A Look At Google's Email Spam Prevention

CNet has a story about the security measures Google employs to protect their email systems and fight the never-ending war on spam. Their Postini team, acquired two years ago, has a variety of monitoring tools and automated response systems to find and block undesirable messages. Quoting: "The system scores each message on numerous combinations of criteria, assigning a weight to each and then comparing the score to those in a database of several hundred thousand message types that have been flagged as good or bad from Postini honey pots and customer spam reports. ... To block fresh spam attacks not covered by existing heuristic technologies and viruses not covered by existing signature databases Postini relies on proprietary Zero-Hour technology to identify new outbreaks that show up in the traffic patterns and quarantine them for later rescanning. Customers can also create and build out their own white lists of message senders they trust and blacklist others they don't trust. It takes an average of 150 milliseconds for a message to be scanned by the antivirus engines that Postini licenses from McAfee and Authentium.

Don't care how they do it..

[Finallyjoined!!!]

I now get a couple of shed loads less spam. I used to check the apam directory for false positives. Don't bother doing that either.

Go gmail :-)

"Postini"?

[John Hasler]

My previous ISP switched me over to Postini with no advance notice (we got a cheery note from marketing after the deed was done). Blocked half the spam and half the ham. They told us how to disable the filtering "features" but it turned out that all the filtering could not be turned off.

I'm not with that ISP any more.

Re:"Postini"?

[rm999]

Tell him to look up the definition of "whitelist".

My guess is the system runs much more optimally when your entire address book is whitelisted.

Re:Don't care how they do it..

[jo42]

Don't care how they do it..

Then I suggest that you don't really belong on /. ...

Re:"Postini"?

[rm999]

"there is NO way to disable or bypass it"

Have you looked into filters? They added an option to "Never send it to Spam" about a year ago. You can create custom white lists with this, or just include everyone in the filter and totally bypass the spam filter.

Re:But what about spam from "me"?

[hidden]

Keep in mind:
It's a perfectly legitimate (and common) for non-webmail users to have their outgoing server be their local ISP. So if google did what you're suggesting, all those people that use an IMAP client to receive their gmail, and send via their ISP wouldn't be able to send to other gmail users

Re:"Postini"?

[macraig]

That's irrelevant: you'd have to KNOW who it was from in order to employ a SEARCH like that. That's not useful at all when you aren't looking for something specific.

Re:now am worried !!

[Ron Bennett]

150 milliseconds sounds fast, but equates to only 7 messages per second.

Sure that may be faster, presuming it's a deep intensive scan, than what one can do on their home PC, and yes Google has zillions of boxes ... but anyways, my point is that 7 messages per second illustrates the very real, high cost of dealing with spam; scanning of just a million messages, which is a fraction of the spam volume, at 7 messages per second, takes well over a day of computer time.

Ron

Re:"Postini"?

[thePowerOfGrayskull]

Take a deep breath dude, was trying to give you info that I thought might help. Now it seems that you've presented a moving target. You first said:

having means to sort all of it by From:, To:, and other criteria would make it easier to identify the false positives

Now you say:

That's irrelevant: you'd have to KNOW who it was from in order to employ a SEARCH like that. That's not useful at all when you aren't looking for something specific.

If you don't know who it's from, to ,etc how is sorting by these fields going to help you filter out false positives? Since you now posit that you don't know who it's from, then that won't give you any information that you can use. In addition, you don't need to be searching for something specific to use the filters that are available.

Re:now am worried !!

[binaryspiral]

As an email administrator - I wouldn't give a user the ability to disable virus filtration on their email account - even if I knew they weren't a direct threat to any known virii. Too many stupid people out there know how to use the FWD button.

I know what you're saying, but since you're probably the smartest user out of the tens of thousands that use your email server - they're not likely to give you a one-off option.

Re:Gmail and Me

[binaryspiral]

Did you have an easy to guess username?

Just because you didn't send email from "robogun@gmail.com" doesn't mean your robogun@att.net isn't on a spam list somewhere. How do you increase the size of a spam list exponentially? strip all the domains from the addresses and find common names... then generate one email address for each domain you want to hit.

Ta-da... spam email sent to accounts that were never used. This could indicate that google's directory harvest attack identification methods need some fine tuning, but I doubt its maliciously allowing people to spam you, that's just plain stoopid.