Slashdot Mirror
Some Ways To Avoid Spam On Gmail
jafo writes "In general, Gmail has been extremely spam-free. More recently, however, it's gotten dramatically worse. I've written up some thoughts on Gmail spam and keeping the spam down. Want less spam on Gmail (and likely others)? Try generating an account name using "apg -M L -t"."
My postman is such a putz - ever since I subscribed to the 'slashdot postal catalogue', he has [rather cunningly] worked out that I read slashdot.
... then he drives off laughing like an idiot - it is very annoying and I would like it to stop - can anyone give me some advice?
Now, since that my address is 1 Aardvark Avenue, Australia; I am the first person that gets his mail delivered off the truck.
So just as I go out the door on my way to work, he drives up - delivers my mail (very dramatically) and yells "FIRST POST"
You can't expect to wield supreme executive power, just because some watery tart threw a sword at you
and then you end up with an email address that you have to keep written on a post-it stuck to your monitor so you can remember it.
I have absolutely NO spam on my gmail account. Why? Because my email address is l1OO0100lO1l100lO1l01@gmail.com. Or 1O00100lO1l1O0lO110l@gmail.com. Or 100O100lOl11O0lO110l@gmail.com... I forget which. But that's an implementation detail; the important point is that I get absolutely no spam!
I have a couple gmail acounts. The spam they get, and its not alot so far, seems to be guess the name type. The name in the "to" field is close but not exactly my address. I think gmail just delivers it but marks it instantly as spam so the spammers don't know which are "live" addresses and which are non existant ones.
just my experience..
Its going to get worse though. As more people use it and when it goes out of beta and some spammers can start getting accounts and testing...
Heck I have a domain with one email addess (which is a catch all). I've never ever given out the address, yet I get spam there... Lots of it.
Its making email so much less usefull
Just don't use 'effin Gmail! GAH! Just because everyone and their cat has 50 gmail invites to give out doesn't mean that you have to use it.
SpamAssassin is catching nearly 100% of the spam bound for my regular personal email account. I don't need Google's help with that.
I was curious about how much spam gets auto generated. I have a fairly common name so I used one of my gmail invites with my normal gmail account to make an account with my firstname.lastname@gmail.com.
I havn't used or given it out to anbody, the spam folder gets about 25 messages a day. Luckly google has done a perfect job with marking them all spam.
I receive some spam every day on my GMail account and, looking at the headers, it seems that the spammers are randomly generating the email addresses and my address, eventually, gets generated and receives spam. Fortunately, the GMail spam filter has successfully caught all of the spam.
Sure, it's "tiasi54ffcb44334bcvxw53ezz3wr@gmail.com," that is t as in this, r as in really, i as in is, a, s as in stupid, i as in idea...
Hey, I wanted this gmail adress... dammit, the good names are always gone when I want to register something...
I don't need a signature.
Wait a minute, you're getting advertisements for Rolex Premium Replica Watches too? I thought I was just special. :-( Next thing you're going to tell me is that you get spam for Cialis too. I'm not exactly sure what Cialis is, but they sure want to sell it to me.
I signed up for gmail, and after logging into the account about four times, and having sent all of maybe a dozen emails, all of which went to personal friends, started receiving spam messages. Currently it's a trickle, something under 1 spam message per day, and they've all been caught by gmail's spam filter, but for some reason I still find it annoying to see ANY spam. I don't get spam at all on my fastmail accounts, and have been using them as my everyday mail account for better than a year now.
You see? You see? Your stupid minds! Stupid! Stupid!
It's a well written article, but I don't feel it brings anything new to the discussion. Yes, spammers were eventually going to target GMail because of it's popularity, but there isn't really any detailed information in the article as to how Google is defending itself, merely a lot of (interesting) specualtion.
And while the same techniques are used to try and stop spammers from finding your account, there aren't any gmail specific ideas, which is what I hoped I would find int he article.
I'm not stressed. I'm just terribly, terribly alert.
"Want less spam on Gmail (and likely others)? Try generating an account name using apg -M L -t""."
This helps to get less email from your friends as well.
For an account name, apg is fine. For passwords, I've created a far more flexible system which I distribute with documentation describing password generation from my site.
The key to good password generation is allowing the user to describe how it's to be done. This increases the ability to memorize passwords and makes it harder for an attacker to guess.
To that end, I have created a sort of reverse regular expression syntax where you describe the password to the program using general patterns. Try it out.
I have two gmail accounts. One is myl33tusername@gmail - the other is firstname.lastname@gmail. Guess what - the latter is now swamped with spam. Granted, gmail properly files them all in the spam folder, but it shows that the spammers are already firing off massive dictionary attacks on gmail.
Underholdning.info
The evidence is empirical. The conclusions are common sense. I'm surprised the article doesn't talk about False Positives, the bane of spam filtering. I usually sign up for a few mailing lists, and then create filters to automatically archive them. Recently, a lot of my mailing list traffic has been marked as Spam, even though my filter specifically says to archive all mail from the list.
AnimeNEXT anime convention
Get an email address from here:
m nopqrstuvwxyzabcdefghijk.com/
http://www.abcdefghijklmnopqrstuvwxyzabcdefghijkl
most spammers won't think you're serious.
Is apg digitally signed?
I think by nature, spam gets more and more like real messages. This means that eventually all spam filtering becomes ineffective. Someone could probably make a research paper out of this.
I wonder why they think its a good idea to market "Viagra soft tabs". Seems like soft is the last thing they'd want associated with Viagra.
I keep getting the same spam over and over which starts "TOP SOFTWARE...". It's mostly the only one I see and GMail recognises it as spam, but the same message keeps coming to my spambox several times a day. I wish they'd just ban it.
My gmail address has only been used to register a troll account on Slashdot
Is it Anonymous.Coward@gmail.com?
I don't need a signature.
It was some weeks before I noticed I even had spam in my Gmail account. It has thus far filtered spam with one hundred percent precision. Best I've seen anywhere.
- IP
Seems to be a lot of that going around here these days. Another run-of-the-mill blogger thinks he's discovered something new and interesting and all of a sudden it's big news on /.
Listen, spammers use dictionary attacks. They'll send their turdlets to any number of common names and words and variations thereof. It's the same for any email domiain. The phenomena certainly isn't unique to Gmail. You see it taking place on just about every ISPs mail servers. And God knows it's no big revelation that if your email address is hard to guess then you'll get less spam. For Pete's sake! I can't believe how lame this is. This is one of the lamest stories on slashdot I've seen in quite some time.
tiasi54ffcb44334bcvxw53ezz3wr@gmail.com
,r as in really,
Wow, not only do you make it really difficult to memorize, you also spell it wrong when you give it out! Pure genius! I'll bet you never have to worry about any mail!
This can be paired with using your real name as a password, for extra security.
Username: sds#SFD#4sdv_sd
password: johnsmith
That is gonna screw those crackers!
Erm, ever heard of BCC?
Spamcop reports as originally being from a "ajicccln.info" address. They're using a nameguessing system, too. I wonder why Google doesn't just block their IPs totally?
Well I got a GMail account especially so I can use it to sign up to bulletin boards, forums and to use when I order stuff over the web etc. etc.
That way all the spam I get should start going to my GMail account thereby leaving my real email account (hosted on my home server) free for me to use with friends and family etc. (It's been 100% spam free in the nine months I've been using it)
Previously I'd been using a "throwaway" domain name I bought specially for this (which gets redirected to a real account) but it's due for expiry soon and, now I have a GMail account, it can go ! So my top tip of the week is get several free web mail accounts and use them for everything but your private stuff.
And on this note I'd never use my GMail account for any private stuff as, fer fecks sake, they're a SEARCH company. How long do you think it'll be before their new corporate shareholder overlords start doing some real intensive data mining on all your GMails ?
"But dude, their motto is do no evil" I hear you squeak. Sorry, they're a publically listed company and will do whatever "the market" tells them to do...
Sky subscribers are morons. They pay to be advertised at !
Something I'd like to know (and this isn't stated in the article) is: which of his accounts has been published somewhere on the net (or available to the public in any harvesting kind of way).
Doesn't matter if your account is simply garbage, as long as someone can spider it on the web. All honor to the dictionary attack, but as we all know, it doesn't take very long before someone finds your account on the web. Also, there are ways to prevent this.
I never have my mailto clickable, and I use combinations of images to display it.
I don't know about you, but suggesting people selecting rheyghyab@gmail as their email address seems pretty stupid to me. Granted, spammers will have a hard time guessing it, but everybody else will have a hard time remembering it.
Underholdning.info
I use Jetable.org (time expiring email relay addressess) to when signing up or doing something that I might suspect might get me on a spam list. This way email get's sent to my gmail (or any other account) for a limited time and if the spammer gets a hold of the jetable email address, it just expires after a set time period. VERY useful!
And it's totally free!
http://www.jetable.org/en/index
I don't know if this is related but my spam on gmail exploded after I've used it as my primary ebay account email.
You could try admin.(your name)@gmail.com or abuse.(your name)@gmail.com . Those are generally filtered out by spam companies, you could get less spam, but it still probably wouldn't stop it completely.
The false positives is becoming an increasing problem for me also. I use GMail for mailing-lists, and more of the messages from those lists are now falling foul of the GMail spam-filters. The lists which show particular failures in this regard are debian-user and vim-user.
I had hoped that there would be some way of keeping those messages from the GMail filter, but of course there isn't one. Bizarrely enough, the system was much better at the false-positives, it seems to have gotten worse as the volume of actual spam has mounted. There doesn't appear to be any consistency in those identified as spammers.
I did note, however, in a recent thread on debian-user, that a supposed troll's emails consistently went into the spam-bucket. Perhaps GMail uses other users 'Mark as Spam' returns and automatically assigns spam-values on that basis?
If you are looking for an invite, check out http://www.freegmailinvites.com/. It DOES actually work. That is where I got my gmail account. I just donated 10 new invites to the site.
www.DIYTVAntennas.com
I wonder if the spammers caught it yet. Gmail supposedly supports syntax of youraccountname+arbitrarytext@gmail.com and the email still gets delivered, plus can be filtered. If spammers don't get the idea tp cut the +...@ part off, you may easily post you+webpage001@gmail.com on your webpage and once harvested by spammers, change to you+webpage002, while blocking all emails with 001, etc. Same with "temporary stuff", like, say, logins to "suspect" sites, ebay auctions etc. Whenever it's not needed anymore, filter it off.
Of course sooner or later spammers will learn to remove the + part. Then still putting periods at arbitrary places of your gmail u.s.ern.ame remains
Anagram("United States of America") == "Dine out, taste a Mac, fries"
or was it just the fact that all the email addresses on it are so new that they hadn't gotten propagated around on spam-lists.
or is it that now that there are so many email addresses @ gmail, any random 6-8 character string @ gmail.com is likely to match up with *somebody*, so just flooding the system will get some through.
gmail, like hotmail, will become a victim of its own success very quickly.
"But remember, most lynch mobs aren't this nice." (H.Simpson)
-- Joe
to send out their email, so gmail can't just block an IP address. Apparently, 70% of spam is generated by botnets.
PimpMyMazda.com - Crazy mods to a 2002 Mazda Protege DX.
NO, you're completely wrong. I get lots of spam addressed to names close alphabetically to mine at my ISP, which is not GMail.
There may be one name in the "To:" header, and hundreds of similar ones were in the "BCC:" header, which is not transmitted along with the message. However each of the "BCC" addresses generates a new message at the mail server which has the name attached to the "envelope" of the message, which is dropped when it's delivered to your mailbox.