Apple Mail is ready to actively fight spam "out-of-the-box". By default, Apple Mail is in Training Mode: it displays in brown the emails it perceives as junk, without moving them to the 'Junk Mail' Mailbox (folder). Actually, the 'Junk Mail' Mailbox will not be initially visible.
While Apple Mail is in training mode, you can help it determine where it failed to catch spam by selecting the email that should have been marked as junk by clicking the Junk button on the toolbar. Each time you click the Junk button, Apple Mail increases its awareness of what constitutes junk mail for you.
Conversely, if Apple Mail marked as spam a legitimate email, select the email and click the Not Junk button in the brown toolbar that appears on top of the email's body:
The Load Images button: graphic content in emails can be used to determine if the email was read, and thus that the email address is active and monitored. This is why Apple Mail will not load the image content of the email without your permission. If a given email does not come from a trusted source, you should not load its graphic content.
It is technically easy to create a "dynamic image", i.e. an image which transfers information to the server merely by being referenced in an email. For example, a spammer can use such an image to determine whether your email address is active or not. (See below for a few more details.)
Apple Mail comes with a smart feature to actively fight spam: the Bounce feature. To really understand its principle, some side information is perhaps necessary.
A mail server can handle emails sent to a non-existent user in two ways:
One way (not recommended) is to set a "catch-all" email address, usually "email@example.com". Any undeliverable email received by the mail server will go to the Postmaster account, which is usually monitored by the system administrator.
The other way (preferred) is to bounce emails back to the sender, (whether it is a legitimate sender or not.) In some cases, spam is sent by a monitored (real) email address. If the spammer notices or thinks that the email account is not active, it will remove it from its spam list.
Apple Mail can emulate the behavior of a bounced back email: to bounce back an email to its sender, control-click/right-click on the junk email, and choose "Bounce". The sender's mail server will receive -and relay- an undeliverable failure notice.
To customize Apple Mail's behavior with respect to Junk Mail, go to Mail > Preferences, and choose the Junk Mail tab:
Enable Junk Mail filtering is enabled by default, (and unless you only exchange emails exclusively in an internal network, it would be wise to leave it checked.)
Training mode is Apple Mail's initial configuration: until you are satisfied with the way Apple Mail handles your junk mail, (and is correct over 90% of the time), you should leave it in training mode. Afterwards, you can select Move it to the Junk mailbox (Automatic); Apple Mail will store all emails it perceives as junk in the Junk mailbox, and unclutter your inbox from unwanted mail.
Your email account's settings may interfere with the Move it to the Junk mailbox (Automatic) option: make sure you know how Apple Mail is instructed to handle emails sent to the Junk mailbox.
Read more about your Email Account Settings.
Fortunately, Apple Mail allows you to set rules that supersede other junk mail handling considerations, by excluding emails from its filter: Senders listed in OS X's Address Book, people whom you emailed in the past (Previous Recipients). The Message is addressed using my full name checkbox encompasses senders who address you by your correct name, (Apple Mail's assumption being that they must know you.)
Apple Mail's last junk mail option concerns integration with third-party spam fighting authority. While only "Internet Service Provider" is mentioned for the sake of simplicity, the authority could be your mail server, your email hosting company, your corporate network's firewall or anti-virus server, or your system administrator. The bottom line is whether you or not you trust the third-party software to decide which emails are junk or not.
Spam Assassin is currently the prevalent third-party junk mail filtering application, and it is highly reliable, but…
Caveat: there are "aggressiveness" levels in Spam Assassin and other spam fighting software: if you are not providing your own email hosting, your system administrator may have set some aggressive spam policies on the server that prevent you from receiving emails. Emails perceived as junk could be deleted by default. (This has nothing to do with Apple Mail, and happens before it downloads emails from the mail server.)
- JUNK MAIL AND LINKED CONTENT -
goodGuys.com/logo.gif is a static, harmless way to reference an image in an email/web page.
badGuys.firstname.lastname@example.org is a sneaky way to determine that the image was successfully requested by the owner of this email address - thus that the email address is active.
(Note that we are not revealing anything new here.)
The above also applies to clickable links in the body of your emails: clicking on www.badGuys.email@example.com could have the exact same effect and server script behind it.
www.badGuys.com?q=X56XAD5765SD (or any similar looking gibberish) could too.
Bottom line: do not bother opening suspicious looking emails you were not expecting to receive. Even an email appearing as coming from PayPal or Amazon.com could be a fraud.
If you have added PayPal or Amazon to your safe list, and an email from them is caught as spam, trust your junk mail filters, the email is probably a fake.