Ask Slashdot: Why Can't Google Block Spam In Gmail?

An anonymous reader writes Every day my gmail account receives 30-50 spam emails. Some of it is UCE, partially due to a couple dingbats with similar names who apparently think my gmail account belongs to them. The remainder looks to be spambot or Nigerian 419 email. I also run my own MX for my own domain, where I also receive a lot of spam. But with a combination of a couple DNSBL in my sendmail config, SpamAssassin, and procmail, almost none of it gets through to my inbox. In both cases there are rare false positives where a legit email ends up in my spam folder, or in the case of my MX, a spam email gets through to my Inbox, but these are rare occurrences. I'd think with all the Oompa Loompas at the Chocolate Factory that they could do a better job rejecting the obvious spam emails. If they did it would make checking for the occasional false positives in my spam folder a teeny bit easier. For anyone who's responsible for shunting Web-scale spam toward the fate it deserves, what factors go into the decision tree that might lead to so much spam getting through?

That's interesting

[93+Escort+Wagon]

This has not been my experience at all. I've found Google's email filters to be significantly better than anyone else's.

I can think of several other reasons not to use gmail - but spam filtering is not on that list.

Re:WTF?

[naughtynaughty]

I agree. Perhaps the author believes Google should not only try to figure out what is and isn't spam but also delete it so we never see it. If so, I disagree as I much prefer Google's excellent spam filter that still allows me to wander through the spam folder looking for something that it miscategorized and train Google to no longer consider it as spam.

GMAIL SPAM is fairly accurate

[spacepimp]

I think more likely what occurs is that they need to be extremely careful about false positives. So they push everything into a SPAM folder. But if you miss a critical email because Google accidentally thought something was spam when it wasn't, then Hello lawsuits. From a legal perspective, blocking anything going into their inboxen is a risk.

Article is stupid

[Nimey]

Google does an excellent job of catching spam. The submitter's problem isn't that, it's that he's got other numpties giving out his email address and then he's not using the Google-supplied tool (that little "mark as spam" button) to mark unwanted email so that Gmail learns his preferences. Instead, he's Dunning-Krugered together his own solution that barely works.

Submitter's problem is PEBKAC.

Re:Article is stupid

[BitZtream]

If the story wasn't so sort, I'd say it was Bennett Haselton talking out his ass again.

You vs everyone

[gurps_npc]

You personally only get mail from a specific kind of account. Your spam filters are set up to deny lots of emails that are obviously not someone you are interested in. For example, I bet you can kill any email that contains chinese.

Google can not do that because while for YOU an email in Chinese is a huge red flag, it means nothing to the chinese american student living in New York who still gets emails from her cousin in Hong Kong.

Most of the decisions you make are like this one. For you, country, language, etc. etc. are indications of spam, but they are not true for the general population.

So a spam filter designed for your personal use will always work a lot better than one designed for all users of google.

The arms race continues

[dbosso]

I've seen a lot of recent spam campaigns that get through my basic scanning using the following tactics:
1. Careful design to not trigger Spamassassin content rules, including blocks of text to fool the bayes filter.
2, Careful omission of any identifying headers except for completely valid SPF and DKIM headers with appropriately configured DNS.
3. Real Linux mail servers dropped onto virtual hosting providers.
4. Fresh IP addresses and domains - never used domains that are not blacklisted yet and IP addresses blocks from the hosting providers that take 10-30 minutes to get blacklisted
Then they use snowshoe spam tactics to trickle them out until they're blacklisted and then move to the next domain and address.

If your address is on the lists that the perpetrators of these campaigns are using, it's really hard to avoid spam right now. Not impossible, there are some countermeasures, but vanilla Spamassassin and your standard appliances are going to have problems. I can imagine google is going to have an easier time with this because of its size and volume (=more information), but it's far from trivial.

-db

Re:WTF?

[ArmoredDragon]

I joined gmail way early into the beta, so I got an email address that was simply my last name with first initial. Nothing else. Very simple, which I thought was great rather than adding a bunch of crappy letters/numbers to it.

Problem is, I end up getting subscribed to mailing lists all the time because a lot of people with the same last name and a similar first name don't pay the fuck attention to what address they're typing in.

The worst ones are the politician mailing lists. It's very rare that their unsubscribe feature even works at all, and when it doesn't, there's absolutely nothing you can do about it. Sure I add their address and name to my filters, but those fuckwads share your email address with each other. For example, I first got subscribed to Jim Dabakis, and he's since passed it to a bunch of other politicians in his fucking party so that they can send me messages from their stupid campaigns that are in another fucking state that I don't even care about. So periodically I get political emails from Democrats in Utah, and there's nothing I can do about it. Now I have no fucking idea how many lists I'd have to unsubscribe from, assuming that is even possible.

Oh and they keep asking me for campaign contributions, which is SPAM by definition because it's very much an unsolicited advertisement, except every law that makes spam illegal conveniently excludes the very politicians who wrote those laws.

So what can I do about it? Jack shit.

Though there are a few times where I've done some things that aren't very nice with this. For example, somebody bought a Hyundai in Vancouver Canada (a place I don't live anywhere even remotely close to) and then gave them my email address. The dealership sent me one of those surveys that makes or breaks the salesman and counts towards the dealership itself with Hyundai, so I gave it the most negative review I possibly could. Somebody from there sent me an email asking if I was sure I wanted to submit a review like that, and that it would have to be submitted anyways if I didn't respond, but they'd like to "speak with me" about it first, so I just ignored them. Serves them fucking right for not verifying who owns the address.

Another time some girl I don't even know sent me her nudies, but I just ignored the email.

Re:false positives

[radarskiy]

" It cannot just mark all advertisement as spam"
Advertisements in email are competition, not revenue. Google's incentives and your own are aligned.

Re:Article is valid, answers are stupid

[Lehk228]

because that alerts the spammer that they are detected and they need to change up their messsage/delivery

Re:WTF?

[Archangel+Michael]

"I cannot explain the OP's experience, as it runs completely counter to mine."

I can explain. I'd rather not have to. But it basically comes down to (IMHO), "I don't know how to Gmail"