Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Look At Google's Email Spam Prevention

Posted by Soulskill on from the click-here-to-report-as-spam dept.

CNet has a story about the security measures Google employs to protect their email systems and fight the never-ending war on spam. Their Postini team, acquired two years ago, has a variety of monitoring tools and automated response systems to find and block undesirable messages. Quoting: "The system scores each message on numerous combinations of criteria, assigning a weight to each and then comparing the score to those in a database of several hundred thousand message types that have been flagged as good or bad from Postini honey pots and customer spam reports. ... To block fresh spam attacks not covered by existing heuristic technologies and viruses not covered by existing signature databases Postini relies on proprietary Zero-Hour technology to identify new outbreaks that show up in the traffic patterns and quarantine them for later rescanning. Customers can also create and build out their own white lists of message senders they trust and blacklist others they don't trust. It takes an average of 150 milliseconds for a message to be scanned by the antivirus engines that Postini licenses from McAfee and Authentium.

39 of 176 comments (clear)

  1. Don't care how they do it.. by Finallyjoined!!! · · Score: 5, Insightful

    I now get a couple of shed loads less spam. I used to check the apam directory for false positives. Don't bother doing that either.

    Go gmail :-)

    --
    If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
    1. Re:Don't care how they do it.. by hansraj · · Score: 5, Informative

      Pfft.. the internet became sentient sometime ago and used to babble like a baby. Since whatever it said was pretty much garbage, it was impossible for anyone to correctly figure out whether the noise was the baby's (spam) or from the tv (non-spam?). Now that the internet speaks more coherently it is far more easier for Google to figure out stuff that is coming from the internet - spam that is. It is rather obvious actually.

      I wonder why yahoo has a miserable spam filter though; maybe Yahoo is like the careless parent who never gave a shit to figure out when the baby stopped babbling. And judging by the kind of spam I get in my hotmail box (it is all from microsoft), probably MS would be like those parents who insist on babbling themselves when the baby is around.

      There, mystery solved! Now no one has to RTFA. Now if only someone made this into a car analogy for the greater good.

    2. Re:Don't care how they do it.. by jo42 · · Score: 4, Insightful

      Don't care how they do it..

      Then I suggest that you don't really belong on /. ...

    3. Re:Don't care how they do it.. by Threni · · Score: 3, Informative

      I get loads more spam than I used to. Something broke in Google's spam prevention about 4 months or so ago, and it's not been fixed yet. I redirect my email to my phone, where I get a notification of new email, and I've had to turn the sound and vibrate alert off because I got too much spam coming through.

    4. Re:Don't care how they do it.. by DrXym · · Score: 4, Interesting
      Spam is now so bad for me on my home account that I reckon for every 100 messages, only two or three are legitimate contact. I literally get 200-300 spams a day. Bayesian filters will get rid of about 20%, and rules I've added such as deleting any email with cyrillics or other foreign characters still leave me with 100 or so to delete manually.

      I've set up GMail to filter my email and by comparison I'd say one or two spams get through. So I'm very happy with GMail's level of coverage. It's not perfect but it makes things tolerable. I'm not at all happy with Yahoo's level of coverage. Yahoo allegedly also has spam filters, but I've yet to see they actually work. It's not uncommon to find my email box filled with Nigerian and other scams.

    5. Re:Don't care how they do it.. by trawg · · Score: 2, Informative

      Wow, what Bayesian filter are you using that is only giving you a 20% catch rate?

      I'm using spambayes (a pop3 proxy) and I would estimate it catches well above 95% of my spam. My inbox would be utterly unusable without it.

      It requires some training - the more training you give it and the more religious you are, the better it works. I've trained it on around 3000 ham and 3000 spam messages and it is incredibly accurate (almost scarily, sometimes) at catching spam. False positives are extremely low - here's the stats it reports:

      SpamBayes has processed 114790 messages - 56469 (49%) good, 54032 (47%) spam and 4289 (3%) unsure.
      2328 messages were manually classified as good (2 were false positives).
      2483 messages were manually classified as spam (829 were false negatives).
      34 unsure messages were manually identified as good, and 1583 as spam.

    6. Re:Don't care how they do it.. by Anonymous Coward · · Score: 4, Funny

      STOP! The internet is not really sentient (yet).

      Am too!

    7. Re:Don't care how they do it.. by MoeDrippins · · Score: 2, Interesting

      20% on a Bayesian filter is ridiculously low; so low in fact I believe you are stretching the truth to make or point, or you're not training it.

      My gmail account is quite old (gotten when only google employees were giving out beta requests), using an extraordinary common firstname.lastname account name, and since Jun 17, I've gotten 2247 spams. So that's what, 19 days? Gmail has *let through* probably fewer than 10 actual spam in that time frame (0.44%), and I haven't checked for any false positives.

      --
      Before you design for reuse, make sure to design it for use.
    8. Re:Don't care how they do it.. by Anonymous Coward · · Score: 2, Interesting

      I've been told by some people that part of the reason of the recent suckage of gmail's spam filter are people who think they're smarter than google and automatically mark all their messages as ham so they can get via pop or smtp to their computers and then run their own spamassassin/razor/bla tools on the mail. Thus, messages that are _obviously_ spam get marked as ham and are forwarded to the rest of users. I don't think it's the main reason, but worth sharing anyway in case somone knows more about this 'trend'.

    9. Re:Don't care how they do it.. by 0100010001010011 · · Score: 2, Interesting

      Spam Assassin is a great compliment to GMail's spam filters.

      1) I use IMAP Spam Begone to check my google inbox and mark stuff as spam/not spam.
      2) I use DMZ's remote SA-Learn to learn spam from my google spam folder (after I check it for false positives) and I use it to learn ham of stuff that IT marked wrong.

      Result, I haven't had any spam make it through since I started using it.

      (Both scripts do require editing isbg.py hasn't been updated in 5 years, so to work with newer python I fixed some things and sa-learn.pl needed to be edited to work with GMAil).

      Just enable IMAP in gmail and go.

  2. "Postini"? by John+Hasler · · Score: 4, Insightful

    My previous ISP switched me over to Postini with no advance notice (we got a cheery note from marketing after the deed was done). Blocked half the spam and half the ham. They told us how to disable the filtering "features" but it turned out that all the filtering could not be turned off.

    I'm not with that ISP any more.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    1. Re:"Postini"? by icydog · · Score: 4, Interesting

      I have had a similar experience with Postini, but from a different point of view. I usually use my own mailserver to send emails, and in the beginning I was greylisted and occasionally blocked by a few servers here and there, but after just a few quick emails here and there to ask why I was blocked, I was always promptly unblocked. I just use it for personal email so I'm not sending commercial or bulk emails. And before someone asks, no it's not on a dynamic IP or anything, it's in a fairly large colocation facility.

      Google is the only mail service that I know of who still just won't accept my emails. They make it very difficult to contact them. There is a form buried somewhere in their help system, but it says that they won't respond unless they need additional info from you, which leads me to believe that they never actually read anything submitted through that form. (I have tried a few times.) They also specifically say they don't take whitelist requests. I have SPF records, I have correct reverse DNS, I'm not on any blacklists, etc.

      This means when I send emails to my friends who use Gmail, or comparies who use Postini, I get blocked without cause. Then I have to use a different server. It's kind of annoying.

      (Why do I use my own email server? Because I can. This is /., after all.)

    2. Re:"Postini"? by TheRaven64 · · Score: 2, Interesting
      My publisher uses Postini. Whenever I send my editor an article, I need to also send an IM so he can check it isn't in his spam folder (happens a good 10% of the time). Meanwhile, SpamAssassin has been giving me no false positives and very few false negatives for years. I'd much rather have false negatives than false positives in a spam filter. A false positive means I can lose (or have delayed) an important email. A false negative just means that I have to waste a second or two clicking the 'spam' button in my mail client. Postini generates far more false negatives than any system I'd trust.

      That said, since we turned on greylisting, I've seen a massive reduction in spam. The number hitting my spam folder has gone from about ten a day to one every few days. I assumed spammers had worked out how to get around greylisting by now, but apparently not.

      --
      I am TheRaven on Soylent News
    3. Re:"Postini"? by macraig · · Score: 3, Interesting

      Have you noticed? GMail gives one no way at all to sort the captured spam. Since I still endure false positives from the system and there is NO way to disable or bypass it, having means to sort all of it by From:, To:, and other criteria would make it easier to identify the false positives and rescue them from the trash bin.

      Well, I'll take that back, in part: that applies to the Webmail interface, but if ones uses IMAP with a local IMAP client, then the spam folder could be subscribed and sorted within the client. God only knows how GMail's system interprets the dragging of a message from Spam to Inbox via IMAP: does that automatically whitelist that sender in the future, or do I have to still log into the Web site and identify it as Not Spam manually?

    4. Re:"Postini"? by rm999 · · Score: 2, Insightful

      Tell him to look up the definition of "whitelist".

      My guess is the system runs much more optimally when your entire address book is whitelisted.

    5. Re:"Postini"? by rm999 · · Score: 3, Insightful

      "there is NO way to disable or bypass it"

      Have you looked into filters? They added an option to "Never send it to Spam" about a year ago. You can create custom white lists with this, or just include everyone in the filter and totally bypass the spam filter.

    6. Re:"Postini"? by macraig · · Score: 2, Insightful

      That's irrelevant: you'd have to KNOW who it was from in order to employ a SEARCH like that. That's not useful at all when you aren't looking for something specific.

    7. Re:"Postini"? by Jay+L · · Score: 5, Interesting

      Google is the only mail service that I know of who still just won't accept my emails.

      I had a similar experience; I run my own mail server, send no bulk mail whatsoever, and both Postini and GMail independently decided I was a spammer. No DNSBLs had me listed, ReturnPath was happy, etc. Meanwhile, I was blocked from sending mail to my lawyer, my financial advisor, my chiropractor, etc., all of whom turned out to be downstream from Google. Despite Google's claims that the customer is in full control of filtering, none of them were able to get at my e-mail without getting their sysadmins involved - which often required discovering that they had sysadmins at all.

      Worse, Postini's spam filtering takes its own output as input. Once it's scored a message of yours as spam, future messages will be more likely to score as spam - which of course makes any subsequent messages even more likely to score as spam. Brilliant. At one point, my spam score from a triple-signed (SPF/DK/DKIM) server was 98 out of a possible 100.

      Google's philosophy of "we don't do it unless we can automate it" works horribly when it comes to customer service. There's no feedback loop, no whitelisting, no channels, no nothing. It's SPEWS all over again, or perhaps the Kafka International Airport.

      But Google has no reason to worry about false positives; the more messages they call spam, the more spam they can say they blocked. Perverse incentives.

    8. Re:"Postini"? by SanityInAnarchy · · Score: 4, Interesting

      For what it's worth, Gmail has been just the opposite for me. It's Yahoo and AOL which randomly decide to block me -- sometimes with some cause, sometimes just because it's on a residential connection.

      Yet Gmail never so much as greylists me -- everything goes straight through, every time.

      --
      Don't thank God, thank a doctor!
    9. Re:"Postini"? by veganboyjosh · · Score: 3, Funny

      I used to get Snopes candidates from my mother-in-law a few years ago. I used to delete them without saying anything. Then I figured I'd try to teach her about the internet, and trusting things you receive in your inbox. I made an effort to track down whatever outrageous story she forwarded on snopes or wherever else, so that she'd see they weren't true, and stop sending them.

      Now, instead of getting emails from her with "I wonder if this is true. It sounds so amazing!", I get "I already checked Snopes, and while this one isn't real, it makes for a good story!" MLIA.

    10. Re:"Postini"? by Toth · · Score: 2, Informative

      I helped a customer get off AOL's blacklist a couple months ago.

      It was a straightforward process with an immediate automated reply.

      In order to complete the process you must be able to receive an email at abuse@, postmaster@, or the technical or administrative contact for your domain.

      The final email was from a human. It was completed the day following.

    11. Re:"Postini"? by thePowerOfGrayskull · · Score: 2, Insightful
      Take a deep breath dude, was trying to give you info that I thought might help. Now it seems that you've presented a moving target. You first said:

      having means to sort all of it by From:, To:, and other criteria would make it easier to identify the false positives

      Now you say:

      That's irrelevant: you'd have to KNOW who it was from in order to employ a SEARCH like that. That's not useful at all when you aren't looking for something specific.

      If you don't know who it's from, to ,etc how is sorting by these fields going to help you filter out false positives? Since you now posit that you don't know who it's from, then that won't give you any information that you can use. In addition, you don't need to be searching for something specific to use the filters that are available.

  3. Postini may or may not work, by Anonymous Coward · · Score: 5, Funny

    but what I really want to tell you is that I've inherited a great deal of money and I need someone to help me transfer it to the US. I live in Nigeria. You all seem to be great gentleman, so I will pay appropiately.

    Contact me.

    1. Re:Postini may or may not work, by Anonymous Coward · · Score: 3, Funny

      You all seem to be great gentleman

      You must be new here.

  4. better then their fishing 'algorithm' by cliffski · · Score: 2, Funny

    part of gmails phishing filter seems to do this

    if(hyperlink in email ends in .exe)
    {
        isphishing = true.
    }

    Even if this is an email from someone in your whitelist and is merely quoting text from your own message you sent them.
    And there seems to be NO way to prevent a message with .exe in it to be marked this way :(

    --
    DRM-free indie games for the PC and Mac: Positech Games
  5. Toughest spam by Pessimist+Cynic · · Score: 5, Funny

    They can filter out the obvious spam mail, but some spammers are so clever and so well hung - because they've taken some DrMaxMan to acquire an enlarged sexual wand with which you can perform better and be bigger for f.r.e.e - that they can actually embed their spam offers inside real messages in such a way as to be completely undetectable by filters.

  6. Comment removed by account_deleted · · Score: 2, Interesting

    Comment removed based on user account deletion

  7. Praise Gmail by zhilla2 · · Score: 3, Interesting

    This is great for business mail too... small company where I work was literally BURIED with spam until we moved to gmail. Since their mail addresses were "in the open" on our website for years, some of them get 200+ spams a day. Now, if 1 in 1000 passes, it's a bad day. Also, in my private inbox, I had an VERY old mail address still redirected to gmail address... turned out that was the source of 1/2 spams (100+ / day). But those were filtered too without problem. So far so good... not a single false detection for ham. Nothing but praise so far. Disclaimer: I do not work for gmail. I am the genuine satisfied customer with smile on my face, from "after" picture, as seen on TV!

  8. But what about spam from "me"? by Peaquod · · Score: 3, Interesting

    At least 75% of my spam is addressed as though it was sent from *my* gmail account. Of course, it's easy to set up a filter to reject all such spam, but then I lose the ability to send reminder messages to myself. Seems like it would be extraordinarily simple for google to outright reject messages that claim to be sent from their servers that in fact were not. I sure wish they would!

    1. Re:But what about spam from "me"? by hidden · · Score: 4, Insightful

      Keep in mind:
      It's a perfectly legitimate (and common) for non-webmail users to have their outgoing server be their local ISP. So if google did what you're suggesting, all those people that use an IMAP client to receive their gmail, and send via their ISP wouldn't be able to send to other gmail users

  9. McAfee by contrapunctus · · Score: 4, Interesting

    So by using gmail, am I indirectly making money for McAfee?

  10. Re: I do care how it works by npwa · · Score: 3, Interesting

    ...because it's actually not working - Gmail spam filter recently became very ineffective - i have to classify about 5-10 Viagra spams daily. (Google, have you heard of it? geez!) then it occurred to me that a while ago Gmail captcha was cracked, so I imagine spammers send themselves hundreds of spams only to classify them as "non-spam". - as a consequence, spams are now slipping through the crowd-sourced filter because the crowd is infiltrated. c'mon google this can't possibly that hard to fix!

  11. Re:It was me! by Goldenhawk · · Score: 2, Interesting

    I signed up with Postini just as it was acquired by Google. Before that I'd used SpamSoap, which worked great but was declining in effectiveness (more false negs) but not in price ($30 per month is a lot for a small business). Postini and then Google were far more reasonable at just $3 per year per address (for the less-flexible controls). I get maybe one or two delivered spam per week, usually when I also see a corresponding spike in filtered spam which indicates a new attack of some kind. I get only one or two false positives a month.

    The biggest thing I have noticed lately is that the spammers have started collating domain name "from" lines. I now routinely get a lot of spam (in the quarantine) listed as coming from the other valid e-dresses in that domain. This is new as of a month or so ago.

    The real problem with Google/Postini is that, as others note in this discussion, they don't answer tech support AT ALL. You either take what they offer, or you don't. The control panel (for the $3/month option) is rather limited, and you have no blacklist features. There seems to be no way to tweak things, ask for assistance with filtering issues, etc. You just get what they offer.

    For me, for a savings of $27 per address per year, that's a tradeoff I'm willing to make.

    And by the way, I provide filtering for my family for free... it costs a few dollars extra per year, but I figure it's money well spent since Mom and Dad and the less geeky in my family don't get infected and I do less tech support than before.

    --
    --Brandon / Split Infinity Music

  12. Re:now am worried !! by Ron+Bennett · · Score: 4, Insightful

    150 milliseconds sounds fast, but equates to only 7 messages per second.

    Sure that may be faster, presuming it's a deep intensive scan, than what one can do on their home PC, and yes Google has zillions of boxes ... but anyways, my point is that 7 messages per second illustrates the very real, high cost of dealing with spam; scanning of just a million messages, which is a fraction of the spam volume, at 7 messages per second, takes well over a day of computer time.

    Ron

  13. SPAM volume patterns by flyingfsck · · Score: 2, Informative

    What I find telling is how my SPAM volume rises and falls according to the American holidays. Whenever the Yanks have a holiday, SPAM drops to a trickle.

    That to me is a clear indication that most SPAM originates in the US even though it mostly gets relayed through Asian proxies.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  14. Re: I do care how it works by GIL_Dude · · Score: 2, Interesting

    I counter your anecdote with my anecdote! No, seriously - not to be an a$$ or anything, but I haven't gotten a single spam in GMail in over two years. There is none in the inbox, and none in the spam folder (label) either. I'm not sure why you are getting them, but it is clearly not everyone who is so afflicted (thankfully!). I'm not sure if it has something to do with accounts on different back end systems or what, but mine hasn't gotten any spam in one heck of a long time.

  15. GMail Spam Filter != Postini by aligas · · Score: 2, Informative

    Keep in mind folks, Gmail's Spam filtering is seperate from Postini.

    From the article:
    "Google's Gmail antispam efforts are separate from those of Postini, which Google acquired two years ago, although it follows similar computerized operations and the teams have started to integrate the processes."

    I've had email at an ISP that uses Postini, and I have email at Gmail. IMHO, Gmail > Postini.

  16. Re:now am worried !! by binaryspiral · · Score: 2, Insightful

    As an email administrator - I wouldn't give a user the ability to disable virus filtration on their email account - even if I knew they weren't a direct threat to any known virii. Too many stupid people out there know how to use the FWD button.

    I know what you're saying, but since you're probably the smartest user out of the tens of thousands that use your email server - they're not likely to give you a one-off option.

  17. Re:Gmail and Me by binaryspiral · · Score: 2, Insightful

    Did you have an easy to guess username?

    Just because you didn't send email from "robogun@gmail.com" doesn't mean your robogun@att.net isn't on a spam list somewhere. How do you increase the size of a spam list exponentially? strip all the domains from the addresses and find common names... then generate one email address for each domain you want to hit.

    Ta-da... spam email sent to accounts that were never used. This could indicate that google's directory harvest attack identification methods need some fine tuning, but I doubt its maliciously allowing people to spam you, that's just plain stoopid.