Some Anti-Spam Vendors Blocking and Slowing Gmail
fiorenza writes "Google's Gmail (and corporate mail) are being throttled and sometimes blocked by some anti-spam services, including MessageLabs and Antigen. Ars Technica reports that the blocking is a result of the Google CAPTCHA crack, which has allowed a deluge of spam from Gmail's clusters. Most users won't get blocked mail, but Ars confirmed with MessageLabs that Gmail delivery delays are to be expected."
This is to be expected from free mail providers. If you want quality service, including people that police spammers and watch their systems, then you obviously pay for the higher-quality email service.
Regards,
Website Hosting
There were number of times where my emails are silently deleted from Hotmail or even gmail, so hey. Welcome to the world of screwed up SMTP protocol. And all thanks to spammers.
/dev/null. Want to filter spam? Reply with 5xx codes instead - not accept with 2xx and then bin it (unless mailing list headers found in mail, there you can drop spam)
Today email is less reliable message delivery medium than regular mail which is quite sad considering all transactions in SMTP were considered to be, well, transactions. An acceptance of email by destination means it is delivered, not going to
I am not sure what Google can do to crack down on this abuse, but they really need to. Have there been any improvement to their Captcha system since it was compromised? Are they closing down suspect accounts?
Jumpstart the tartan drive.
The missing part of this story really is that Google`s Gmail client has very effective anti-spam filtering. I can see why companies who earn their keep protecting typical client-side email systems, would want to make Gmail obsolete or ineffective. Spammers might use Gmail as a tool to spam, but with good filtering it really doesn`t cost that much compared to the loss of time spent weeding out ham from spam.
The dangers of knowledge trigger emotional distress in human beings.
What they need to do is have a process for detecting when an account is spamming.
Now, you and I would just say "when an account is sending 10,000 messages a day" and that would be correct for about 99.9% of the cases.
I'd also recommend Google "seeding" the spammers databases with "spamtraps" (not tied to Gmail or Google in any way). If an account sends email to a spamtrap, that account is frozen.
And so forth.
Our company uses Messagelabs. Just tried a quick message from my Gmail account. Almost immediately received the message. No delay for my account, at any rate.
Gmail should go back to their old scheme, where you had to have a cell phone to receive your password, and you could only have one gmail account per phone. That would slow the spammers down.
If you don't have a phone, you're probably not a good candidate for an advertiser-supported service anyway.
What? I've never seen an ad in my gmail when i use my phone.
Of course, the phone runs Windows Mobile so I don't use the gmail program, I just have it check IMAP every 10 mins, but who's counting?
One word: majordomo.
Cantankerous old coot since 1957.
for the past 6 months or so, the amount of gmail spam hitting my server has been insane. I've thrown up a pile of filters and what not, but sometimes the only solution is to firewall gmail off for a few weeks until the spam wave dies off.
If they want to treat their network like a sewer, then I have no problem doing the same, and dumping their ip ranges into the firewall with the rest of the spam sewers.
Lawyers, MBA's, RIAA? A jedi fears not these things!
...to be safe from spammers using Google Mail... people should just -get- Google Mail themselves?
I don't know whether to just blink or to think that you discovered a Google strategy here; getting even more people over to Google Mail because there's less spam there; nevermind the fact that a portion of that spam is sent from their own servers(!) I suppose there wouldn't be a heck of a lot of incentive to do something about the spam accounts, then.
=====
Or maybe you're saying that Google should apply their spam filters for incoming mail to all outbound mail as well. That sounds a lot more sane anyway.
If a legit message is flagged as possible spam, ask for user input (make sure this can't be automated too easily) on whether it's actually legit or not.
Regardless of that response, if N messages in t time are flagged, have an engineer (okay, school kid) check it out and disable the account if necessary
Most users won't get blocked mail
Okay, so business as usual. If users did receive blocked mail, they would be whining now wouldn't they ?
So Google's captcha got smashed, ho-hum! Happens all the time to others, and it is certainly NOT a good reason to blacklist Gmail, unless you also block all Yahoo and Hotmail.
If this causes your spam solution to slow down due to overload, the fault is not Google's, it's your fault for running an underpowered mail queue. Spam is everyone's problem, and we have to work together to clean it up. Pointing fingers doesn't solve shit!
-Billco, Fnarg.com
Wish I had mod points....
Blame the companies that allowed the idiots who buy from spammers to get internet in the first place. I know: everyone makes mistakes. At 2 AM, even I've clicked on a banner once or twice to find something (although I can never recall joining a site due to advertisement via mass mailing).
But, sadly, statistics still prove that if you try to hit 1,000,000 people without any true risk of getting caught, your bound to hit a sucker eventually. There's one born every minute, after all. Not to use colloquial phrases as my source, of course.
Personally I'm disheartened that American spam has lowered so. It makes it much harder to track down the parent company and call them and ask them why they sent you their e-mail in the first place...
Ginga no Rekshiya Mata Each page.
You must be in some crappy shop running a years out of date version administered by buffoons then.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
usenet if flooded with chinese spam from gmail my mailbox filled with spam from yahoo. blocking both seems like a great idea. read somewhere that the captcha really hasn't been cracked, spammers have just hired cheap labour to solve them.
And go after the IP number and the individuals doing this shit.
Go after their ISP's and take the idiots to court.
Cat and mouse games are stupid.
Expect to see a technological solution, this isn't a company full of middle managers or people who are used to losing technical battles.
If I were a betting man I'd say Google will either A) release a new authentication/authorization scheme for creating new accounts, or B) they'll evolve their current system to be resistant to delivering false negatives on bot provided responses.
Because honestly, isn't this just graphical/visual acuity based Turing test that needs to be treated as "passed" by the industry? The reasoning being: the equivalent of Alicebot now exists for the graphical world, so the test needs to be re-engineered to test another (currently) unpassed Turing style evaluation.
Based on that realization: the whole reason capcha's are stupid is that if you keep the existing design but try and make it "harder" to break, the designer of the Bot need only account for that change and not an entire redesign.
All this sounds like a great technical challenge: think up a new Turing test... When in reality those posting go back to invite only are absolutely right but it's likely we won't see that come out of Google.
What? I've never seen an ad in my gmail when i use my phone.
In the early days of Gmail, you had to supply a cell phone number, and your initial password was sent to your cell phone via SMS. One Gmail account per cell phone number. This puts a dent in spamming; you have to keep buying new phone numbers as your old accounts are terminated.
Some free dating sites now do this. I've been bugging the Craigslist people to try it.
Yes, and it also increases cost to acquire customer, decreases the number of potential customers at the same time(to those who have cell phones.) That would be an idiotic thing to do, when really all Google has to do is balance well-done features against poorly-done features well enough to acquire and keep you from switching away (switching costs on email can be kind of high with "unlimited storage" in play these days.) Ad impressions are ad impressions, even ones taken when composing an email that'll never make it to its destination. Bo hoo.
The old scheme was likely more relevant for early testing, although perhaps putting those spammers-without-cell-phones in the mix earlier on might have been a good idea.
My 2 Cents... Show the user 5 images. Your job is to 1) Select the one image that is out of place with a radio button 2)Solve the captcha that is one of the 5 images 3) Choose which word best describes the remaining 3 images from a drop down/combo.
..1....2......3.......4......5 (Captcha image)
How this would work
Cat Cat Money Cat "Peaches"
Drop down choices (Housewive, Gutter, Salsa, Fruit, Cat)
Answer: 1-(Image3-Money) 2-(Peaches) 3-(Cat)
Of course this would only be reasonable for something one time only like signing up for gmail.
Gmail should go back to their old scheme, where you had to have a cell phone to receive your password... If you don't have a phone, you're probably not a good candidate for an advertiser-supported service anyway.
Since when does cell phone == phone? Tons of people don't have cell phones, and most of them are consumers of various goods just like people who do have cell phones. It's amazing how the 'net culture makes it easy to write off huge swaths of the population just because they don't have or want the latest gadgets.
Obviously gmail can't simply strip millions of us of the ability to use our accounts. If they didn't want those of us who are largely stationary, use a POP client and don't own cell phones, then they shouldn't have started offering POP access.
Yeah, because 2000 email messages is what? 4 MB of text, maybe. A 1TB hard drive will set you back about $250 at Target. $250 to hold a quarter million users' spam. OH GAWD, that's Sofa King expensive. A tenth of a penny per user. Wow. Where will your organization ever come up with that kind of cash!?!
In the meantime, I have three different email accounts that people have to CC to in order for me to get all my email. They practically need a fscking template to send email because a$$hole admins keep blocking their messages or mine enroute. Good job jerks. You've ruined email.
Spam isnâ(TM)t just a big nuisance; itâ(TM)s big business as well. So why is spam persisting? Ferris Research estimates that spam will cost $140 billion worldwide in 2008, of which $42 billion will be in the United States alone. If you compare these numbers with Ferrisâ(TM)s 2007 estimates of $100 billion and $35 billion, youâ(TM)ll see that the cost of spam has increased substantially over 12 months. Register for a complimentary Webinar conducted by Abaca and Ferris research to know more about how you can stop this nuisance. To register please click the link below: http://www.surveymonkey.com/s.aspx?sm=LPFKkdkFwOYltiQZtM_2bttw_3d_3d
The CIA world fact book says as of 2006 there were 233 million cell phones in use in the US for a population of just over 300 million... that's a vast majority of the population with access to a mobile, especially when you consider the number of internet users savvy enough to want to sign onto gmail in the first place with cell phones is most likely an even higher percentage.
Please, people, SPF is broken, and so are all the other similar technologies.
For one thing, they are not standardised but in competition. That means most people don't use them. That means they are practically begging for a high proportion of false positives.
For another, the technical approach they tend to take is impractical. It's all very well saying big business should set up its DNS entries using this or that little hack, but most of us (yes, the vast majority of domains registered) are not running on dedicated hardware with full-time sysadmin staff who are paid to mess around with this stuff. It would be completely impractical for me, as the lone, volunteer-in-my-spare-time sysadmin of a small, local non-profit, to keep track of the dozen or more people who may legitimately send mail using our domain name and all the mail relays used by all the ISPs they use, and then to update our domain information accordingly every few days when something changes. Life's just too short for that kind of idiocy, which is presumably why of the small proportion of domains that do have SPF entries, a high proportion only say "allow from all", which pretty much defeats the point.
Don't get me wrong: I hate spam as much as the next guy. I set up some simple spam filtering on our incoming mail, using nothing but the standard issue tools our mail hosting service provides, and it blocks 95+% of our incoming spam with no false positives observed in more than two years of use. It's using one of common score-based systems that considers many indicators but will only block mail when the combination of factors is sufficiently strong to be very confident it really is just spam. It doesn't rely on any SPF or SendID or DomainKeys rubbish, and we do just fine.
Basically, the only people SPF is really hurting are those using poorly configured mail services that outright block incoming messages from sources without SPF because some know-it-all sysadmin bought the snake oil. Oh, and those of us who admin non-SPF'd systems, who get grief from these other people when mails they asked for don't arrive and after asking their know-it-all sysadmins they blame us.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Hi guys! Just wanted to say a few words about my way to deal with spam - I use Gafana.com - that'sin my opinion the best anti-spam solution ever! Has anyone of you tried it?
Yeah, I knew that, but what does having a cell phone have to do with using their ad-supported service?
I only ever see ads on their website, I don't get SMS spam from them (or anyone else for that matter) or in my phone's inbox.