Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Choose GMail

Posted by CmdrTaco on from the my-inbox-it-hurts dept.

EdwardLAN writes "A study by Roaring Penguin has discovered that during the past three weeks, the amount of spam originating from Gmail has risen sharply." My spam has been pretty ridiculously high for the last few weeks, although I have no idea if this is part of it. It really does seem like gmail's spam filters are declining these days.

25 of 325 comments (clear)

  1. Invite-Only by Anubis_Ascended · · Score: 5, Interesting

    Maybe they should have just kept the system invite-only, instead of opening it up to everyone -- that would help, the way I see it.

    1. Re:Invite-Only by betterunixthanunix · · Score: 2, Interesting

      I must have missed the part where Gmail was OSS. Like, with the exception of the presentation logic, you can't really look at the code?

      --
      Palm trees and 8
  2. Gmail's spam filters by Anonymous Coward · · Score: 5, Interesting

    How does spammers creating gmail accounts to send spam from imply that gmail's spam filters for inbound mail are declining? (if that is indeed what the summary is supposed to say).

  3. One thing Google could do about incoming spam... by tgd · · Score: 5, Interesting

    Half of the spam I get on my gmail account that actually gets past the filter is in some language other than English... in fact its almost always in Cyrillic as well.

    Give me a damn drop down that says "I speak English, anything not in English is not to me".

    Won't solve their outgoing problem, but adding "this is my language" support would be a big help on the incoming, at least with my spam patterns.

  4. Companies blocking Gmail? by mgkimsal2 · · Score: 3, Interesting

    The IT staff at my dad's company blocked all communication with Gmail servers a few months ago, on the grounds that it was 'insecure'. Locking down an MS shop (XP/Exchange/etc) from the 'insecurity' of Google (while still accepting hotmail.com emails) still strikes me as a bit odd, but I've been hearing more reports of lax Google security with respect to spam/spammers. Perhaps they (dad's company) were on to something?

    Anyone else having issues with people blocking Gmail?

    --
    creation science book
    1. Re:Companies blocking Gmail? by coop247 · · Score: 2, Interesting

      Locking down an MS shop (XP/Exchange/etc) from the 'insecurity' of Google (while still accepting hotmail.com emails) still strikes me as a bit odd

      Why is that, because you don't know what you're talking about. Despite all the flack MS receives, there is a reason Google Docs has done absolutely nothing to unseat Office in the corporate world, security. Are MS products secure, no, but they take it seriously. Ask Goog about security and they say, 'trust us'. Big companies don't trust anyone, rightfully so. I guess you also missed Googles gaping GMail privacy hole earlier today.

      --
      //TODO: Insert catchy phrase
    2. Re:Companies blocking Gmail? by Bert64 · · Score: 2, Interesting

      I do similar to your catchall domain, but i use wildcard dns... thus:
      anything@name.of.site.mydomain.com will come through.
      This has the advantage that if i start receiving spams, not only do i know who sold me out, but i can create a dns record for the subdomain to point elsewhere (somewhere invalid, or back at the mailserver of the company that sold me out).

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  5. Re:One thing Google could do about incoming spam.. by Kadin2048 · · Score: 4, Interesting

    Yeah I've thought the same thing, too. It wouldn't be that hard to filter. You could just select a charset (like Latin-1) and if less than 90% of the characters in a given message aren't representable in your chosen charset, automatically kill it. That wouldn't require figuring out the actual human language it was written in; it's a pretty trivial automatic test.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  6. Captcha bust again? by Chrisq · · Score: 1, Interesting

    Someone must have busted the captcha again, that prevents autonatic sign-up

  7. plus ca change by Anonymous Coward · · Score: 0, Interesting

    Time to stop hiring people on the basis of being able to quickly answer standard undergraduate compsci problems and memorise specs that are available at the click of a mouse.

    Microsoft (I worked there a couple of years, please don't crucify me) has taken many more years to not learn that they suffer the same problem. A college star is not an excellent engineer with a track record of solving real-world problems. And this is why Google, like Microsoft, keeps trying to branch out of its core competence (search / office respectively) and keeps failing. These companies can only afford a stream of loss-making projects because of their one or two hugely profitable ventures.

  8. It's a big problem for gmail users! by argent · · Score: 4, Interesting

    It's the outgoing spam from Gmail that's the problem, not the incoming spam, and there's been messages on the Gmail forums about Gmail servers being blocked for spam. If Google doesn't do something about it, then Gmail accounts will end up "read only".

    And having Google themselves impose outgoing spam filtering is something else to worry about, if you're a Gmail user.

    1. Re:It's a big problem for gmail users! by mgkimsal2 · · Score: 2, Interesting

      Not sure how much of an issue filtering for outgoing spam would be, except perhaps an extra delivery delay. Charge for that feature as 'authorized' accounts, or something like that. I'd pay a nominal fee, tied to a credit card, to 'authenticate' my outgoing mail.

      I've never sent anything that's *remotely* spammy, and people I correspond with generally don't.

      What problems do you see with outgoing mail being filtered?

      --
      creation science book
    2. Re:It's a big problem for gmail users! by argent · · Score: 2, Interesting

      What problems do you see with outgoing mail being filtered?

      False positives. Even if you never send anything that's remotely spammy, you can still be caught by filters... I dig legitimate mail, including mail that doesn't look at all spammy to me, out of my google *incoming* filters on a regular basis.

      I often think the biggest cost of spam has been the decreased reliability of email caused by spam filters making mistakes like that.

    3. Re:It's a big problem for gmail users! by everphilski · · Score: 2, Interesting

      I dig legitimate mail, including mail that doesn't look at all spammy to me, out of my google *incoming* filters on a regular basis.

      I get several incoming emails **a day** that get caught in the inbound email filter. The thing that is so silly is they are all on several mailing lists I subscribe to, so you think the filter would be smart enough to realize gee, this guy has wanted several THOUSAND emails from osg-users, even though this one looks like it might be spam, I'll let it slide and see how this guy tags it ...

      This doesn't just happen on one mailing list, it happens on 5 or 10, all open source or amateur radio development lists. And I can't figure out why it thinks its spam... occasionally there is broken english (international development teams), but sometimes it's a crystal clear paragraph of English. Maybe it's the acronyms. Almost wish I could turn spam filtering off, or at least set up rules to not filter messages containing X in the subject, some days its 25% legit email, 75% spam in the filter, if you forget to check for a few weeks it becomes tedious to clean.

  9. Captcha by mcwidget · · Score: 2, Interesting

    The fact that more spam is originating from Gmail is not indicative of Gmails spam filters being less effective, I think they only scam mail sent to Gmail accounts.

    We know that the Gmail Captcha was broken a few months back. It's more likely that a variant of that tool has become more widely distributed and/or cheaper and has found it's way into the hands of script-kiddies.

  10. Re:One thing Google could do about incoming spam.. by antifoidulus · · Score: 5, Interesting

    Google already does that for their ads. I'm an American living in Germany who also has friends in Japan that I coorespond with in Japanese. I get ads in English, German, and Japanese(in fact I get ads in Japanese offering to teach me English and/or German....) so if they can determine the language for the ads, then they should be able to use it for spam.... at least if you get an email in a language that isn't in your outbox it should trigger something..

    --
    Monstar L
  11. Require digital signing; people will catch on fast by betterunixthanunix · · Score: 3, Interesting

    Here's a quick way to solve the problem: require digital signatures for "important" emails. Want to sign up for Facebook? Digitally sign your reply to the "verify" email. It is quick, effective, and people who don't know what signing is will catch on really fast.

    --
    Palm trees and 8
  12. Re:The usual slashdot response to.. by ricebowl · · Score: 3, Interesting

    bad news about Google will be: *insert fingers in ears* NA NA NA NA NA NA NA NA NA! I can't hear you! NA NA NA NA NA NA!

    When has that ever been true? From what I can tell from reading the comments to most Google stories, certainly in the past six months, the groupthink seems to be more along the lines of cynicism and criticism. I can't recall any company that gets unanimous praise regardless of its actions. The opposite used to be true, that scorn was heaped onto some companies regardless of their actions (Microsoft is probably the most obvious target of that group-disgust), but even that seems to be waning, there's still the hard-bitten MS-haters, but the view seems to be more balanced and critical these days.

    Even the Mac fanboys aren't quite so unfettered any more.

  13. Originating? Or Spoofed As? by Anonymous Coward · · Score: 1, Interesting

    Are these emails actually originating from a Google Mail system, or are the hackers just plugging in spoofed origin email addresses in the Google system? There was the recent article where a Calendar entry could disclose all current Gmail userID's.

  14. I didn't read it by koan · · Score: 2, Interesting

    I just wanted to add something interesting, I forwarded an account to my gmail in order to use gmail's filters to rid me of most of the "sorting" work, periodically I log into the original account to clean it up.
    After about 6 months of doing this, I notice when I log into the original account there is almost no spam in it these days.
    I guess they lost interest in that email since I never actually look at anything in it.

    --
    "If any question why we died, Tell them because our fathers lied."
  15. Re:One thing Google could do about incoming spam.. by Anonymous Coward · · Score: 1, Interesting

    Posting as Ac because I moderated...

    Your idea doesn't address one of the main avenues of CAPTCHA breakage, which is the mechanical turk approach that has been used - swiping the CAPCTHA graphic, showing it to a real human to get them to fill it in in exchange for free porn/MP3's or whatever.

    In the spam arms race, this missile has been downed.

  16. Re:One thing Google could do about incoming spam.. by Anonymous Coward · · Score: 1, Interesting

    That wouldn't work for me. I regularly send emails in Frenglish. I'm a Quebecer who frequently switches back and forth between French and English in emails with my friends and family.

    Si tu te basais sur le contenu de mes courriels pour déterminer s'il est en franÃais ou en anglais, ton algorithme échouerait parce qu'il est ni en anglais, ni en franÃais.

  17. Actual Origin? Don't blame service provider. by twitter · · Score: 1, Interesting

    Blaming Google and claiming it's because of broken captcha begs the question of how the spammers really operate. Anything open to the public is open to abuse as you say. Invite systems only invite spammers to do more of what normal people do. Spammers can't be doing this from a single IP address, or even a small collection of them, without being blocked so we know they are somehow obfuscating their communications. I can only think of two ways:

    1. Botnet
    2. TOR and other anonymous proxy services.

    The history of spam shows that a combination of the two is at work. Spam has traditionally come from exploited computers on cable modems and that has not changed only the means. Now that every ISP blocks port 25 and forces you to use their SMTP server, the spammers have targeted that and webmail.

    The real solution to the spam problem is to attack the root cause, the continued failure of M$ to protect their customers. The spam problem is directly proportional to the number of Windows machines on the Internet and the speed of their connection.

    --

    Friends don't help friends install M$ junk.

  18. Re:CAPTCHA is broken by tonyray · · Score: 2, Interesting

    I don't think CAPTCHA's are being machine broken. I've seen ads outsourcing the typing in of CAPTCHA bidding $1 per 1,000. Try looking at http://www.getafreelancer.com/projects/Data-Entry/Captcha-PROJECT.html to get an idea of what is going on.

  19. Re:Google should hire hit squads by Animats · · Score: 4, Interesting

    Blackwater would probably do it.

    There's something to be said for this. Many of the major spammers have been identified (see ROKSO). The anti-spam community needs "boots on the ground" to do something about them. There are private companies in that business. Blackwater is one; Kroll is another. Spammers today are part of larger criminal enterprises, which makes them vulnerable to private investigators.