Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Why Can't Google Block Spam In Gmail?

Posted by timothy on from the spy-vs-jerkface dept.

An anonymous reader writes Every day my gmail account receives 30-50 spam emails. Some of it is UCE, partially due to a couple dingbats with similar names who apparently think my gmail account belongs to them. The remainder looks to be spambot or Nigerian 419 email. I also run my own MX for my own domain, where I also receive a lot of spam. But with a combination of a couple DNSBL in my sendmail config, SpamAssassin, and procmail, almost none of it gets through to my inbox. In both cases there are rare false positives where a legit email ends up in my spam folder, or in the case of my MX, a spam email gets through to my Inbox, but these are rare occurrences. I'd think with all the Oompa Loompas at the Chocolate Factory that they could do a better job rejecting the obvious spam emails. If they did it would make checking for the occasional false positives in my spam folder a teeny bit easier. For anyone who's responsible for shunting Web-scale spam toward the fate it deserves, what factors go into the decision tree that might lead to so much spam getting through?

20 of 265 comments (clear)

  1. WTF? by rodrigoandrade · · Score: 5, Informative

    Spam folder in my Gmail catches 99.9% of all spam I receive.

    As a bonus: it's also excellent about learning what I mark as spam, and dealing with false positives.

    1. Re:WTF? by jeremiahstanley · · Score: 5, Informative

      I'll second this sentiment. Gmail catches an obscene amount of spam sent to my account accurately and with so few false positives it blows my mind. I've dealt with lots of anti-spam software and some hardware and Google does a fantastic job.

      Pro tip: you have to just start flagging things with the convenient "this is spam" button and in a short time their filters figure it out.

      OP might just be getting a lot of legitimate list traffic that they signed up for. That isn't spam, you asked for that and need to hit 'unsubscribe'.

      --
      Hire me...
    2. Re:WTF? by Anonymous Coward · · Score: 5, Funny

      Then stop buying the penis pills and Google might actually believe you think it's spam.

    3. Re:WTF? by pz · · Score: 5, Informative

      I have found that essentially every time I give my email to a legitimate retailer, they automatically assume that this means they can send me marketing email on nearly a daily basis. However, most retailers also honor the unsubscribe requests, and if you are vigilant about clicking through unsubscribe and marking real spam as such, GMail does a really very good job. Also, I've found that when I unsubscribe to lists that I really don't read (including marketing email that I might have thought could be interesting but no longer want), the total volume of spam goes down.

      I cannot explain the OP's experience, as it runs completely counter to mine.

      --

      Put my fist through my alarm clock with its ding-dong death inside my ear. - The Blackjacks.
    4. Re:WTF? by Anonymous Coward · · Score: 5, Informative

      This is not technically spam. You can disable every single one of those lists by click "unsubscribe" at the bottom or going to your Google account settings for that service and disabling those messages. I have never received a mail from any Google service on my Gmail account, because I always pre-emptively opted out. And this has been my main email account for about 5-6 years now. And I have an Android phone that I have set up with that account, and a Youtube account that I occasionally post videos to, so it's not like I am somehow not using their services actively.

      Real spam is not only unsolicited, but impossible to unsubscribe from, because they really and truly don't give a shit, and any system those fuckers have that appears like it might be an unsubscribe function is really just a system to confirm there's a real person behind the email address. This is the stuff Gmail is really really good about blocking. Stuff about penis pills, viruses, scams. Gmail catches 100% of these for me, and its false positive rate is probably 5% or lower for me, and the false positives are almost always automated messages from signing up for a new site or something similar, and never something written by a human or that I receive on a regular basis and actually desire.

      In your particular case, it's your fault you're getting those messages from Google's services, and if you took like less than 5 minutes to actually untick some boxes you'd never receive those messages again.

    5. Re:WTF? by ArmoredDragon · · Score: 4, Insightful

      I joined gmail way early into the beta, so I got an email address that was simply my last name with first initial. Nothing else. Very simple, which I thought was great rather than adding a bunch of crappy letters/numbers to it.

      Problem is, I end up getting subscribed to mailing lists all the time because a lot of people with the same last name and a similar first name don't pay the fuck attention to what address they're typing in.

      The worst ones are the politician mailing lists. It's very rare that their unsubscribe feature even works at all, and when it doesn't, there's absolutely nothing you can do about it. Sure I add their address and name to my filters, but those fuckwads share your email address with each other. For example, I first got subscribed to Jim Dabakis, and he's since passed it to a bunch of other politicians in his fucking party so that they can send me messages from their stupid campaigns that are in another fucking state that I don't even care about. So periodically I get political emails from Democrats in Utah, and there's nothing I can do about it. Now I have no fucking idea how many lists I'd have to unsubscribe from, assuming that is even possible.

      Oh and they keep asking me for campaign contributions, which is SPAM by definition because it's very much an unsolicited advertisement, except every law that makes spam illegal conveniently excludes the very politicians who wrote those laws.

      So what can I do about it? Jack shit.

      Though there are a few times where I've done some things that aren't very nice with this. For example, somebody bought a Hyundai in Vancouver Canada (a place I don't live anywhere even remotely close to) and then gave them my email address. The dealership sent me one of those surveys that makes or breaks the salesman and counts towards the dealership itself with Hyundai, so I gave it the most negative review I possibly could. Somebody from there sent me an email asking if I was sure I wanted to submit a review like that, and that it would have to be submitted anyways if I didn't respond, but they'd like to "speak with me" about it first, so I just ignored them. Serves them fucking right for not verifying who owns the address.

      Another time some girl I don't even know sent me her nudies, but I just ignored the email.

    6. Re:WTF? by Anonymous Coward · · Score: 4, Funny

      Same here. I subscribed way back when it was in beta as well, only my address is my first and last name. Same problem with fucking morons that don't know their own GMail address.

      Lately I've taken to responding to messages I receive for other people. I've cancelled items ordered over the internet because I receive a confirmation email. I've cancelled hotel reservations....that one was funny...I wish I could have been there when the jackass tried to check in. I've even responded to quite obvious business emails where someone was looking for feedback on a project and I told them it was complete shit, they were incompetent and they and their team was about to be fired.

      Confuse my email address for yours because your too fucking lazy to learn the difference....then enjoy the consequences.

    7. Re:WTF? by Archangel+Michael · · Score: 4, Insightful

      "I cannot explain the OP's experience, as it runs completely counter to mine."

      I can explain. I'd rather not have to. But it basically comes down to (IMHO), "I don't know how to Gmail"

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  2. Spam on Gmail? by Anonymous Coward · · Score: 5, Informative

    I realize that this is not a helpful response, but my Gmail account never gets spam, it's all properly filtered into the spam folder. Been years since I even gave spam a second though, actually. I imagine that most peoples' situations are similar.

  3. That's interesting by 93+Escort+Wagon · · Score: 4, Insightful

    This has not been my experience at all. I've found Google's email filters to be significantly better than anyone else's.

    I can think of several other reasons not to use gmail - but spam filtering is not on that list.

    --
    #DeleteChrome
  4. Article is stupid by Nimey · · Score: 4, Insightful

    Google does an excellent job of catching spam. The submitter's problem isn't that, it's that he's got other numpties giving out his email address and then he's not using the Google-supplied tool (that little "mark as spam" button) to mark unwanted email so that Gmail learns his preferences. Instead, he's Dunning-Krugered together his own solution that barely works.

    Submitter's problem is PEBKAC.

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
    1. Re:Article is stupid by BitZtream · · Score: 5, Insightful

      If the story wasn't so sort, I'd say it was Bennett Haselton talking out his ass again.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  5. You vs everyone by gurps_npc · · Score: 4, Insightful
    You personally only get mail from a specific kind of account. Your spam filters are set up to deny lots of emails that are obviously not someone you are interested in. For example, I bet you can kill any email that contains chinese.

    Google can not do that because while for YOU an email in Chinese is a huge red flag, it means nothing to the chinese american student living in New York who still gets emails from her cousin in Hong Kong.

    Most of the decisions you make are like this one. For you, country, language, etc. etc. are indications of spam, but they are not true for the general population.

    So a spam filter designed for your personal use will always work a lot better than one designed for all users of google.

    --
    excitingthingstodo.blogspot.com
  6. as a former mail site admin... by drama · · Score: 5, Informative

    I'm not sure what this guy is doing, but when I ran my own mail server (which I did personally and professionally for well over a decade), spam was a huge problem for me. No combination of spamassassin, rbl's, heuristics signature checks, virus, etc... Nothing got me past 85-90% blockage. And I did everything right. And it was a constant unending fight.

    When I switched to Google apps for my personal domain, my life changed. Google catches a HUGE amount of spam. Things still get through occasionally, and definitely get worse as black Friday and Christmas campaigns kick into high gear. But the majority of the spam I get is from legitimate business that decides to put me on their mailing lists without my permission.

    The op either has on blinders, or is baiting.

  7. Re:Because they don't want to. by w_dragon · · Score: 4, Informative

    There are lots of legitimate sites that send emails on behalf of someone not on the domain. A lot of 'email this content to someone' links work that way. Maybe Microsoft understands how email is used in the real world far better than you do.

  8. If you think Gmail is bad... by Dishwasha · · Score: 5, Funny

    switch over to Yahoo mail

  9. The arms race continues by dbosso · · Score: 4, Insightful

    I've seen a lot of recent spam campaigns that get through my basic scanning using the following tactics:
    1. Careful design to not trigger Spamassassin content rules, including blocks of text to fool the bayes filter.
    2, Careful omission of any identifying headers except for completely valid SPF and DKIM headers with appropriately configured DNS.
    3. Real Linux mail servers dropped onto virtual hosting providers.
    4. Fresh IP addresses and domains - never used domains that are not blacklisted yet and IP addresses blocks from the hosting providers that take 10-30 minutes to get blacklisted
    Then they use snowshoe spam tactics to trickle them out until they're blacklisted and then move to the next domain and address.

    If your address is on the lists that the perpetrators of these campaigns are using, it's really hard to avoid spam right now. Not impossible, there are some countermeasures, but vanilla Spamassassin and your standard appliances are going to have problems. I can imagine google is going to have an easier time with this because of its size and volume (=more information), but it's far from trivial.

    -db

  10. Re:false positives by radarskiy · · Score: 4, Insightful

    " It cannot just mark all advertisement as spam"
    Advertisements in email are competition, not revenue. Google's incentives and your own are aligned.

  11. Re:Article is valid, answers are stupid by Lehk228 · · Score: 4, Insightful

    because that alerts the spammer that they are detected and they need to change up their messsage/delivery

    --
    Snowden and Manning are heroes.
  12. Former Google Engineer - my internal perspective by brunobowden · · Score: 5, Interesting

    Disclosure: my name is Bruno Bowden and I managed the engineering team on Enterprise Gmail many years ago at Google before leaving to work in venture capital. My profile is www.linkedin.com/in/brunobowden. Though I didn't work on spam fighting directly, I interacted a great deal with the spam team while I worked there.

    One of the main architects of the spam fighting system - Brad Taylor - published a scientific paper on "Sender Reputation in a Large Webmail Service" - http://www.ceas.cc/2006/19.pdf. This has a lot of detail about the system. We keep much of the internals secret as it reduces the chance that a spammer can reverse engineer and work around the system. If you'll allow me to be vague, the number of signals it uses was stunning to me. There's a mixture of hard wired tests (e.g. is the sender in someone's address book), reputation (domain and content), machine learning and anything else we can make work.

    One of the principle improvements came when we switched to user classification through the "Report Spam" button. People have different opinions on what constitutes spam, so individual filtering is far more effective. It also avoids the politics of certain lists of domains and IPs from third parties which can be controversial. Even then it has challenges, as sometimes users will mistakenly pick out a phishing email and mark it "Report Not Spam". Because of that, Gmail now adds a red warning banner to indicate more strongly what is a likely a phishing attempt. In general, Google has tried to be very supportive of encryption, e.g. DKIM for authentication (and SPF) to STARTTLS for privacy. I would also like to mention the abuse team that works hard to prevent gmail being used as a source of spam, shutting down accounts as soon as possible after suspicious email is sent, then helping affected users to recover their account.

    In general, the Gmail has received a lot of compliments on the spam filtering, I'm sure the team will be grateful for the positive comments here on Slashdot. There are still things that can confuse the system, e.g. receiving forwarded email (which might be missing source IPs) or genuine email that is sent to the wrong address. Though the system isn't perfect, I know the team will continue to work hard on it.