Spammers Choose GMail 325
EdwardLAN writes "A study by Roaring Penguin has discovered that during the past three weeks, the amount of spam originating from Gmail has risen sharply." My spam has been pretty ridiculously high for the last few weeks, although I have no idea if this is part of it. It really does seem like gmail's spam filters are declining these days.
Invite-Only (Score:5, Interesting)
Gmail's spam filters (Score:5, Interesting)
How does spammers creating gmail accounts to send spam from imply that gmail's spam filters for inbound mail are declining? (if that is indeed what the summary is supposed to say).
One thing Google could do about incoming spam... (Score:5, Interesting)
Half of the spam I get on my gmail account that actually gets past the filter is in some language other than English... in fact its almost always in Cyrillic as well.
Give me a damn drop down that says "I speak English, anything not in English is not to me".
Won't solve their outgoing problem, but adding "this is my language" support would be a big help on the incoming, at least with my spam patterns.
Companies blocking Gmail? (Score:4, Interesting)
The IT staff at my dad's company blocked all communication with Gmail servers a few months ago, on the grounds that it was 'insecure'. Locking down an MS shop (XP/Exchange/etc) from the 'insecurity' of Google (while still accepting hotmail.com emails) still strikes me as a bit odd, but I've been hearing more reports of lax Google security with respect to spam/spammers. Perhaps they (dad's company) were on to something?
Anyone else having issues with people blocking Gmail?
Re:One thing Google could do about incoming spam.. (Score:4, Interesting)
Yeah I've thought the same thing, too. It wouldn't be that hard to filter. You could just select a charset (like Latin-1) and if less than 90% of the characters in a given message aren't representable in your chosen charset, automatically kill it. That wouldn't require figuring out the actual human language it was written in; it's a pretty trivial automatic test.
Captcha bust again? (Score:1, Interesting)
plus ca change (Score:0, Interesting)
Time to stop hiring people on the basis of being able to quickly answer standard undergraduate compsci problems and memorise specs that are available at the click of a mouse.
Microsoft (I worked there a couple of years, please don't crucify me) has taken many more years to not learn that they suffer the same problem. A college star is not an excellent engineer with a track record of solving real-world problems. And this is why Google, like Microsoft, keeps trying to branch out of its core competence (search / office respectively) and keeps failing. These companies can only afford a stream of loss-making projects because of their one or two hugely profitable ventures.
It's a big problem for gmail users! (Score:5, Interesting)
It's the outgoing spam from Gmail that's the problem, not the incoming spam, and there's been messages on the Gmail forums about Gmail servers being blocked for spam. If Google doesn't do something about it, then Gmail accounts will end up "read only".
And having Google themselves impose outgoing spam filtering is something else to worry about, if you're a Gmail user.
Re:It's a big problem for gmail users! (Score:3, Interesting)
Not sure how much of an issue filtering for outgoing spam would be, except perhaps an extra delivery delay. Charge for that feature as 'authorized' accounts, or something like that. I'd pay a nominal fee, tied to a credit card, to 'authenticate' my outgoing mail.
I've never sent anything that's *remotely* spammy, and people I correspond with generally don't.
What problems do you see with outgoing mail being filtered?
Captcha (Score:2, Interesting)
We know that the Gmail Captcha was broken a few months back. It's more likely that a variant of that tool has become more widely distributed and/or cheaper and has found it's way into the hands of script-kiddies.
Re:Companies blocking Gmail? (Score:2, Interesting)
Locking down an MS shop (XP/Exchange/etc) from the 'insecurity' of Google (while still accepting hotmail.com emails) still strikes me as a bit odd
Why is that, because you don't know what you're talking about. Despite all the flack MS receives, there is a reason Google Docs has done absolutely nothing to unseat Office in the corporate world, security. Are MS products secure, no, but they take it seriously. Ask Goog about security and they say, 'trust us'. Big companies don't trust anyone, rightfully so. I guess you also missed Googles gaping GMail privacy hole [slashdot.org] earlier today.
Re:It's a big problem for gmail users! (Score:3, Interesting)
What problems do you see with outgoing mail being filtered?
False positives. Even if you never send anything that's remotely spammy, you can still be caught by filters... I dig legitimate mail, including mail that doesn't look at all spammy to me, out of my google *incoming* filters on a regular basis.
I often think the biggest cost of spam has been the decreased reliability of email caused by spam filters making mistakes like that.
Re:One thing Google could do about incoming spam.. (Score:5, Interesting)
Require digital signing; people will catch on fast (Score:4, Interesting)
Re:The usual slashdot response to.. (Score:4, Interesting)
When has that ever been true? From what I can tell from reading the comments to most Google stories, certainly in the past six months, the groupthink seems to be more along the lines of cynicism and criticism. I can't recall any company that gets unanimous praise regardless of its actions. The opposite used to be true, that scorn was heaped onto some companies regardless of their actions (Microsoft is probably the most obvious target of that group-disgust), but even that seems to be waning, there's still the hard-bitten MS-haters, but the view seems to be more balanced and critical these days.
Even the Mac fanboys aren't quite so unfettered any more.
Originating? Or Spoofed As? (Score:1, Interesting)
Are these emails actually originating from a Google Mail system, or are the hackers just plugging in spoofed origin email addresses in the Google system? There was the recent article where a Calendar entry could disclose all current Gmail userID's.
I didn't read it (Score:3, Interesting)
I just wanted to add something interesting, I forwarded an account to my gmail in order to use gmail's filters to rid me of most of the "sorting" work, periodically I log into the original account to clean it up.
After about 6 months of doing this, I notice when I log into the original account there is almost no spam in it these days.
I guess they lost interest in that email since I never actually look at anything in it.
Re:It's a big problem for gmail users! (Score:3, Interesting)
I get several incoming emails **a day** that get caught in the inbound email filter. The thing that is so silly is they are all on several mailing lists I subscribe to, so you think the filter would be smart enough to realize gee, this guy has wanted several THOUSAND emails from osg-users, even though this one looks like it might be spam, I'll let it slide and see how this guy tags it
This doesn't just happen on one mailing list, it happens on 5 or 10, all open source or amateur radio development lists. And I can't figure out why it thinks its spam... occasionally there is broken english (international development teams), but sometimes it's a crystal clear paragraph of English. Maybe it's the acronyms. Almost wish I could turn spam filtering off, or at least set up rules to not filter messages containing X in the subject, some days its 25% legit email, 75% spam in the filter, if you forget to check for a few weeks it becomes tedious to clean.
Re:One thing Google could do about incoming spam.. (Score:1, Interesting)
Posting as Ac because I moderated...
Your idea doesn't address one of the main avenues of CAPTCHA breakage, which is the mechanical turk approach that has been used - swiping the CAPCTHA graphic, showing it to a real human to get them to fill it in in exchange for free porn/MP3's or whatever.
In the spam arms race, this missile has been downed.
Re:One thing Google could do about incoming spam.. (Score:1, Interesting)
That wouldn't work for me. I regularly send emails in Frenglish. I'm a Quebecer who frequently switches back and forth between French and English in emails with my friends and family.
Si tu te basais sur le contenu de mes courriels pour déterminer s'il est en franÃais ou en anglais, ton algorithme échouerait parce qu'il est ni en anglais, ni en franÃais.
Re:Invite-Only (Score:3, Interesting)
Actual Origin? Don't blame service provider. (Score:1, Interesting)
Blaming Google and claiming it's because of broken captcha begs the question of how the spammers really operate. Anything open to the public is open to abuse as you say. Invite systems only invite spammers to do more of what normal people do. Spammers can't be doing this from a single IP address, or even a small collection of them, without being blocked so we know they are somehow obfuscating their communications. I can only think of two ways:
The history of spam shows that a combination of the two is at work. Spam has traditionally come from exploited computers on cable modems and that has not changed only the means. Now that every ISP blocks port 25 and forces you to use their SMTP server, the spammers have targeted that and webmail.
The real solution to the spam problem is to attack the root cause, the continued [slashdot.org] failure of M$ to protect their customers [slashdot.org]. The spam problem is directly proportional to the number of Windows machines on the Internet and the speed of their connection.
Re:CAPTCHA is broken (Score:3, Interesting)
I don't think CAPTCHA's are being machine broken. I've seen ads outsourcing the typing in of CAPTCHA bidding $1 per 1,000. Try looking at http://www.getafreelancer.com/projects/Data-Entry/Captcha-PROJECT.html [getafreelancer.com] to get an idea of what is going on.
Re:Google should hire hit squads (Score:5, Interesting)
Blackwater would probably do it.
There's something to be said for this. Many of the major spammers have been identified (see ROKSO [spamhaus.org]). The anti-spam community needs "boots on the ground" to do something about them. There are private companies in that business. Blackwater [blackwaterusa.com] is one; Kroll [kroll.com] is another. Spammers today are part of larger criminal enterprises, which makes them vulnerable to private investigators.
Re:Companies blocking Gmail? (Score:3, Interesting)
I do similar to your catchall domain, but i use wildcard dns... thus:
anything@name.of.site.mydomain.com will come through.
This has the advantage that if i start receiving spams, not only do i know who sold me out, but i can create a dns record for the subdomain to point elsewhere (somewhere invalid, or back at the mailserver of the company that sold me out).