Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Spam Businesses Google The Internet Communications

Some Ways To Avoid Spam On Gmail 308

jafo writes "In general, Gmail has been extremely spam-free. More recently, however, it's gotten dramatically worse. I've written up some thoughts on Gmail spam and keeping the spam down. Want less spam on Gmail (and likely others)? Try generating an account name using "apg -M L -t"."
This discussion has been archived. No new comments can be posted.

Some Ways To Avoid Spam On Gmail

Comments Filter:
  • by MrRTFM ( 740877 ) * on Tuesday December 21, 2004 @07:58AM (#11146036) Journal
    My postman is such a putz - ever since I subscribed to the 'slashdot postal catalogue', he has [rather cunningly] worked out that I read slashdot.

    Now, since that my address is 1 Aardvark Avenue, Australia; I am the first person that gets his mail delivered off the truck.

    So just as I go out the door on my way to work, he drives up - delivers my mail (very dramatically) and yells "FIRST POST" ... then he drives off laughing like an idiot - it is very annoying and I would like it to stop - can anyone give me some advice?

  • Great (Score:5, Funny)

    by Anonymous Coward on Tuesday December 21, 2004 @08:00AM (#11146042)
    and then you end up with an email address that you have to keep written on a post-it stuck to your monitor so you can remember it.
  • Amateur! (Score:5, Funny)

    by kzinti ( 9651 ) on Tuesday December 21, 2004 @08:02AM (#11146049) Homepage Journal
    I have absolutely NO spam on my gmail account. Why? Because my email address is l1OO0100lO1l100lO1l01@gmail.com. Or 1O00100lO1l1O0lO110l@gmail.com. Or 100O100lOl11O0lO110l@gmail.com... I forget which. But that's an implementation detail; the important point is that I get absolutely no spam!
    • Re:Amateur! (Score:3, Funny)

      by theefer ( 467185 ) *
      And no real mail by anyone either, right?
    • Re:Amateur! (Score:4, Insightful)

      by JavaBear ( 9872 ) on Tuesday December 21, 2004 @08:45AM (#11146290)
      Strangely I've never seen one bit of spam on my abuse@ account...

      Maybe that could be a solution, use a sub domain as the actual mail address, and just prepend abuse@ as the address, so instead of spam-me-not@domain.com you'd use abuse@spam-me-not.domain.com.
      Those buggers won't be able to figure out which addresses are 'safe' to spam, and which ones may quite likely bring down hell upon their little minds.
      • Re:Amateur! (Score:3, Insightful)

        by ajs ( 35943 )
        Spammers don't spam abuse and postmaster addresses mostly because they're far less likely to go to users who are likely marks. If that starts to change....

        PS: JavaBear... I'm shocked that someone with such an old account is someone I've never heard of before. Drop me a line sometime.
    • This is idiocy. Both Slashdot's idea and your post. No matter how you account is named, it's matter who have your address and how can you filter spam.
      • Perhaps you weren't reading the article (this is /. after all), but the point is even though spammers *do not know* most of these gmail addresses, they still send spam by using a dictionary attack.

        I have 12 gmail accounts, and the ones that have "normal" words and names in them get loads of spam. But the other, stranger names get none. And I have given the addresses out equally (to a select few people).
  • by acomj ( 20611 ) on Tuesday December 21, 2004 @08:02AM (#11146051) Homepage
    I have a couple gmail acounts. The spam they get, and its not alot so far, seems to be guess the name type. The name in the "to" field is close but not exactly my address. I think gmail just delivers it but marks it instantly as spam so the spammers don't know which are "live" addresses and which are non existant ones.

    just my experience..

    Its going to get worse though. As more people use it and when it goes out of beta and some spammers can start getting accounts and testing...

    Heck I have a domain with one email addess (which is a catch all). I've never ever given out the address, yet I get spam there... Lots of it.

    Its making email so much less usefull

    • by akadruid ( 606405 ) <slashdotNO@SPAMthedruid.co.uk> on Tuesday December 21, 2004 @08:18AM (#11146134) Homepage
      I actually forwarded my domain catch-all address to gmail because of the amount of spam bouce messages I was recieving - something in the order of 1500 per day. My Mozilla Thunderbird behind a Brightmail-filtered ISP just wasn't coping with the load so I dropped it all on gmail. It did a fantasitic job, with a few tweaks set up, and now that my spam load has died down again a bit, I'm hooked on gmail despite my love for Thunderbird.

      Here's the tweaks I used [slashdot.org]
    • I have a couple gmail acounts. The spam they get, and its not alot so far, seems to be guess the name type.

      I run an email service, and it cracks me up everytime I get an email like this:

      "Hi, Please cancel my account - john. It gets way too much spam!"

      Umm yeah, SpamAssassin is good, but not that good.

  • by EvilStein ( 414640 ) <spam @ p b p.net> on Tuesday December 21, 2004 @08:02AM (#11146052)
    Just don't use 'effin Gmail! GAH! Just because everyone and their cat has 50 gmail invites to give out doesn't mean that you have to use it.

    SpamAssassin is catching nearly 100% of the spam bound for my regular personal email account. I don't need Google's help with that.
    • by mmkkbb ( 816035 ) on Tuesday December 21, 2004 @08:09AM (#11146091) Homepage Journal
      You, sir, must be a Microsoft support technician. The answer you have given is 100% correct and 100% useless.
      • Exactly! I just don't see the big deal about gmail at all. It's yet another free email service, all of which are totally useless to me. *shrug*

        This article could be "How to avoid spam on Yahoo" - just don't bother with Yahoo. :)

        (how'd you guess my profession anyway?) :P
        • Are you on mailing lists? Do you have long conversations with lots of replies?

          The grouping of replies is very nice. The rest is available in some fashion in other mail clients.
    • The article is about limiting spam *period*, not classifying spam, which GMail already does. The author even states this:

      First of all, I'll say that none of the messages which were marked as spam were legitimate messages. However, I'm not using these accounts very heavily yet. All of them have received under 10 legitimate messages since I set them up. So far, Gmail is doing a good job of classifying the spam.

      Your homebrew setup is no better off than a stock GMail account. And I don't have to maintain my o

      • And gmail is no better off than a homebrew setup. These same "avoid spam" rules can be applied to *anything*

        Why this useless blog entry actually made it onto /,, who knows.. it's been happening more & more.

        It's a brain dead article. Yes, I read it. It should be filed under the "Well, duh.." category.
      • Your homebrew setup is no better off than a stock GMail account. And I don't have to maintain my own SpamAssassin, GMail does it for me.

        You might be amazed what you can do with a combination of SPF, SpamAssassin, and procmail. I cut out anywhere from 25% to 75% of my spam depending on the day, and all it took was an up-front time investment of a couple hours to save many many hours later on.

  • My test (Score:5, Informative)

    by FictionPimp ( 712802 ) on Tuesday December 21, 2004 @08:03AM (#11146055) Homepage
    I was curious about how much spam gets auto generated. I have a fairly common name so I used one of my gmail invites with my normal gmail account to make an account with my firstname.lastname@gmail.com.

    I havn't used or given it out to anbody, the spam folder gets about 25 messages a day. Luckly google has done a perfect job with marking them all spam.
    • I have a firstname.lastname account at gmail that I only used to mail to one close friend (thanks for the invitation David ;-), and haven't communicated it to anybody else.

      My name is particular enough that when you search for it on google (i.e.: "Firstname Lastname"), almost all returned links are relevant so it wouldn't seem to me that auto-generated addresses should easily match and yet I get spam into my gmail inbox

      Boggles the mind...

    • I have a test account of lastname+firstinit (6 characters). Similarly, I've barely acknowledged the existence of the account, but it's only gotten 29 spam since November 30, and they were all the same type of subject line: "[random user name similar to mine] ['get first post every time!' or other sales pitch]"

      6 of the 29 actually have my username in there, and most of the others are seemingly valid usernames that are close to mine in the alphabet. I suppose that since my username is short, and I've used it
  • by Kolisar ( 665024 ) on Tuesday December 21, 2004 @08:03AM (#11146059)
    I receive some spam every day on my GMail account and, looking at the headers, it seems that the spammers are randomly generating the email addresses and my address, eventually, gets generated and receives spam. Fortunately, the GMail spam filter has successfully caught all of the spam.
  • Gmail spam (Score:3, Interesting)

    by Junior J. Junior III ( 192702 ) on Tuesday December 21, 2004 @08:06AM (#11146077) Homepage
    I signed up for gmail, and after logging into the account about four times, and having sent all of maybe a dozen emails, all of which went to personal friends, started receiving spam messages. Currently it's a trickle, something under 1 spam message per day, and they've all been caught by gmail's spam filter, but for some reason I still find it annoying to see ANY spam. I don't get spam at all on my fastmail accounts, and have been using them as my everyday mail account for better than a year now.
  • by Richie1984 ( 841487 ) on Tuesday December 21, 2004 @08:06AM (#11146078)
    It's a well written article, but I don't feel it brings anything new to the discussion. Yes, spammers were eventually going to target GMail because of it's popularity, but there isn't really any detailed information in the article as to how Google is defending itself, merely a lot of (interesting) specualtion.

    And while the same techniques are used to try and stop spammers from finding your account, there aren't any gmail specific ideas, which is what I hoped I would find int he article.
  • suuuuureee (Score:5, Funny)

    by __aahlyu4518 ( 74832 ) on Tuesday December 21, 2004 @08:06AM (#11146079)
    "Want less spam on Gmail (and likely others)? Try generating an account name using apg -M L -t""."

    This helps to get less email from your friends as well.
  • Password generator (Score:5, Interesting)

    by ajs ( 35943 ) <{moc.sja} {ta} {sja}> on Tuesday December 21, 2004 @08:08AM (#11146085) Homepage Journal
    For an account name, apg is fine. For passwords, I've created a far more flexible system which I distribute with documentation describing password generation [ajs.com] from my site.

    The key to good password generation is allowing the user to describe how it's to be done. This increases the ability to memorize passwords and makes it harder for an attacker to guess.

    To that end, I have created a sort of reverse regular expression syntax where you describe the password to the program using general patterns. Try it out.
  • My experience (Score:5, Insightful)

    by Underholdning ( 758194 ) on Tuesday December 21, 2004 @08:09AM (#11146089) Homepage Journal
    I have two gmail accounts. One is myl33tusername@gmail - the other is firstname.lastname@gmail. Guess what - the latter is now swamped with spam. Granted, gmail properly files them all in the spam folder, but it shows that the spammers are already firing off massive dictionary attacks on gmail.
    • This has happened to me as well - except my last name is NOT that common...

      I've given up all hope. If they guessed my full name, then they're guessing everything. Might as well go publish my e-mail address on usenet! :)

    • I have experience nothing but improvements. OK, there were a few days last month that were a bit heavy on the spam misses but I put that down to gmail testing something. It sorted itself out soon enough.

      When gmail started putting the spam count in brackets I was getting 6500 spam emails every 30 days.

      For the last month or so it has been around 3500 for 30 days.

      Gmail misses 10 a day and gives me a few false positives a month. The false positives would definitely be spam to most people. I wish they would i
  • by echocharlie ( 715022 ) on Tuesday December 21, 2004 @08:11AM (#11146099) Homepage
    The evidence is empirical. The conclusions are common sense. I'm surprised the article doesn't talk about False Positives, the bane of spam filtering. I usually sign up for a few mailing lists, and then create filters to automatically archive them. Recently, a lot of my mailing list traffic has been marked as Spam, even though my filter specifically says to archive all mail from the list.
    • yesterday's discussion on antispam email tools stirred up a passing mention of the false-positives issue [slashdot.org]. The results you get appear to depend highly on what kind of traffic is comming in. The nice thing about gmail is that with its generous storage allotment, you have 30 days to scan the spam list before the mail is actually flushed. Personally, I only seem get email alerts from one source [that is heavily laden with adverts] mismarked. I am quite happy with gmail as it has no other misfires and easily
  • by jokach ( 462761 ) on Tuesday December 21, 2004 @08:11AM (#11146100) Homepage
    Get an email address from here:

    http://www.abcdefghijklmnopqrstuvwxyzabcdefghijklm nopqrstuvwxyzabcdefghijk.com/ [abcdefghij...fghijk.com]

    most spammers won't think you're serious.
  • Yes, but (Score:4, Funny)

    by Omicron32 ( 646469 ) on Tuesday December 21, 2004 @08:11AM (#11146103)
    Is apg digitally signed?
  • Spam, by nature... (Score:4, Interesting)

    by suso ( 153703 ) on Tuesday December 21, 2004 @08:11AM (#11146104) Journal
    I think by nature, spam gets more and more like real messages. This means that eventually all spam filtering becomes ineffective. Someone could probably make a research paper out of this.
  • TOP SOFTWARE... (Score:4, Informative)

    by rokzy ( 687636 ) on Tuesday December 21, 2004 @08:13AM (#11146117)
    I keep getting the same spam over and over which starts "TOP SOFTWARE...". It's mostly the only one I see and GMail recognises it as spam, but the same message keeps coming to my spambox several times a day. I wish they'd just ban it.
    • I get the same one. Just started not long ago. It's always to the first 4 or 5 letters of my username, and then it goes off into random land, but I still get it. At least it marks it as spam, but I was a lot happier when I was receiving absolutely 0 spam.
      • Re:TOP SOFTWARE... (Score:2, Informative)

        by terbor ( 566711 )
        That's my brand of spam too. For me, the first 6 letters match and then it goes off to random number land. But I get at least one of those a day. I send them off to Spamcop.net but their analysis seems to indicate the e-mails are coming from China. We all know their attitude about helping to stop spam...
    • Re:TOP SOFTWARE... (Score:2, Interesting)

      by Anonymous Coward
      add a filter. I've found that a dozen or so well chosen filters takes care of 90% of spam. The best part is that it only takes a few seconds to write one and it's good forever.

      A couple of tips:
      - you almost always want to have "...and sender is not in my address book" as part of the filter expression.

      - For definite spam, I set the actions as "delete" AND "delete from server". This is particularly useful for webmail or other non-archiving clients. In my case I check my email from both Windows and Linux
  • What Spam? (Score:2, Insightful)

    by Icephreak1 ( 267199 )
    It was some weeks before I noticed I even had spam in my Gmail account. It has thus far filtered spam with one hundred percent precision. Best I've seen anywhere.

    - IP
    • It was some weeks before I noticed I even had spam in my Gmail account. It has thus far filtered spam with one hundred percent precision. Best I've seen anywhere.

      This is my experience, too. Out of the hundred or so spam messages I have received thus far, not a single one has escaped my spam folder. Also, no false positives, yet.

      BTW, doesn't GMail allott invites based on how much mail you receive? I have ten invites right now, the most I've ever had.
  • More Useless News (Score:4, Insightful)

    by PingXao ( 153057 ) on Tuesday December 21, 2004 @08:21AM (#11146157)
    Seems to be a lot of that going around here these days. Another run-of-the-mill blogger thinks he's discovered something new and interesting and all of a sudden it's big news on /.

    Listen, spammers use dictionary attacks. They'll send their turdlets to any number of common names and words and variations thereof. It's the same for any email domiain. The phenomena certainly isn't unique to Gmail. You see it taking place on just about every ISPs mail servers. And God knows it's no big revelation that if your email address is hard to guess then you'll get less spam. For Pete's sake! I can't believe how lame this is. This is one of the lamest stories on slashdot I've seen in quite some time.
  • My take on it (Score:2, Informative)

    I'm getting about 5 a day now. I have a sinking feeling I accidentally put my real email instead of a throw away one into some online something or other.

    On the other hand, Gmail marks every last one of them correctly.
    • You could try googling for your email address.

      I do this regularly (well a URL monitor does it for me) as a precaution. A few months ago, Google told me that I had accidentally posted my real address on a forum, and I pleaded with the webmaster to remove it.

      They took it down, and that email address still only receives ~1 unsolicited email a week, usually from a friend with a virus.
  • by Zangief ( 461457 ) on Tuesday December 21, 2004 @08:24AM (#11146165) Homepage Journal
    This can be paired with using your real name as a password, for extra security.

    Username: sds#SFD#4sdv_sd
    password: johnsmith

    That is gonna screw those crackers!
  • by artifex2004 ( 766107 ) on Tuesday December 21, 2004 @08:25AM (#11146174) Journal
    Spamcop reports as originally being from a "ajicccln.info" address. They're using a nameguessing system, too. I wonder why Google doesn't just block their IPs totally?
  • by TractorBarry ( 788340 ) on Tuesday December 21, 2004 @08:26AM (#11146179) Homepage
    Well I got a GMail account especially so I can use it to sign up to bulletin boards, forums and to use when I order stuff over the web etc. etc.

    That way all the spam I get should start going to my GMail account thereby leaving my real email account (hosted on my home server) free for me to use with friends and family etc. (It's been 100% spam free in the nine months I've been using it)

    Previously I'd been using a "throwaway" domain name I bought specially for this (which gets redirected to a real account) but it's due for expiry soon and, now I have a GMail account, it can go ! So my top tip of the week is get several free web mail accounts and use them for everything but your private stuff.

    And on this note I'd never use my GMail account for any private stuff as, fer fecks sake, they're a SEARCH company. How long do you think it'll be before their new corporate shareholder overlords start doing some real intensive data mining on all your GMails ?

    "But dude, their motto is do no evil" I hear you squeak. Sorry, they're a publically listed company and will do whatever "the market" tells them to do...
    • Have you ever taken a look at Spamgourmet

      http://www.spamgourmet.com

      It creates useable/disposable email addresses that are self-timed to destruct after a certain number of replies to the address. Very elegant solution to avoid the problems you describe.

      I use it all the time when signing up for forums, ordering online, etc... with no problems.

      hth,
      jeff
  • Published addresses? (Score:4, Informative)

    by dr_d_19 ( 206418 ) on Tuesday December 21, 2004 @08:30AM (#11146194)
    Something I'd like to know (and this isn't stated in the article) is: which of his accounts has been published somewhere on the net (or available to the public in any harvesting kind of way).

    Doesn't matter if your account is simply garbage, as long as someone can spider it on the web. All honor to the dictionary attack, but as we all know, it doesn't take very long [slashdot.org] before someone finds your account on the web. Also, there are ways to prevent this [slashdot.org].

    I never have my mailto clickable, and I use combinations of images to display it.
  • by Underholdning ( 758194 ) on Tuesday December 21, 2004 @08:32AM (#11146205) Homepage Journal
    Here's a sample output:
    ~$ apg -M L -t
    irpoynno (irp-oynn-o)
    padolchair (pad-olch-air)
    rheyghyab (rheyg-hyab)
    ledonoxi (led-on-ox-i)
    hiryisso (hir-yiss-o)
    ojfebthuff (oj-feb-thuff)

    I don't know about you, but suggesting people selecting rheyghyab@gmail as their email address seems pretty stupid to me. Granted, spammers will have a hard time guessing it, but everybody else will have a hard time remembering it.
    • funny part.

      My spam poisioner that generates email addresses for harvester bots makes email addresses like that.

      every harvester bot will get 100 email addresses like the usernames you mentioned on every page they hit on my sites.

      Also, I am certianly not the only one doing this as I am using a project from sourceforge do do this, so making usernames like that is not effective.
    • What about apg -M L -l ? :-)

      tango-yankee-zulu-echo-romeo-kilo-alfa@gmail.com , here I come! :-p
    • "Rheyghyab"? Pfffft! Who isn't going to be able toremember the capital of Cabanastan?
  • by Danathar ( 267989 ) on Tuesday December 21, 2004 @08:33AM (#11146209) Journal
    I use Jetable.org (time expiring email relay addressess) to when signing up or doing something that I might suspect might get me on a spam list. This way email get's sent to my gmail (or any other account) for a limited time and if the spammer gets a hold of the jetable email address, it just expires after a set time period. VERY useful!

    And it's totally free!

    http://www.jetable.org/en/index [jetable.org]

  • I don't know if this is related but my spam on gmail exploded after I've used it as my primary ebay account email.
  • In brief, is what the article proposes, so spammers will not reach you at least thru brute force approachs, that seem to be are very inefficient (and dumb, trying to guess all specifically gmail users when gmail will detect all their messages as spam shows that the sender is not only a spammer, is an idiot too).

    But your email worths nothing if noone knows it, and if enough people knows it in a way or another, at the very least some will be infected by worms or be part of botnets that will share your hard-

  • You could try admin.(your name)@gmail.com or abuse.(your name)@gmail.com . Those are generally filtered out by spam companies, you could get less spam, but it still probably wouldn't stop it completely.
  • I use my Gmail account for friends & family only. I have a yahoo account for my online subscriptions (including /.) and therefore don't really have a spam problem.

    That is, unless, your referring to the 3-4 spam messages my Gmail account gets per week.
  • Free Invites (Score:3, Informative)

    by dahl_ag ( 415660 ) on Tuesday December 21, 2004 @08:51AM (#11146351)
    If you are looking for an invite, check out http://www.freegmailinvites.com/ [freegmailinvites.com]. It DOES actually work. That is where I got my gmail account. I just donated 10 new invites to the site.
  • by Vo0k ( 760020 ) on Tuesday December 21, 2004 @09:12AM (#11146509) Journal
    I wonder if the spammers caught it yet. Gmail supposedly supports syntax of youraccountname+arbitrarytext@gmail.com and the email still gets delivered, plus can be filtered. If spammers don't get the idea tp cut the +...@ part off, you may easily post you+webpage001@gmail.com on your webpage and once harvested by spammers, change to you+webpage002, while blocking all emails with 001, etc. Same with "temporary stuff", like, say, logins to "suspect" sites, ebay auctions etc. Whenever it's not needed anymore, filter it off.

    Of course sooner or later spammers will learn to remove the + part. Then still putting periods at arbitrary places of your gmail u.s.ern.ame remains
    • For one thing, I suspect that the spammers could probably figure out what the base username is, and then just hammer your account with spam.

      Secondly, I've been noticing this week in the spam folder, that I'm getting a lot of copies of the exact same message, sent to myusernameXX where XX are just two random numbers.

      So now, instead of getting one copy of any given spam consuming my storage, I'm getting multiple copies sent to invalid addresses that just happen to start with my username.
  • or was it just the fact that all the email addresses on it are so new that they hadn't gotten propagated around on spam-lists.

    or is it that now that there are so many email addresses @ gmail, any random 6-8 character string @ gmail.com is likely to match up with *somebody*, so just flooding the system will get some through.

    gmail, like hotmail, will become a victim of its own success very quickly.
  • it all goes into the spam folder. I have a quick review of that folder before nuking. I don't open any of it.

    Once something is flagged as spam it appears to flag it for everyone (least it looks like what it is doing). As spam dealing goes, Gmail has to be one of the best.
  • What I'd like is for Google to stop sending my 'good' mail into the spam box, I seem to be getting a tremendous amount of false positives the more I use the account. One would think the opposite would happen as it click the 'not spam' button, but It's beginning to get frustrating and emails to Google meet with no response.

After all is said and done, a hell of a lot more is said than done.

Working...