Why do I receive so much spam about "Nigerian widows," investment stocks, and lotteries?
We block most spam based on either the sender's address, the sender's mail server, or the address of a Web site in the body of the message. Unfortunately, this kind of spam isn't easy to identify using any of those methods: It tends to use a different sender address each time, it's sent from normal mail servers that non-spammers also use, and it doesn't include a link to the spammer's Web site in the message. In fact, the actual content of the spam tends to change every day.
Even though this kind of spam makes up a small percentage of the spam sent, it represents a large portion of what gets through the filters. In other words, our spam filters eliminate the vast majority of spam, and this is what's left.
We're continuing to improve our spam filters to attempt to block these kinds of messages without blocking legitimate mail as a side effect. The best thing you can do to help is report this kind of spam using SpamCop: if enough people do this, it will automatically add the spammers' servers to the blocklists our filters use.
Why do I keep receiving spam in the form of images or PDF files?
Recently there's been a significant increase in the amount of "image based spam", which includes the spam as a picture or PDF attachment instead of text.
Unfortunately there's no reliable way for anti-spam systems to read the actual text within these messages and block them. (We're sometimes asked why we can't just block messages containing images or PDF files: this wouldn't work, because spammers go to great lengths to make their messages appear like normal messages that contain images, and to make the text within the messages unreadable by automated systems.)
The only real way for us to block these is to identify where the messages are sent from and block that source. Our filters do a fairly good job of this already (for every message that gets through, many are blocked), but you can help by reporting this spam using SpamCop.
Why can't you just block messages mentioning "Nigeria", "hot stock", "lottery", or other phrases?
Many of these messages contain these words in pictures instead of text, as explained above.
Of course, some are still text-based. While it's tempting to simply block messages mentioning "Nigeria", "millions of dollars", "hot stock", and so forth in the text, many legitimate messages also contain these phrases and would be inadvertently blocked.
We do block the more unusual phrases that appear in these kinds of messages, but it's not a perfect system because spammers are constantly changing the text.
Creating mail rules to identify advance fee fraud spam
If your mail program allows you to filter based on e-mail headers, you might want to consider adding a rule that looks for either of these terms in the message headers:
Most advance fee fraud messages will have one of these terms added by our SpamAssassin filter.
However, keep in mind that an occasional non-spam message will match such a rule, too (which is why we don't block these messages outright). So don't make your mail filter delete matching messages — instead, make it put them in a special folder that you review from time to time.
If your mail program cannot filter based upon the message headers, it may still be able to filter based upon the contents of the message (or subject line). In this case, you can create a few rules to filter out e-mail messages if they contain words like "Nigerian", "hot stock", or "UK national lottery".
Why do spammers keep sending these? Surely nobody falls for them.
They keep sending them because enough people do keep falling for them to make it profitable. The fascinating article The Perfect Mark: How a Massachusetts psychotherapist fell for a Nigerian e-mail scam explores one case in great depth.
Eventually, this kind of spam — like several other kinds that are no longer common — will stop being profitable as people stop falling for it, and then it will disappear.