The original 2009 version of this checklist recommended Symantec Brightmail and the Symantec State of Spam site. Brightmail is now part of Broadcom’s enterprise portfolio and is not a practical choice for home users. The do/don’t advice below is still sound.
Do Unsubscribe from legitimate mailings that you no longer want to receive. When signing up to receive mail, verify what additional items you are opting into at the same time. De-select items you do not want to receive. Be selective about the Web sites where you register your email address. Avoid publishing your email address on the Internet. Consider alternate options — for example, use a separate address when signing up for mailing lists, get multiple addresses for multiple purposes, or look into disposable address services. Using directions provided by your mail administrators, report missed spam if you have an option to do so. Delete all spam. Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages. Always be sure that your operating system is up-to-date with the latest updates, and employ a comprehensive security suite. For organizations, use a reputable e-mail security gateway (Microsoft Defender for Office 365, Google Workspace spam filtering, or a dedicated provider such as Proofpoint or Mimecast) to filter spam before it reaches inboxes. Keep up to date on recent spam trends — the Anti-Phishing Working Group publishes quarterly reports on phishing and spam activity. Do not Open unknown email attachments. These attachments could infect your computer. Reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam. Fill out forms in messages that ask for personal or financial information or passwords. A reputable company is unlikely to ask for your personal details via email. When in doubt, contact the company in question via an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window (do not click or cut and paste from a link in the message). Buy products or services from spam messages. Open spam messages. Forward any virus warnings that you receive through email. These are often hoaxes.