What is spam, where does it come from, and why do I receive it?

Spam email is a form of commercial advertising which is economically viable because email is a very cost-effective medium for the sender. If just a fraction of the recipients of a spam message purchase the advertised product, the spammers are making money and the spam problem is perpetuated.

Spammers harvest recipient addresses from publicly accessible sources, use programs to collect addresses on the web, and simply use dictionaries to make automated guesses at common usernames at a given domain.

Spamming is politically debated in several countries, and has been legislated some places with varying results. Spammers often conceal or forge the origin of their messages to circumvent laws, service provider regulations, and anti-spammer lists used by anti-spam software.

At the present more than 95% of email messages sent worldwide is believed to be spam, making spam fighting tools increasingly important to all users of email.

Spam and viruses

Spam is increasingly sent from computers infected by computer viruses. Virus-makers and spammers are combining their efforts to compromise innocent computer users’ systems and converting them into spam-sending “drones” or “zombies”. These malicious programs spread rapidly and generate massive amounts of spam pretending to be sent from legitimate addresses.

It’s important for all computer owners to install and maintain anti-virus software to avoid having their computer infected and possibly become a source of spam without their knowing.

Effects of spam

Aside from the amount of junk arriving in the Inboxes of millions of innocent email users every day, spam can have a more indirect and serious effect on email services and their users.

Runbox has, like most email services, been a victim of forgery by spammers using specially designed software to generate false email headers and From addresses. Using various server names and domains, they confuse domain administrators, email services, and spam victims, concealing the true origin of the messages. See Wikipedia: E-mail_spoofing for more.

Hijacking of real users’ addresses or email accounts is also common. Typically these messages will have the From field showing something like “Lisa W Harold” <info@nullrunbox.com>. Please note that such messages have no actual connection to Runbox (to see what a real Runbox header looks like, look at this example). Runbox does not in any way distribute our customers’ email addresses, and is not a source of spam — directly or indirectly.

Several email users have been affected by falsified messages claiming to be from the service’s administrators, stating that users’ account are closed and require some action by the user to be reopened. Such messages often contain viruses and should be ignored or deleted.

When hijackers succeed in sending spam via an email services, it can be temporarily blocked by other services and private domains who try to protect themselves. Runbox does everything we can to prevent this, but it’s important that email users protect their own account with strong passwords to prevent their account being hijacked. See Tips for choosing and protecting passwords for more information.

If you have had email sent from Runbox blocked by the receiving service, please contact Runbox Support, and also file a complaint to the postmaster or support desk of the domain in question. Often, setting your From address under preferences as @runbox.no or @runbox.us will circumvent such domain blocks (all Runbox addresses are synonymous on the .com, .no, and .us top level domains).


An increasingly common phenomenon is “phishing”, where messages appearing to be sent from e.g. legitimate financial institutions attempt to trick recipients into “verifying” sensitive data (such as credit card information) on fraudulent web sites.

Legitimate services will rarely (if ever) send messages requesting you to click a link and provide personal or sensitive information. Be sure to verify the source of the message before complying with such a request.

If you receive messages claiming to originate with payment services such as PayPal, eBay, financial institutions, or even Runbox, please verify that the message is indeed sent from the service in question:

  • Check that the From address of the email matches the domain name of the service in question. You can verify the authenticity of messages pertaining to be sent from Runbox staff by checking our list of Official Runbox Email Addresses.
  • Falsified messages will rarely address you by name or provide any personal information about you except your email address, because the senders do not have access to such information.
  • Check the message headers by looking at the IP address of the sending server and verifying that it resolves to the correct domain and country by using a service such as DNSstuff.
  • Look at the links in the message in plain text (not HTML) view. Verify that the actual link contains the domain name (e.g. runbox.com or paypal.com), and not another domain name or IP address, by hovering the mouse pointer over the link while looking at the status bar of your browser. Remember that links in an HTML message may be “disguised” and link to a different server than it appears to do.

In the wake of the increased onslaught of junk clogging mailboxes, aggravation and frustration has caused some misguided accusations and misconceptions about how spam is generated and sent. Runbox is dedicated to fighting spam as effectively and unintrusively as possible, and in our Terms of Service strictly prohibits our users from sending any type of spam through Runbox.

What does Runbox do to fight spam?

  1. Runbox runs restricted access servers only. This means that it is impossible to send mail from us without logging in as a registered user, and we can trace every single mail orginating from our system.
  2. Runbox supports the Sender Policy Framework for verifying the senders of email messages. See Wikipedia for more information.
  3. Runbox offers state of the art spam protection to all our users. It is a unique combination of the renowned points-based SpamAssassin, and the “intelligent” statistical spam filter Dspam.
  4. Runbox checks major databases of spam originators such as the The Spam and Open Relay Blocking System, Spamhaus Zen Block List and Razor. Users can block senders and domains themselves using the Block sender button on mails, or the list directly, under Manager:Filter.
  5. Runbox enforces strict quotas on outgoing email and does not allow trial users (those who have not yet paid for their account) to send email to more than 20 recipients per day.
  6. Complaints about users sent to abuse@nullrunbox.com are reviewed daily, and a single complaint is enough to shut down a trial account, or even a subscribed one, if the submitted email bears the hallmarks of spam, with no valid disclaimer.
  7. Runbox initially allows legitimate, double opt-in Internet marketing mailings. However, such email MUST include full disclaimers and numerous complaints will still get accounts shut down.
  8. Runbox manually reviews all account registrations continuously, and we suspend any account that look suspicious as a preventive measure.
  9. Runbox does not provide “Challenge-Response” anti-spam filtering, because it isn’t particularly effective, it misplaces the burden of spam management on the sender (which is often not the spammer due to forged messages), and several other problems. See for instance this article for more information: Challenge-Response Anti-Spam Systems Considered Harmful.

What can users do to avoid spam?


  1. Use the Runbox spam filter and virus filter. Maintain your trainable spam filter by always correcting it when it misclassifies a message. See the Filter Help page for more information.
  2. Always check the sender and recipient information of suspicious messages. Spam will typically be sent from falsified email addresses to conceal the real sender, with a number of recipients in the BCC (blind carbon copy) field of the message to hide the large number of recipients.
  3. Be careful in setting up autoreplies, as they may verify the existence of your email address to spammers.
  4. When you forward mail to a large number of people, weed out any addresses that are inappropriate, and put all addresses in the BCC field to hide them from the other recipients.
  5. Use firewall software on your computer to stop attacks from people attempting to compromise your system and possibly use it to send spam.
  6. Whenever you receive spam, always examine the message headers. If they look like a dubious jumble of random servers and domains, they probably are. If the from address for example is on the format something-fjtr@nullrunbox.com or gshyt4j5kkds7j6@nullrunbox.com, this is a fake, made up address, and there is nothing much we can do about it. To see what a real Runbox header looks like, click here.
  7. If any valid message headers indicate what server the message was sent from, contact the service in question and file a formal complaint.
  8. Keep informed by checking the Runbox Information and Help sections, this page, and the Runbox Service Status page.

Please see the Filter Help page for more information on configuring Runbox to block spam.


  1. Do not select short or very easy usernames or aliases, as these are far more spam prone than slightly longer and more unusual ones. Underscores, hyphens and periods are also recommended as part of your username.
  2. It is crucial not to publish valuable email addresses anywhere where it is visible to others (whom you don’t know). Never leave your email address behind in guestbooks, petitions, webpages, or similar where spammers might collect your address. If you must publish your email address, use a disposable one or at least obfuscate your address using for instance words instead of the special characters (“AT”, “DOT”, etc).
  3. Do not use real email addresses for signing up for (free) downloads of any kind online.
  4. Do not open suspicious-looking email or attachments. It might contain harmful viruses that can infect your computer and use it to send spam.
  5. Do not make purchases based on spam messages you receive, thus eliminating the spammers’ economic foundation.
  6. Do not use the same email address too much. Vary by using Email Aliases or disposable addresses.
  7. Do not use message preview if it displays scripts and external images. These elements might send information back to the sender in the background.
  8. Do not use the same username on several domains — it makes it easier for spammers to find you on other services.

Reporting abuse

If you suspect a Runbox account to be the source of unsolicited email, please review the headers of the message to verify that it does in fact originate with the Runbox servers. If you are certain the message is sent from Runbox, please forward the entire message with original headers to abuse@nullrunbox.com.

More information