A method of detecting, comparing, blocking, and eliminating spam emails sent through email servers of Internet service providers (ISPs) or to email users' email-boxes. The method includes the steps of generating a spam decipher signature for each email in an ISP's mail server or a user's email-box, comparing newly generated spam decipher signatures to a server or user database containing spam decipher signatures of known spam emails to detect spam emails when there is a probability match at a pre-determined high percentage, and preventing the spam emails from going through the ISP's mail server or to the email user as non-spam emails. The method also includes the steps of updating a master spam decipher signature database by comparing spam decipher signatures in a new signature database with existing spam decipher signatures in the master database, incrementing a counter value of a matching spam decipher signature by the number of matches, and adding all new spam decipher signatures that have counter values reaching or exceeding a pre-set threshold and therefore are considered spam to the master spam decipher signature database. The method further includes the steps of initially loading the master spam decipher signature database to the ISP email server or the user's computer to establish the server or user database, and updating the server or user database with the master spam decipher signature database.