies to lose the trust of their clients unnecessarily. Thankfully, there are certain strategies we can all take to prevent spam messaging.
What can we do to prevent spam messages?
Several strategies can be used to prevent spam messaging ranging from using general protocols to specific software implementation. First, report all spam texts to service providers. Major carriers including AT&T, Verizon, and T-Mobile have a number (7726) that users can send screenshots of spam messages to specifically. The Federal Trade Commission (FTC) also has a National Do Not Call Registry users can sign up for to stop receiving telemarketing calls. Additionally, the FTC also encourages users to report spam messages on its website. Android allows for spam calls to be filtered out as well as most major carriers.
A select number of apps are also available to help deal with spam messages. Nomorobo and RoboKiller are two of the most popular options. While both apps are offered for iOS and Android, there are distinct differences in terms of privacy, cost, and features. Nomorobo boasts a database of 800,000+ phone numbers through which it can differentiate legal robocalls (emergency alerts) and spam phone calls. Additionally, Nomorobo’s features expand to protect against spam texts. In terms of privacy, Nomorobo does not require access to personal information like contacts. The app provides a 14-day free trial, after which it is $1.99 per month. In contrast, RoboKiller has 1.1+ million numbers in its database. Robokiller filters through spam calls in the same way that Nomorobo does. However, Robokiller offers an additional feature where users can answer spam calls with pre-recorded audio that will waste a bot’s time. As a bonus feature, users can then playback the recording.
From an individual user’s perspective, spam emails can be prevented using different strategies. Platforms like Gmail allow providing specific spam filters for their users. Apple’s Macs also provide a similar service in the Mail application. Additionally, these same platforms allow for a user to block emails from specific senders.
To prevent spam at the most basic level, companies must first know how to identify spam activity on their web or mobile platforms. Symptoms include, but are not limited to a sudden, unexpected influx of new subscribers, new signups within minutes/seconds, invalid email addresses on user accounts, personal rather than corporate addresses or vice versa, and finally, sudden or otherwise frequent signups from unfamiliar or foreign domains. A simple safeguard to spambots is to implement CAPTCHA on your company’s sign-up forms. However, while widely used, CAPTCHA’s recent ineffectiveness due to its vulnerability to bots is becoming increasingly apparent. Moreover, companies should also regularly update software and plugins. Outdated software is an easy target for malicious hackers as well as bad bots due to vulnerabilities. Input fields should also be optimized on any account sign-up forms as a basic safeguard. For websites, companies should implement a web application firewall (WAF). The Azure Web Application Firewall is a common favorite because of its simple deployment, customizable rules, near real-time visibility, and scalable pricing.
A variety of other options are available to help companies guard against specific types of spam. For example, Mailcleaner offers several packages aimed at a range from small companies to large corporations, acting as an anti-spam gateway between a corporation’s mail infrastructure and the internet. For companies that implement good bots–bots that help with or are essential to the site/platform’s functionality–bot management solutions are available to prevent spam bots while still allowing for the functionality of good bots. Most notably, DataDome, Cloudflare, and Radware are some of the most popular bot management solutions to help protect against DDoS attacks, SQL injection, card fraud, so much more. DataDome offers bot protection with A.I. and machine learning technologies. Cloudflare, on the other hand, implements similar features as well as fingerprinting and behavior analysis. Finally, Radware differs from its competitors with its IDBA (intent-based Deep Behavioral Analysis) technology to filter out the most sophisticated bots.
However, beyond all these strategies, there is a cost-effective and easy-to-implement solution that will benefit users and companies alike. Partnering with humanID would ensure that a company’s users feel valued and protected. Unlike the alternatives, our technology is the most advanced of its type and completely open-source–not to mention the fact that we are nonprofit and thus prioritize our clients over anything else. When companies implement our single sign-on login, our technology takes care of any spam bots while preserving their clients’ personal information. As annoying as spam messages can be, many messages also carry hidden malicious software. Next time, rather than receiving the spam messages with a sigh of annoyance, why not prevent them for good by working with humanID?