Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spammers Choose GMail

CmdrTaco posted more than 6 years ago | from the my-inbox-it-hurts dept.

Spam 325

EdwardLAN writes "A study by Roaring Penguin has discovered that during the past three weeks, the amount of spam originating from Gmail has risen sharply." My spam has been pretty ridiculously high for the last few weeks, although I have no idea if this is part of it. It really does seem like gmail's spam filters are declining these days.

cancel ×

325 comments

Sorry! There are no comments related to the filter you selected.

Invite-Only (5, Interesting)

Anubis_Ascended (937960) | more than 6 years ago | (#24226623)

Maybe they should have just kept the system invite-only, instead of opening it up to everyone -- that would help, the way I see it.

Re:Invite-Only (5, Funny)

betterunixthanunix (980855) | more than 6 years ago | (#24226649)

It's still in beta. Bugs like massive amounts of spam originating from the service are bound to turn in up in beta software.

It is invite-only though... (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#24226925)

unless you have like a four letter gmail name, the only people who know it are the ones you give it out to...

Re:Invite-Only (3, Insightful)

damuhatori (1203278) | more than 6 years ago | (#24226959)

Maybe they should have just kept the system invite-only, instead of opening it up to everyone -- that would help, the way I see it.

Sure that would help, but it would mean less ad views for Google.

Re:Invite-Only (1)

Vectronic (1221470) | more than 6 years ago | (#24227003)

Doubtful, when they first started, and had the invite-only thing, there was a lot of sites that would give away account-invites to boost their own traffic/advertise, and even invites being auctioned off, plus you could give your invites to yourself, and breed invites, get our 5 invites, create 5 accounts, get 20 more invites...

It was all just marketing, if they started off with just a free-for all, it wouldn't have made as much hooplah as it did, "common man, gimme an invite" - "you gotta a Gmail account?" - "I'll do your homework for an invite" etc, etc...

Any spammer would have ended up with as many accounts as they wanted anyways, I think the increase is mostly because of that bug/feature mentioned yesterday here on Slashdot, about being able to get peoples real names (if yer stupid enough to have done so) from Gmail accounts.

me love you long time? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#24226629)

me love you long time?

1 pst?

Gmail's spam filters (5, Interesting)

Anonymous Coward | more than 6 years ago | (#24226639)

How does spammers creating gmail accounts to send spam from imply that gmail's spam filters for inbound mail are declining? (if that is indeed what the summary is supposed to say).

Re:Gmail's spam filters (5, Funny)

HardCase (14757) | more than 6 years ago | (#24227385)

Now listen, if you've waited this long to complain about Taco's reading comprehension skills, you're way too late to get into the game.

Porn related (0)

Anonymous Coward | more than 6 years ago | (#24226641)

Stop using you Gmail address when signing upto porn, warez and cracks forums?

One thing Google could do about incoming spam... (5, Interesting)

tgd (2822) | more than 6 years ago | (#24226645)

Half of the spam I get on my gmail account that actually gets past the filter is in some language other than English... in fact its almost always in Cyrillic as well.

Give me a damn drop down that says "I speak English, anything not in English is not to me".

Won't solve their outgoing problem, but adding "this is my language" support would be a big help on the incoming, at least with my spam patterns.

Re:One thing Google could do about incoming spam.. (0)

Anonymous Coward | more than 6 years ago | (#24226703)

I want an option to have spam be deleted upon receipt instead of being placed into the spam section. After all of these years Gmail has never once mistaken a real email for spam so I would like this.

Re:One thing Google could do about incoming spam.. (1)

mgkimsal2 (200677) | more than 6 years ago | (#24226723)

That option shouldn't be on by default though. I review my spam folder about once every month, and I *occasionally* find something from someone that is truly real email. Granted, we're talking about 1-2 emails per 10,000 or more, but I'd still prefer the default of just labelling them 'spam', not deleting.

Re:One thing Google could do about incoming spam.. (1)

hobbit (5915) | more than 6 years ago | (#24226803)

Crikey, you leaf through 200 pages of emails and manage to find the 1 or 2 false positives? That must take a while.

Re:One thing Google could do about incoming spam.. (1)

mgkimsal2 (200677) | more than 6 years ago | (#24226855)

No, actually I've found them on the first couple pages. There might be a few more that get through, but I don't normally go back but a day or so (3-4 pages maybe).

If I see a false positive, I'll do searches in the spam folder for mail from people I was corresponding with lately, just to make sure nothing's in there. It's a rarity, but does happen.

Re:One thing Google could do about incoming spam.. (4, Interesting)

Kadin2048 (468275) | more than 6 years ago | (#24226717)

Yeah I've thought the same thing, too. It wouldn't be that hard to filter. You could just select a charset (like Latin-1) and if less than 90% of the characters in a given message aren't representable in your chosen charset, automatically kill it. That wouldn't require figuring out the actual human language it was written in; it's a pretty trivial automatic test.

Re:One thing Google could do about incoming spam.. (5, Informative)

tgd (2822) | more than 6 years ago | (#24226891)

Yeah thats why I mentioned the Cyrillic thing.

In reality doing it via language matching should be pretty trivial. I'd hazard a guess if you had a list of 30 languages and you pulled out the top 50 most common words in each language you'd probably have near 100% success in detecting the primary language in an e-mail. I'm sure an algorithm either purely based on that word set or based on a larger dictionary choosen based on that matching could be done to determine with a very high confidence what language an e-mail is in and if there's more than one or two languages in it.

They also know my white list of contacts. In my case I'd bet 90% of my e-mail comes from them so those can be immediately put in the inbox, reducing the number that need to be scanned at all.

Re:One thing Google could do about incoming spam.. (5, Interesting)

antifoidulus (807088) | more than 6 years ago | (#24227001)

Google already does that for their ads. I'm an American living in Germany who also has friends in Japan that I coorespond with in Japanese. I get ads in English, German, and Japanese(in fact I get ads in Japanese offering to teach me English and/or German....) so if they can determine the language for the ads, then they should be able to use it for spam.... at least if you get an email in a language that isn't in your outbox it should trigger something..

Re:One thing Google could do about incoming spam.. (1)

Enki X (1315689) | more than 6 years ago | (#24227279)

What happens if one of your correspondences is simply a horrible speller? Does it simply blanket filter them out too?

Re:One thing Google could do about incoming spam.. (1)

jmauro (32523) | more than 6 years ago | (#24227313)

Doesn't help me. Most of my gmail spam is in Portuguese which uses the same character set as English. At some point I was hoping they'd cross pollinate translate.google.com with gmail so the spam filters could learn that if the message is in Portuguese to me it's spam.

Re:One thing Google could do about incoming spam.. (1)

Inda (580031) | more than 6 years ago | (#24226845)

I wrote to them about this during the early Beta. They were not interested.

My mistake was signing up for a Spanish (Spamish?) site. I don't speak Spanish but I guessed the form fields for username, password, email address. The floodgates opened afer that.

Back to the topic, why doesn't Google just change their CAPTCHA? It sounds too simple a solution...

Re:One thing Google could do about incoming spam.. (5, Informative)

jeiler (1106393) | more than 6 years ago | (#24226927)

CAPTCHA is broken: it's not just various implementations that are compromised, but the entire theory.

Re:One thing Google could do about incoming spam.. (0)

Spy der Mann (805235) | more than 6 years ago | (#24227315)

CAPTCHA is broken: it's not just various implementations that are compromised, but the entire theory.

The turing test theory to identify humans from machines is broken?

Nay. It's the implementation that is broken. Image analysis and pattern recognition do NOT make artificial intelligence.

My solution is to make entire phrases out of captcha'ed characters. Decyphering a single character can be difficult, but it's much easier to deduce the meaning of an entire phrase even if some characters were wrong (except the numbers):

"Please add the numbers except the one with purple dots behind it, and then substract from the result, the second digit of the one with an orange background: 723, 934, 21, 5".

Note that the questions don't have to be math related.

"Alice broke up with her boyfriend James. She was so mad that she forgot where she left the car keys, and got late to work. If only she hadn't seen him kissing the other girl, she wouldn't have had a bad day.

Question:

What did Alice lose that made her arrive late to her job? (three words)"

(Yes, all the sentence was captchaed).

Re:One thing Google could do about incoming spam.. (1)

xerxesVII (707232) | more than 6 years ago | (#24227361)

And besides, Netcraft confirmed it.

Re:One thing Google could do about incoming spam.. (1)

gad_zuki! (70830) | more than 6 years ago | (#24226897)

Or how about providing this option "I dont expect email from senders outside of the USA. Put all foreign mail into junk."

Re:One thing Google could do about incoming spam.. (1)

The Tomer (4213) | more than 6 years ago | (#24227129)

Actually, you can create that filter using gmail's filter system.
It would look something along the lines of:

Matches: from:-(*.edu OR *.com OR *.net OR *.org)
Do this: delete it. (or if you want to be sure you don't accidentally delete real mail, give it a label and skip inbox)

Re:One thing Google could do about incoming spam.. (0)

Anonymous Coward | more than 6 years ago | (#24227241)

Give me a damn drop down that says "I speak English, anything not in English is not to me".

Won't solve their outgoing problem, but adding "this is my language" support would be a big help on the incoming, at least with my spam patterns.

1) Tell them about it. Companies actually listen to large volumes of feature requests (like voting, except that each one counts). I already suggested this very thing (though I suggested it by way of allowing regexes in the tagging)

2) This would help greatly with their outgoing problem. The reason gmail is preferred by spammers is that it has a special standing with gmail spam filters, in other words, they can easily bypass otherwise top notch spam filters by using gmail. If, however, your (and my) plan were put into place then gmail has a convenient way to say things like ">50% of this users emails are tagged spam, don't accept any more outgoing from him"

Really now? (0)

Anonymous Coward | more than 6 years ago | (#24226651)

Funny considering my gmail is relatively spam free!

The irony is, hotmail and yahoo will be getting spammed instead of being the spammers.

Companies blocking Gmail? (3, Interesting)

mgkimsal2 (200677) | more than 6 years ago | (#24226671)

The IT staff at my dad's company blocked all communication with Gmail servers a few months ago, on the grounds that it was 'insecure'. Locking down an MS shop (XP/Exchange/etc) from the 'insecurity' of Google (while still accepting hotmail.com emails) still strikes me as a bit odd, but I've been hearing more reports of lax Google security with respect to spam/spammers. Perhaps they (dad's company) were on to something?

Anyone else having issues with people blocking Gmail?

Re:Companies blocking Gmail? (-1, Flamebait)

urcreepyneighbor (1171755) | more than 6 years ago | (#24226805)

The IT staff at my dad's company blocked all communication with Gmail servers a few months ago,

Right. Maybe your Dad is just tired of his son begging for money, but doesn't have the heart to say anything?

Re:Companies blocking Gmail? (1)

mgkimsal2 (200677) | more than 6 years ago | (#24226825)

I guess that was supposed to be a joke, but it's not just one way. He can't send to me either. But he can send to other email services just fine (and receive from them).

This isn't an issue of blocking personal emails at work, it's a specific policy they enacted against gmail.com. Digging further it seems it's happening in other companies as well.

Re:Companies blocking Gmail? (1)

H+FTW (1264808) | more than 6 years ago | (#24227185)

I wonder if a lot of the gmail specific blocking is because of gmail chat? being fully integrated into gmail makes it a little easy to chat using the excuse "im checking my email" ... which incidently is exactly what i do, not that it matters atm... yay for compiling

Re:Companies blocking Gmail? (0)

Anonymous Coward | more than 6 years ago | (#24226887)

My son works at Allstate, and Gmail is blocked there.

Re:Companies blocking Gmail? (1)

multipartmixed (163409) | more than 6 years ago | (#24226823)

Gmail servers have hit a variety of DNS blacklists in the past. They still get on every now and then. I have to run a whitelist in front of my blacklists to make sure I don't block gmail by accident.

Re:Companies blocking Gmail? (2, Interesting)

coop247 (974899) | more than 6 years ago | (#24226843)

Locking down an MS shop (XP/Exchange/etc) from the 'insecurity' of Google (while still accepting hotmail.com emails) still strikes me as a bit odd

Why is that, because you don't know what you're talking about. Despite all the flack MS receives, there is a reason Google Docs has done absolutely nothing to unseat Office in the corporate world, security. Are MS products secure, no, but they take it seriously. Ask Goog about security and they say, 'trust us'. Big companies don't trust anyone, rightfully so. I guess you also missed Googles gaping GMail privacy hole [slashdot.org] earlier today.

Re:Companies blocking Gmail? (3, Informative)

mgkimsal2 (200677) | more than 6 years ago | (#24226937)

MS takes security seriously? Perhaps nowadays, but that's a relatively recent trend (last few years), and they've got a lot of mindshare to win back on that score.

If you're going to adopt a policy re: mail, blocking all webmail accounts would make more sense than *just* gmail, especially making that policy months ago. There was more evidence to point to spam originating from compromised Windows boxes than from Gmail.

What the heck does Google Docs have to do with this conversation? But I'll bite anyway... You really think *security* has anything to do with why Google Docs hasn't taken off in the corporate world? Nothing to do with requiring people to be connected (increasing bandwidth costs) and having to use browsers to do work they weren't meant to do (document editing)? No, Google Docs simply can't replicate the functionality corporate workers need right now. Maybe some day it will, but I'd say it's far more likely functionality is keeping it out of business rather than security.

Re:Companies blocking Gmail? (1, Funny)

Drakonik (1193977) | more than 6 years ago | (#24226949)

Wow. I haven't seen a gaping hole like that since my prom night.

Re:Companies blocking Gmail? (1)

maxume (22995) | more than 6 years ago | (#24226973)

Should have splurged and gone with the $20 hooker huh?

Re:Companies blocking Gmail? (0)

Anonymous Coward | more than 6 years ago | (#24227155)

Why is that, because you don't know what you're talking about. Despite all the flack MS receives, there is a reason Google Docs has done absolutely nothing to unseat Office in the corporate world, security. Are MS products secure, no, but they take it seriously.

I do know what I'm talking about, and the idea that MS the company actually takes security seriously, or that security has ANYTHING to do with the significance of Office in the corporate world, is utter and absolute hogwash. Should I remind folks that the first cross-platform virus for personal computers was CONCEPT, and what, exactly, CONCEPT did? If you tell me that there are a lot of smart programmers, engineers, and researchers at MS and that a lot of THEM take security seriously, I agree with that. But the idea that Microsoft Corporation as a corporate entity takes security seriously? The absurdity is palpable.

Re:Companies blocking Gmail? (1)

Kamokazi (1080091) | more than 6 years ago | (#24226979)

We'd like to block them, Yahoo, and Hotmail...but too many of our smaller customers use it for their e-mail addresses.

The thing that is really killing us lately is the bounceback spam...when spammers send spoofed e-mail to bad addresses on legitimate mail servers so the bouncebacks come to our addresses. They easily bypasses SpamAssassin...I was thinking of testing out Postini (Gmail's filter) to see if it gets them.

Funny you mention the MS shop...we're actually using CentOS and Qmail right now, but we're planning to switch to Exchange in '09 because it takes too much extra time to make changes or troubleshoot problems...you have to do most real configuration from the command line, GUI solutions are inadequate for it. Not to mention the other benefits, push, Active Directory integration, resource scheduling, OWA, etc. Also pretty much anyone can administer it. When you're in a fairly rural part of the country, finding anyone who even knows what Linux is can be tricky.

Re:Companies blocking Gmail? (1)

pruneau (208454) | more than 6 years ago | (#24227079)

Yes, having heavily relied on gmail to send school-related messages to a number of parents and other people in the schoolboard organisation, I can tell you that gmail servers IP address are blacklisted by some commercial spam-filtering solutions.

The oddity is that they go by server IP address, so depending on which server your gmail was sent from, it gets blocked or not.

This is a kind of very annoying russian sendmail roulette.

Re:Companies blocking Gmail? (1)

PGU5802 (981587) | more than 6 years ago | (#24227089)

The company I work for blocks access to gmail.com as they deem it "personal email." However, blocking emails that come from gmail's servers is just plain stupid. Many people, some of whom may be interested in jobs at your father's company, use gmail as their primary email address. By blocking them you also risk blocking many legitimate email communications.

Re:Companies blocking Gmail? (1)

imipak (254310) | more than 6 years ago | (#24227305)

sounds familiar... [slashdot.org]

Thats my eperience! (0)

Anonymous Coward | more than 6 years ago | (#24226685)

Last 3 weeks my spam on Gmail has been in very large quantities. Exceedingly irritating! I wonder what has caused this?

It's still not much of a problem (4, Informative)

stinerman (812158) | more than 6 years ago | (#24226695)

I've got maybe 3 a week, which is up from the normal of 1 per month, but it's not really too big of a deal.

IIRC, marking an email as spam or moving the message to the spam folder (if you're using Gmail's IMAP function as I am) helps to train the filter.

It's a big problem for gmail users! (4, Interesting)

argent (18001) | more than 6 years ago | (#24226755)

It's the outgoing spam from Gmail that's the problem, not the incoming spam, and there's been messages on the Gmail forums about Gmail servers being blocked for spam. If Google doesn't do something about it, then Gmail accounts will end up "read only".

And having Google themselves impose outgoing spam filtering is something else to worry about, if you're a Gmail user.

Re:It's a big problem for gmail users! (2, Interesting)

mgkimsal2 (200677) | more than 6 years ago | (#24226807)

Not sure how much of an issue filtering for outgoing spam would be, except perhaps an extra delivery delay. Charge for that feature as 'authorized' accounts, or something like that. I'd pay a nominal fee, tied to a credit card, to 'authenticate' my outgoing mail.

I've never sent anything that's *remotely* spammy, and people I correspond with generally don't.

What problems do you see with outgoing mail being filtered?

Re:It's a big problem for gmail users! (1)

maxume (22995) | more than 6 years ago | (#24226935)

It punishes people not doing anything for the actions of others (and it would be 'better' for them to deal with it at the account level, not the message level).

Re:It's a big problem for gmail users! (2, Interesting)

argent (18001) | more than 6 years ago | (#24226961)

What problems do you see with outgoing mail being filtered?

False positives. Even if you never send anything that's remotely spammy, you can still be caught by filters... I dig legitimate mail, including mail that doesn't look at all spammy to me, out of my google *incoming* filters on a regular basis.

I often think the biggest cost of spam has been the decreased reliability of email caused by spam filters making mistakes like that.

Re:It's a big problem for gmail users! (2, Interesting)

everphilski (877346) | more than 6 years ago | (#24227159)

I dig legitimate mail, including mail that doesn't look at all spammy to me, out of my google *incoming* filters on a regular basis.

I get several incoming emails **a day** that get caught in the inbound email filter. The thing that is so silly is they are all on several mailing lists I subscribe to, so you think the filter would be smart enough to realize gee, this guy has wanted several THOUSAND emails from osg-users, even though this one looks like it might be spam, I'll let it slide and see how this guy tags it ...

This doesn't just happen on one mailing list, it happens on 5 or 10, all open source or amateur radio development lists. And I can't figure out why it thinks its spam... occasionally there is broken english (international development teams), but sometimes it's a crystal clear paragraph of English. Maybe it's the acronyms. Almost wish I could turn spam filtering off, or at least set up rules to not filter messages containing X in the subject, some days its 25% legit email, 75% spam in the filter, if you forget to check for a few weeks it becomes tedious to clean.

Why not apply spam filters on outgoing messages? (5, Insightful)

mgkimsal2 (200677) | more than 6 years ago | (#24226709)

Gmail used to be touted as the best spam filtering service. Certainly it's good, but apparently they only feel the need to filtering incoming messages. Why not filter outgoing messages as well? Can't quite be a CPU problem, because outgoing has be be just a small fraction of incoming, right?

Is it just tradition? People never expect anything they send to ever have anything done to it? Google could set another precedent in webmail by introducing outgoing filters which would block or slow down mail appearing to be 'spammy'.

Re:Why not apply spam filters on outgoing messages (1)

Ralph Spoilsport (673134) | more than 6 years ago | (#24227263)

Nice idea, but what if you're discussing spam content? Then your email will appear spammy, even though it isn't.

Or, what if you write poetry? A lot of modern poetry reads like seriously fucked up spam. Also, scripts read as nonsense, and nonsensical scripts, even more so. Example, from "Waiting for Godot":

(with magnanimous gesture). Let's say no more about it. (He jerks the rope.) Up pig! (Pause.) Every time he drops he falls asleep. (Jerks the rope.) Up hog! (Noise of Lucky getting up and picking up his baggage. Pozzo jerks the rope.) Back! (Enter Lucky backwards.) Stop! (Lucky stops.) Turn! (Lucky turns. To Vladimir and Estragon, affably.) Gentlemen, I am happy to have met you. (Before their incredulous expression.)

So, if I were discussing that, or simply emailing a friend or group of friends saying "Here's the passage you were looking for / we were discussing", it would get flagged as spam.

So, no, hindering outgoing mail is NOT the answer, or part of an answer. One poster above noted that opting for (Language X) charsets only (such as Roman only) would help get rid of all the cyrillic and chinese/korean spam. That would be good, and VERY simple to set up. As far as the rest of it goes, heuristic filters do work, if you use them. But, you always have to use them...

RS

Obligatory question: (1)

Exanon (1277926) | more than 6 years ago | (#24226715)

When will we see spam mails that advertise free GMail invites?


(I know it's open registration nowadays but CMON!)

I have noticed this (1)

niceone (992278) | more than 6 years ago | (#24226727)

I have noticed this in the signups to my mailing list. I'm not sure why they are signing up, maybe they think they are leaving comment spam? Anyway all the addresses have the same format, a long first and last name followed by 2 numbers eg: EleftheriosZhytup84@gmail.com . Strange.

Captcha bust again? (1, Interesting)

Chrisq (894406) | more than 6 years ago | (#24226739)

Someone must have busted the captcha again, that prevents autonatic sign-up

plus ca change (0, Interesting)

Anonymous Coward | more than 6 years ago | (#24226741)

Time to stop hiring people on the basis of being able to quickly answer standard undergraduate compsci problems and memorise specs that are available at the click of a mouse.

Microsoft (I worked there a couple of years, please don't crucify me) has taken many more years to not learn that they suffer the same problem. A college star is not an excellent engineer with a track record of solving real-world problems. And this is why Google, like Microsoft, keeps trying to branch out of its core competence (search / office respectively) and keeps failing. These companies can only afford a stream of loss-making projects because of their one or two hugely profitable ventures.

No spam for me. (1)

The_Angry_Canadian (1156097) | more than 6 years ago | (#24226749)

No spam message made it to my inbox in the past weeks.
When they say free porn, just enter you e-mail, it's a trap.

Re:No spam for me. (5, Funny)

Chrisq (894406) | more than 6 years ago | (#24226923)

Good I'm safe... It just asked for my credit card number.

They'll Close the Holes When ... (2, Funny)

geoffrobinson (109879) | more than 6 years ago | (#24226759)

They'll close the holes when it is out of beta.

Re:They'll Close the Holes When ... (-1, Offtopic)

AP31R0N (723649) | more than 6 years ago | (#24226885)

OFFTOPIC RE: Your sig You could also add: ended Ba'ath party rule of Iraq and Taliban rule of Afghanistan.

Re:They'll Close the Holes When ... (0)

Anonymous Coward | more than 6 years ago | (#24227265)

Keep dreaming, "mission accomplished" boi. Reality is for liberals, right??

Google Groups (4, Informative)

Yusaku Godai (546058) | more than 6 years ago | (#24226769)

I haven't noticed any particular trouble with spam originating from Gmail, and Gmail has still been pretty good at filtering most of my spam.

But if you really want Google to do something about spam, go after them for their negligence on google groups. They've allowed the service to become almost unusable due to the amount of spam they allow through. For actual Google Groups it's not a big problem, but for USENET groups it is. Most people on USENET are just dropping anything coming from Google Groups outright. Any legitimate posts from Google Groups are considered an "acceptable loss" given the amount of godawful spam they allow through. It really cheeses me off that Google won't do something about it.

Re:Google Groups (1)

maxume (22995) | more than 6 years ago | (#24226857)

They don't seem to be particularly active in preventing the spam, but they do seem to actually close down accounts that get reported through their web interface (this was more useful 5 months ago when it was 3 or 4 accounts a week in the group I bothered reporting spam for, currently there are dozens a week).

This may be linked to somthing a few articles down (0)

Anonymous Coward | more than 6 years ago | (#24226777)

The article here http://tech.slashdot.org/tech/08/07/16/2220232.shtml [slashdot.org] may have a somthing to do with this. Just a thought?

Re:This may be linked to somthing a few articles d (1)

Chrisq (894406) | more than 6 years ago | (#24226963)

Unless I've missed something this doesn't affect sending outgoing spam.

It may attract spammers in that they can compose personalised messages that you are more likely to read. It may be useful to phishing scams as many people will use real names, but I don't think it will aid bulk sending.

you sissys!! (0)

Anonymous Coward | more than 6 years ago | (#24226799)

who the hell cares about spam!?! So some russian kids are trying to sell you viagra pills! It is not the end of the world that hours of programing leaves you impotent!

Already predicted (2, Informative)

Scotteh (885130) | more than 6 years ago | (#24226801)

In Wednesday's article [slashdot.org] , it was revealed that through a bug in Gmails software [holdenkarau.com] is was possible to send personalized spam. I guess it's true.

Nothing to do with the article... (1)

argent (18001) | more than 6 years ago | (#24226853)

This has nothing to do with spam *to* GMail users, it's about spam *from* GMail users.

Re:Nothing to do with the article... (1)

Scotteh (885130) | more than 6 years ago | (#24226981)

Well I don't use GMail, but in order to take advantage of that bug, would you not have to have a GMail account? Thus, the spam would be originating from GMail, to GMail.

Re:Nothing to do with the article... (1)

argent (18001) | more than 6 years ago | (#24227291)

That still has nothing to do with the article. This is about spam coming from GMail. To the rest of the world. Via Google's outgoing SMTP servers.

I know it's probably against the unwritten Slashdot rules to Read The Fine Article (as someone just pointed out in another thread) but in this case it really is worthwhile.

Real summary: spammers have cracked the CAPTCHA (4, Informative)

argent (18001) | more than 6 years ago | (#24226821)

The summary implies that there's something wrong with the GMail spam filters. Actually, the problem is with the GMail spammer filters... the CAPTCHA.

Also, both Google and spammers are being overly complacent about people blocking GMail:

spammers also find Google attractive because of their strong reputation, which makes it highly unlikely the gmail.com domain would ever be blacklisted.

Actually, several sites have blocked Google SMTP hosts that show large spam outflow (it seems to be specific hosts, as if specific accounts are allocated to specific servers or clusters of servers). Including, and I know the irony is thick enough to cut with a knife, MSN Hotmail. There have even been a number of posts to Google's help forums complaining about mail not being sent because Google servers are being blacklisted.

Captcha (2, Interesting)

mcwidget (896077) | more than 6 years ago | (#24226829)

The fact that more spam is originating from Gmail is not indicative of Gmails spam filters being less effective, I think they only scam mail sent to Gmail accounts.

We know that the Gmail Captcha was broken a few months back. It's more likely that a variant of that tool has become more widely distributed and/or cheaper and has found it's way into the hands of script-kiddies.

The usual slashdot response to.. (0, Troll)

bravecanadian (638315) | more than 6 years ago | (#24226833)

bad news about Google will be: *insert fingers in ears* NA NA NA NA NA NA NA NA NA! I can't hear you! NA NA NA NA NA NA!

Re:The usual slashdot response to.. (3, Interesting)

ricebowl (999467) | more than 6 years ago | (#24227075)

bad news about Google will be: *insert fingers in ears* NA NA NA NA NA NA NA NA NA! I can't hear you! NA NA NA NA NA NA!

When has that ever been true? From what I can tell from reading the comments to most Google stories, certainly in the past six months, the groupthink seems to be more along the lines of cynicism and criticism. I can't recall any company that gets unanimous praise regardless of its actions. The opposite used to be true, that scorn was heaped onto some companies regardless of their actions (Microsoft is probably the most obvious target of that group-disgust), but even that seems to be waning, there's still the hard-bitten MS-haters, but the view seems to be more balanced and critical these days.

Even the Mac fanboys aren't quite so unfettered any more.

Re:The usual slashdot response to.. (1)

bravecanadian (638315) | more than 6 years ago | (#24227115)

Go check out the previous post about google calendar leaking information and the general non-chalant attitude from slashdotters.. then try to compare that to what would happen if it had been Hotmail.

Spoken languages? (0, Redundant)

dimer0 (461593) | more than 6 years ago | (#24226835)

I'm baffled why it's so hard to put some dropdown on gmail (or a set of checkboxes) that say "Here are the languages I can speak/read:", and let me pick English. I'm getting a ton of Russian spam coming in with a character set I don't even know, ... seems like that would be incredibly easy way to filter some of this stuff.

Re:Spoken languages? (0)

Anonymous Coward | more than 6 years ago | (#24227019)

ÐYоÐÑÐ Ð ÐнÑÐÑнÐÑÐ ÐYоÐÑÐ ÑÑÑÐнÐÑ Ð½Ð ÑÑfÑÑÐом
And earn FROM $500/day (guaranteed for 1 hour of work/day) UP TO $10000/day.

Something's gotta give (1, Insightful)

XxtraLarGe (551297) | more than 6 years ago | (#24226849)

We really need to make a change in the way e-mail is done, but I don't know how. While white-listing seems like a good approach, there's always the catch 22 where somebody changes their e-mail address. I know public/private keys would also help, but I think that's too far over the head of most non-tech savvy individuals.

Require digital signing; people will catch on fast (3, Interesting)

betterunixthanunix (980855) | more than 6 years ago | (#24227073)

Here's a quick way to solve the problem: require digital signatures for "important" emails. Want to sign up for Facebook? Digitally sign your reply to the "verify" email. It is quick, effective, and people who don't know what signing is will catch on really fast.

Re:Require digital signing; people will catch on f (1)

megaditto (982598) | more than 6 years ago | (#24227257)

Most people don't like jumping through meaningless (to them) hoops.

Re:Require digital signing; people will catch on f (1)

betterunixthanunix (980855) | more than 6 years ago | (#24227343)

Yeah, but they will tolerate it for certain purposes. For example, my bank insists upon verifying "unknown" computers by sending text messages to my phone. It is annoying, but they haven't seen a drop in traffic on their website, because people are willing to deal with the annoyance, even if they have no understanding of why it was imposed on them. Likewise, if we started forcing people to sign messages in order to gain access to the latest Internet fad, we would see a vast increase in the number of people digitally signing their email, and a very sharp decline in the amount of spam.

Spam (1)

corychristison (951993) | more than 6 years ago | (#24226851)

My spam has been pretty ridiculously high for the last few weeks, although I have no idea if this is part of it. It really does seem like gmail's spam filters are declining these days.

You don't say? I own a few domain names and to make life easier for me, I have setup 'catch all' e-mail forwards. I get about 30-40 spam messages a day. Gmail catches all of them with the exception of one every few weeks.

Re:Spam (1)

everphilski (877346) | more than 6 years ago | (#24227207)

Try checking how many legit messages it catches too. Yesterday, it caught 4 of mine ...

Confusing summary (1)

gravyface (592485) | more than 6 years ago | (#24226861)

TFA is talking about the popularity of gmail accounts for sending spam now that Google's CAPTCHA has been cracked. This has nothing to do with how effective your gmail is filtered.

Re:Confusing summary (1)

Jugalator (259273) | more than 6 years ago | (#24226915)

I agree, the submission was alright, but CmdrTaco has misunderstood it.

Fix the damn summary! (2, Informative)

argent (18001) | more than 6 years ago | (#24226875)

Most of the comments on this page are about *incoming* spam to google, when the article itself is about *outgoing* spam from google.

more arrests needed (1, Insightful)

Anonymous Coward | more than 6 years ago | (#24226919)

Can't they do one of the multi-country coordinated sweeps and arrest like the top 100 spammers all at once?

I know the little guys will fill in eventually and take over but at least it will be calm for a few weeks.

Spew from an unblockable (3, Insightful)

redelm (54142) | more than 6 years ago | (#24226945)

However warped or rapacious, spammers are not stupid. They think that GMail is an unblockable address and its mail will get through. They want their "messages" to get through, so they will use it.

Perhaps the GMail mailadmins will try to stop some, but they probably won't get it all. And they too will rely on GMail being "too big to block" for most mail recepients.

This just highlights how the burden of anti-spam efforts often gets transferred to legitimate email senders by simplistic blocking. The unacknowledged false-positive problem. I have seen these come to a sudden stop when the company loses an important order because it false-positived the prospect.

Of COURSE they do (1)

gparent (1242548) | more than 6 years ago | (#24226987)

It makes it much easier to find out their spammees' names with Google Calender!

Re:Of COURSE they do (1)

betterunixthanunix (980855) | more than 6 years ago | (#24227131)

I wonder if this combination of attacks will lead to an increase in the number of people who fall for the typical, "Hello, I am prince Abracadabra and I need a safe place to store $150000000; what's your bank account number?" I could see it now:

Dear Betterunixthanunix,

Upon reviewing your banking history, we think that you are an ideal candidate for a business deal we need a partner for. It involves the transfer of $2000000, from an offshore account. You will receive a 25% commission on this. If you are interested, please send a scanned copy of your birth certificate, social security card, driver's license, and a copy of your last bank statement...

The script check (1)

Analog_Manner (1326359) | more than 6 years ago | (#24227039)

So what's going to happen? Is google going to require that gmail users fill out the script-check for out-bound messages?

Captchas... (0)

Anonymous Coward | more than 6 years ago | (#24227067)

The Gmail captcha has been cracked, spam will of course follow.

Originating? Or Spoofed As? (1, Interesting)

Anonymous Coward | more than 6 years ago | (#24227099)

Are these emails actually originating from a Google Mail system, or are the hackers just plugging in spoofed origin email addresses in the Google system? There was the recent article where a Calendar entry could disclose all current Gmail userID's.

Google should hire hit squads (3, Funny)

spidercoz (947220) | more than 6 years ago | (#24227103)

Start assassinating some of these fucking degenerate spammer asshole motherfuckers and watch the junk disappear. Seriously, these cocksuckers need to be burned at the stake. Blackwater would prally do it.

lolwut? (1)

hagnat (752654) | more than 6 years ago | (#24227139)

is this for real ? i use gmail since it was released to the public in that april fools day, and the past two months have been the ones with the least spam i ever had in my entire life... last time i trashed my spam box was last friday (July 11th), and since then i only got less than 40 spam messages... this is way less than the amount of valid emails i got in the same time frame.

I didn't read it (2, Interesting)

koan (80826) | more than 6 years ago | (#24227141)

I just wanted to add something interesting, I forwarded an account to my gmail in order to use gmail's filters to rid me of most of the "sorting" work, periodically I log into the original account to clean it up.
After about 6 months of doing this, I notice when I log into the original account there is almost no spam in it these days.
I guess they lost interest in that email since I never actually look at anything in it.

I wrote the release... (5, Informative)

dskoll (99328) | more than 6 years ago | (#24227253)

Well, I did this study and our results are here [roaringpenguin.com] .

We in no way imply that Gmail's inbound spam filtering is bad. It's probably excellent. It's just difficult or impractical for Google to filter outbound mail without either human review or complaints because of false-positives.

What we're saying is that spammers are trying to evade IP reputation systems by hijacking organizations with good reputations or which would be impractical to block. There will be a CAPTCHA-cracking arms-race, but unfortunately I think the system will reach equilibrium with spammers quickly breaking CAPTCHAs and continuing to abuse free e-mail systems.

The real issue: Gmail considered secure (4, Insightful)

scorp1us (235526) | more than 6 years ago | (#24227341)

With most big name email players like gmail, yahoo, etc, now using DomainKeys, the value of having an email address on any such system has skyrocketed. Gmail addresses are also usually even more respectable addresses. So being on gmail and a getting through because DomainKeys work makes it is a privileged domain.

What the proper response should be:

  1. Gmail makes signing up harder
  2. Gmail scans all outgoing mail (and between its own servers)
  3. mail receivers don't skip the spam screening even if there is DomainKeys

What should really happen is SenderKeys, which augments DomainKeys. You will get your own domain key when you can become "verified" like at Ebay and elsewhere. SenderKeys is implied by DomainKeys.
 

Limit outbound to X/day based on reputation (1)

davidwr (791652) | more than 6 years ago | (#24227377)

If free mail services limited mail to X/day based on the user's reputation this would make them a lot less attractive.

Some ideas:

Notarized or other highly reliable means of identity confirmation: very very high
Driver's license, passport, or purchasing paid services with major credit card, or identity confirmed by somewhat reliable means: very high
Established user with good abuse history: high
New user or idle account: medium
User with poor abuse history: low

Limit "medium" users to something like 10 messages a day + 1 more message for every day in the past 30 days they logged in to check their mail.

Limit "high" users to 100 outgoing messages a day.

This will at least make the spammers work harder.

Web-based mail should also check for "robotic activity" like sending too many messages in a short period of time, or messaging around-the-clock. Real people sleep or stay up all night playing WoW.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?