Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Google Businesses The Internet IT

Some Anti-Spam Vendors Blocking and Slowing Gmail 163

fiorenza writes "Google's Gmail (and corporate mail) are being throttled and sometimes blocked by some anti-spam services, including MessageLabs and Antigen. Ars Technica reports that the blocking is a result of the Google CAPTCHA crack, which has allowed a deluge of spam from Gmail's clusters. Most users won't get blocked mail, but Ars confirmed with MessageLabs that Gmail delivery delays are to be expected."
This discussion has been archived. No new comments can be posted.

Some Anti-Spam Vendors Blocking and Slowing Gmail

Comments Filter:
  • by gnuman99 ( 746007 ) on Monday April 07, 2008 @04:10PM (#22993542)
    There were number of times where my emails are silently deleted from Hotmail or even gmail, so hey. Welcome to the world of screwed up SMTP protocol. And all thanks to spammers.

    Today email is less reliable message delivery medium than regular mail which is quite sad considering all transactions in SMTP were considered to be, well, transactions. An acceptance of email by destination means it is delivered, not going to /dev/null. Want to filter spam? Reply with 5xx codes instead - not accept with 2xx and then bin it (unless mailing list headers found in mail, there you can drop spam)

    • by imemyself ( 757318 ) on Monday April 07, 2008 @04:23PM (#22993684)
      I definitely agree with you, if a mail server accepts my mail with a 200 code, then the mail *should* be delivered. Even if its put in someone's spam folder, the message should get there. That's one of my pet peeves. That being said, from my experiences when setting up my mail server, Gmail was probably one of the best about not blocking legit mail (I've had an SPF record since the beginning though). I had lots of problems with Hotmail, and I think my mail was usually marked as spam by Yahoo until I enabled DKIM signing. With SPF records and DKIM, I don't think I have any major problems (though my mail server handles a pitifully small amount of mail, so its not like we're going to get marked as a bulk sender).
      • by BagOBones ( 574735 ) on Monday April 07, 2008 @04:45PM (#22993910)
        Really? Do you have any idea the resources this would take for some organizations?

        Based on stats from my frontend SPAM filters 80 - 90% of ALL mail receive in a day is SPAM.

        On my reports some individual users are targeted with between 1500 and 2000 SPAM messages a day. There storage quotas would probably be exceeded over night from SPAM alone.

        I would need to increase my storage capacity immensely if I allowed every spam message to get to the users Junk folder. Not to mention the extra bandwidth of allowing all those mail delivery connections to complete OR to send NDRs to forged senders that are going to bounce back at my system and cause even more load.
        • by freedumb2000 ( 966222 ) on Monday April 07, 2008 @05:09PM (#22994116)
          True, and it is really not necessary to pass all mail. In my experience weeding out mal-configured mail servers (i use postfix rules and greylisting) takes care of over 90% of spam. The rest gets caught by an RBL or tagged by spamassassin and sent to the users spam folder. Things may change any day though depending on future strtegies by spam senders, but at the moment it works quite nicely.
        • OK, then use DNS/IP blacklists have your mail server's not accept the mail and report a 500-something error to the SMTP client that's trying to send it. That would block a substantial amount of the spam. Then the rest could be put in the user's spam folders based on content filtering, which can be very unreliable. I just noticed a legitimate message that spam assassin marked as an 8.1 (I've tuned it to put it in my spam folder at 3.3). If need be, the spam folder could be deleted every week. There's no
        • by kesuki ( 321456 )
          Most of the spam mail is identical, and goes to multiple accounts. if you have millions of users, then you can save space by making messages with identical md5 sums all take only one slot of disk storage space.

          then you run into the problem that not all e-mails produce unique md5 sums (something only an e-mail provider with millions and billions of test cases would ever notice...) and well the occasional bit of mail gets lost because it produced an identical md5 some by chance as a spam message.
        • Use a decent SMTP Proxy like ASSP or other commercial systems where if it's marked as spam, the sending SMTP Server is given 5xx notice so if it's legit, user gets a bounceback and if it's spambot, it just disappears.
        • For your external mail servers, put SPF and blacklist filtering *first*. Both are very lightweight filtering and easy to use, and tremendously reduce the load of spam that needs to be checked by other means.

          Unfortunately, the Gmail spam recently passes both of those, because it's going through Gmail's legitimate servers with falsely registered, but registered nonetheless accounts. So such IP based filtering does not help. And I'm afraid they need to really rethink their CAPTCHA approach.
        • Yes, having a spam filter in front of your internal mail system makes perfect sense in most cases today. Having a third party anti-spam service is awesome because they front all of the bandwidth, smtp connections, general administration of the anti-spam system, and they usually have a spam quarantine of some sort for your IT or end users to peruse and search.
        • I think you'd find that if you would reject on obvious stupid things, and implement greylisting, that the amount of stuff you would actually have to process would go waaaaay down.

          My company (and my home server) reject (mail does not get delivered, but an error is sent back to the originating server) on the following:

          - not using a FQDN (i just look for a '.' fer cryin' out loud) in a helo greeting
          - claiming to be my server in a helo greeting
          - using an rfc1918 address in a helo greeting
          - claiming to be a fro
        • by Phroggy ( 441 )

          I would need to increase my storage capacity immensely if I allowed every spam message to get to the users Junk folder. Not to mention the extra bandwidth of allowing all those mail delivery connections to complete OR to send NDRs to forged senders that are going to bounce back at my system and cause even more load.

          On top of that, if you send all spam to the Junk folder, it completely negates the usefulness of the Junk folder. I send spam with a SpamAssassin score between 5 and 10 to a Quarantine folder, but anything above 10, users never see. I look through my own Quarantine folder every few days, checking for false positives, and every now and then, I find one. This is useful. If everything scored above 10 were in there too, there's no way I'd have time to look at it.

          The system-wide quarantine (with all message

      • Re: (Score:3, Informative)

        by Spazmania ( 174582 )
        if a mail server accepts my mail with a 200 code, then the mail *should* be delivered.

        That's not actually the rule. The rule is: if a mail server accepts my mail with a 200 code, then the mail should be delivered *OR* a non-deliverable message should be constructed and returned to the envelope from address.

        When you actually follow that rule, it's quite amazing how many folks get bent out of shape by the undeliverables returned when someone forges their address, even though they haven't bothered to use SPF t
        • by Sorthum ( 123064 )
          SPF has severe implementations flaws. Generating an NDR for a message you've accepted, back to a purported sender is contributing to the backscatter problem, and is NOT a viable solution.
          • NOT a viable solution.

            And yet it is the published rule per RFC 2821 section 3.7:

            'If an SMTP server has accepted the task of relaying the mail and later finds that the destination is incorrect or that the mail cannot be delivered for some other reason, then it MUST construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse-path).'

            You can't complain about others breaking the rules and then cherry pick which ones you're going to f
      • I had lots of problems with Hotmail, and I think my mail was usually marked as spam by Yahoo until I enabled DKIM signing. With SPF records and DKIM, I don't think I have any major problems ...

        Yahoo allows you to request your server be whitelisted [yahoo.com], so you could have saved yourself the trouble with DKIM and friends. I did exactly that, and my DSL-based servers send and receive email all day long without issue.

        As a side note, I use Spamhaus RBLs, so my spam (predominantly from the cable dynamic IP crowd) is
      • Please, people, SPF is broken, and so are all the other similar technologies.

        For one thing, they are not standardised but in competition. That means most people don't use them. That means they are practically begging for a high proportion of false positives.

        For another, the technical approach they tend to take is impractical. It's all very well saying big business should set up its DNS entries using this or that little hack, but most of us (yes, the vast majority of domains registered) are not running o

    • by gnuman99 ( 746007 ) on Monday April 07, 2008 @04:26PM (#22993708)
      Just to add something, the problem with 5xx replies is filter is *before* queue so some mail may be delayed and servers need to be contacted a few times before they get a delivery slot. For example, say gmail can filter 1 million messages at a time. That means 1 million open connections. So, if you are connection 1,000,040 you get 4xx response - temporary failure due to no available resources. So try again later.

      This is not a problem, really. You can wait a few days until you can deliver the message as long as it is *delivered* eventually. /dev/nulling spam while accepting it with 2xx code is like burning unopened envelope at post office because it was typed instead of handwritten indicating possible spam.

      Pre-queue filter with only 1 unique IP connection at a time to mail server. Problem solved.

      Huge email servers get reasonably constant and predictable amount of mail per day and per hour and even per minute. They can plan pre-queue filtering with some margin for any spikes. And if there is a huge bomb and your mail doesn't get there for 7 days and your server gives up, hey, at least you get a "Could not deliver the message because destination was not available". Much better than "err, never got any mail from you" from the destination party.
      • Pre-queue filter with only 1 unique IP connection at a time to mail server. Problem solved.

        Botnet.
    • Today email is less reliable message delivery medium than regular mail
      Depends on where you receive your regular mail and how you do email. I've has less than 10% of my emails not get where they were going, and if you take out the former company domain that was spamming people, it's 0%. Where I live now, there's a good 30% chance that my mail won't get to me.
  • Crack down (Score:3, Insightful)

    by Midnight Thunder ( 17205 ) on Monday April 07, 2008 @04:10PM (#22993544) Homepage Journal
    I am not sure what Google can do to crack down on this abuse, but they really need to. Have there been any improvement to their Captcha system since it was compromised? Are they closing down suspect accounts?
    • What they need to do is have a process for detecting when an account is spamming.

      Now, you and I would just say "when an account is sending 10,000 messages a day" and that would be correct for about 99.9% of the cases.

      I'd also recommend Google "seeding" the spammers databases with "spamtraps" (not tied to Gmail or Google in any way). If an account sends email to a spamtrap, that account is frozen.

      And so forth.
      • by timeOday ( 582209 ) on Monday April 07, 2008 @05:41PM (#22994402)

        What they need to do is have a process for detecting when an account is spamming. Now, you and I would just say "when an account is sending 10,000 messages a day" and that would be correct for about 99.9% of the cases.
        No, that's the whole point of defeating captcha. Instead of sending 10,000 messages from 1 account, send 10 messages each from 1000 accounts.
        • PS, that also defeats the spam trap addresses. If you're only sending a few (or 1) spam from each account, killing an account because it sent email to a fake user doesn't help much.
        • by rtb61 ( 674572 )
          The problem will eventually resolve itself. With the switch to IPv6, dirt cheap appliance servers and free open source software, everyone will be running their own email server. The net result of that is, the default will be to block all free web mail messages and only allow known ones in.

          Until then ISP's are going to have real problems with free web mail services, for the end user of course the solution is simply block them, and wait for an alternate form of communication to let you know an address to al

          • by Phroggy ( 441 )

            The problem will eventually resolve itself. With the switch to IPv6, dirt cheap appliance servers and free open source software, everyone will be running their own email server. The net result of that is, the default will be to block all free web mail messages and only allow known ones in.

            Until then ISP's are going to have real problems with free web mail services, for the end user of course the solution is simply block them, and wait for an alternate form of communication to let you know an address to allow in.

            You're just talking about whitelisting, which makes e-mail nearly useless because people can't get on your whitelist until they've gotten on your whitelist so they can let you know they want to send you mail. IPv6 is completely irrelevant to this discussion; most people don't want to run their own mail server and I sure as hell don't want them to try. It takes a lot of work for me to maintain my own mail server, and I know what I'm doing; normal users shouldn't have to deal with that responsibility.

            No, t

      • by kesuki ( 321456 ) on Monday April 07, 2008 @05:46PM (#22994456) Journal
        welcome to spamtrap@donotreply.com (just kidding, but donotreply.com gets a lot of interesting e-mail, I just wondered what they'd do if they started getting 'spamtrap' addressed mail)

        well, making special spamtrap e-mail addresses and putting them in the clear on usenet, message boards, or even on social networking sites owned by google, and making sure the content is boring drivel no one would e-mail that person about. well, i mean how could you decide how to make boring drivel that would still put their address out on sites? 'first post' messages?

        wouldn't someone notice that google got 'first post' every time on 123 consecutive front page articles? wouldn't they? though and e-mail them a congratulation and get spam busted?

        i mean i know i can post boring irrelevant information, but i can't guarantee that if an e-mail is tied to that identity that someone won't e-mail me....

        so spam traps are harder to implement than one would think, unless they're in 'hidden' code. EG: you go to a website, the e-mail is in the html, but never shows on the page... and if you do that, then they might make a scanner that nullifies those addresses... once the realize what's happening.
    • Maybe they could try filtering their outgoing messages? Just a thought.
    • Re:Crack down (Score:5, Interesting)

      by Thelasko ( 1196535 ) on Monday April 07, 2008 @04:47PM (#22993930) Journal
      I think the safest thing they can do right now is return to their invitation only registration in an effort to close the breach. Then they have to start deleting spam accounts quickly before the spammers adapt to inviting themselves. If they are lucky they will be able to delete spam accounts faster than they multiply.
      • Then they have to start deleting spam accounts quickly before the spammers adapt to inviting themselves.

        One of the great things about the invitation only registration is google can delete an entire block of accounts and follow the chain up to the offender.

        The down side is, people who live alone with no friends on or off line will be unable to get a gmail account. At first glance this may seem fine since they would have no one to email anyway, however, some porn sites require email registration.

  • Google wins (Score:5, Insightful)

    by mfh ( 56 ) on Monday April 07, 2008 @04:11PM (#22993562) Homepage Journal
    The missing part of this story really is that Google`s Gmail client has very effective anti-spam filtering. I can see why companies who earn their keep protecting typical client-side email systems, would want to make Gmail obsolete or ineffective. Spammers might use Gmail as a tool to spam, but with good filtering it really doesn`t cost that much compared to the loss of time spent weeding out ham from spam.
    • ...to be safe from spammers using Google Mail... people should just -get- Google Mail themselves?

      I don't know whether to just blink or to think that you discovered a Google strategy here; getting even more people over to Google Mail because there's less spam there; nevermind the fact that a portion of that spam is sent from their own servers(!) I suppose there wouldn't be a heck of a lot of incentive to do something about the spam accounts, then.

      =====

      Or maybe you're saying that Google should apply their sp
  • We use messagelabs (Score:2, Interesting)

    by DaveOne ( 1130433 )
    Our company uses Messagelabs. Just tried a quick message from my Gmail account. Almost immediately received the message. No delay for my account, at any rate.
    • Same here - mail between my Gmail account and my work account, which gets Messagelabs spam/malware filtering, works fine in both directions. Sounds like a badly-sourced story to me...
  • by Animats ( 122034 ) on Monday April 07, 2008 @05:15PM (#22994180) Homepage

    Gmail should go back to their old scheme, where you had to have a cell phone to receive your password, and you could only have one gmail account per phone. That would slow the spammers down.

    If you don't have a phone, you're probably not a good candidate for an advertiser-supported service anyway.

    • What? I've never seen an ad in my gmail when i use my phone.

      Of course, the phone runs Windows Mobile so I don't use the gmail program, I just have it check IMAP every 10 mins, but who's counting?
      • by Animats ( 122034 )

        What? I've never seen an ad in my gmail when i use my phone.

        In the early days of Gmail, you had to supply a cell phone number, and your initial password was sent to your cell phone via SMS. One Gmail account per cell phone number. This puts a dent in spamming; you have to keep buying new phone numbers as your old accounts are terminated.

        Some free dating sites now do this. I've been bugging the Craigslist people to try it.

    • by Oriumpor ( 446718 ) on Monday April 07, 2008 @09:14PM (#22996000) Homepage Journal
      Expect to see a technological solution, this isn't a company full of middle managers or people who are used to losing technical battles.

      If I were a betting man I'd say Google will either A) release a new authentication/authorization scheme for creating new accounts, or B) they'll evolve their current system to be resistant to delivering false negatives on bot provided responses.

      Because honestly, isn't this just graphical/visual acuity based Turing test that needs to be treated as "passed" by the industry? The reasoning being: the equivalent of Alicebot now exists for the graphical world, so the test needs to be re-engineered to test another (currently) unpassed Turing style evaluation.

      Based on that realization: the whole reason capcha's are stupid is that if you keep the existing design but try and make it "harder" to break, the designer of the Bot need only account for that change and not an entire redesign.

      All this sounds like a great technical challenge: think up a new Turing test... When in reality those posting go back to invite only are absolutely right but it's likely we won't see that come out of Google.
    • by whereiswaldo ( 459052 ) on Monday April 07, 2008 @10:27PM (#22996322) Journal
      Gmail should go back to their old scheme, where you had to have a cell phone to receive your password... If you don't have a phone, you're probably not a good candidate for an advertiser-supported service anyway.

      Since when does cell phone == phone? Tons of people don't have cell phones, and most of them are consumers of various goods just like people who do have cell phones. It's amazing how the 'net culture makes it easy to write off huge swaths of the population just because they don't have or want the latest gadgets.
  • by kitsunewarlock ( 971818 ) on Monday April 07, 2008 @05:48PM (#22994492) Journal
    Blame the companies that allowed the idiots who buy from spammers to get internet in the first place. I know: everyone makes mistakes. At 2 AM, even I've clicked on a banner once or twice to find something (although I can never recall joining a site due to advertisement via mass mailing).

    But, sadly, statistics still prove that if you try to hit 1,000,000 people without any true risk of getting caught, your bound to hit a sucker eventually. There's one born every minute, after all. Not to use colloquial phrases as my source, of course.

    Personally I'm disheartened that American spam has lowered so. It makes it much harder to track down the parent company and call them and ask them why they sent you their e-mail in the first place...
  • And go after the IP number and the individuals doing this shit.

    Go after their ISP's and take the idiots to court.

    Cat and mouse games are stupid.
    • Re: (Score:3, Interesting)

      by Skapare ( 16644 )

      The IPs doing this shit are the end user addresses for home and office computers that are no different than all the other end users that use Gmail. They could block an IP, but eventually that IP will be used by someone else who is a legitimate and secure Gmail user. They are better off closing accounts that send spam. But Google isn't doing that (based on having seen spam from the very same user I reported to them as a spammer 2 weeks prior). If they do decide to pursue the user of the IP, once they get

      • by zymano ( 581466 )
        interesting.

        I hate Captchas. This all revolves around lack of control.

        ISP's forcing users to use tracking software would help.

        We can do this but don't. It's perceived is a wild jungle so we don't do anything.
    • by Dan541 ( 1032000 )

      And go after the IP number and the individuals doing this shit.

      Go after their ISP's and take the idiots to court.

      Cat and mouse games are stupid.
      You think we woulden't take spammers to court if we could?

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Working...