Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Google AI Spam IT

Ask Slashdot: Why Can't Google Block Spam In Gmail? 265

An anonymous reader writes Every day my gmail account receives 30-50 spam emails. Some of it is UCE, partially due to a couple dingbats with similar names who apparently think my gmail account belongs to them. The remainder looks to be spambot or Nigerian 419 email. I also run my own MX for my own domain, where I also receive a lot of spam. But with a combination of a couple DNSBL in my sendmail config, SpamAssassin, and procmail, almost none of it gets through to my inbox. In both cases there are rare false positives where a legit email ends up in my spam folder, or in the case of my MX, a spam email gets through to my Inbox, but these are rare occurrences. I'd think with all the Oompa Loompas at the Chocolate Factory that they could do a better job rejecting the obvious spam emails. If they did it would make checking for the occasional false positives in my spam folder a teeny bit easier. For anyone who's responsible for shunting Web-scale spam toward the fate it deserves, what factors go into the decision tree that might lead to so much spam getting through?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Why Can't Google Block Spam In Gmail?

Comments Filter:
  • WTF? (Score:5, Informative)

    by rodrigoandrade ( 713371 ) on Monday October 13, 2014 @12:04PM (#48131781)
    Spam folder in my Gmail catches 99.9% of all spam I receive.

    As a bonus: it's also excellent about learning what I mark as spam, and dealing with false positives.
    • Re:WTF? (Score:5, Informative)

      by jeremiahstanley ( 473105 ) <miah@m i a h . org> on Monday October 13, 2014 @12:07PM (#48131839) Homepage

      I'll second this sentiment. Gmail catches an obscene amount of spam sent to my account accurately and with so few false positives it blows my mind. I've dealt with lots of anti-spam software and some hardware and Google does a fantastic job.

      Pro tip: you have to just start flagging things with the convenient "this is spam" button and in a short time their filters figure it out.

      OP might just be getting a lot of legitimate list traffic that they signed up for. That isn't spam, you asked for that and need to hit 'unsubscribe'.

      • Re:WTF? (Score:5, Informative)

        by pz ( 113803 ) on Monday October 13, 2014 @12:51PM (#48132535) Journal

        I have found that essentially every time I give my email to a legitimate retailer, they automatically assume that this means they can send me marketing email on nearly a daily basis. However, most retailers also honor the unsubscribe requests, and if you are vigilant about clicking through unsubscribe and marking real spam as such, GMail does a really very good job. Also, I've found that when I unsubscribe to lists that I really don't read (including marketing email that I might have thought could be interesting but no longer want), the total volume of spam goes down.

        I cannot explain the OP's experience, as it runs completely counter to mine.

        • Re:WTF? (Score:4, Informative)

          by ruir ( 2709173 ) on Monday October 13, 2014 @01:21PM (#48132937)
          Not a good policy, I never give my email to a merchant. They often resell list of contacts, wether you allow it or not. Also for some temporary uses, I often give mailinator accounts.
        • Re:WTF? (Score:5, Insightful)

          by Archangel Michael ( 180766 ) on Monday October 13, 2014 @01:22PM (#48132943) Journal

          "I cannot explain the OP's experience, as it runs completely counter to mine."

          I can explain. I'd rather not have to. But it basically comes down to (IMHO), "I don't know how to Gmail"

        • GMail makes it ridiculously easy to set up and use multiple email accounts for different purposes. Here's my setup:

          Initials.UniqueChars@gmail.com - this is the account I use to sign up for random internet things. It's fairly anonymous and disposable.

          Initials.MoreUniqueChars@gmail.com - an account for "important" internet things, like online stores, internet banking, purchasing apps, and other stuff that is a bit more sensitive than what's good for the throwaway account. Also might use this for various ma

          • by pz ( 113803 )

            More GMail tricks, that may help you: when you have account

            someaccountname@gmail.com

            all email of the form

            someaccountname+anysuffix@gmail.com

            goes to your account. The plus sign is a literal character, not a concatenation operator. The only downside to this is that some email validation suites don't allow plus signs in user IDs, even though RFC 5322 allows them. Sometimes I use the format

            someaccountname+onlinestore@gmail.com

            when giving my email address to OnlineStore.com so that it's clear from where parti

      • Re:WTF? (Score:5, Insightful)

        by ArmoredDragon ( 3450605 ) on Monday October 13, 2014 @01:03PM (#48132683)

        I joined gmail way early into the beta, so I got an email address that was simply my last name with first initial. Nothing else. Very simple, which I thought was great rather than adding a bunch of crappy letters/numbers to it.

        Problem is, I end up getting subscribed to mailing lists all the time because a lot of people with the same last name and a similar first name don't pay the fuck attention to what address they're typing in.

        The worst ones are the politician mailing lists. It's very rare that their unsubscribe feature even works at all, and when it doesn't, there's absolutely nothing you can do about it. Sure I add their address and name to my filters, but those fuckwads share your email address with each other. For example, I first got subscribed to Jim Dabakis, and he's since passed it to a bunch of other politicians in his fucking party so that they can send me messages from their stupid campaigns that are in another fucking state that I don't even care about. So periodically I get political emails from Democrats in Utah, and there's nothing I can do about it. Now I have no fucking idea how many lists I'd have to unsubscribe from, assuming that is even possible.

        Oh and they keep asking me for campaign contributions, which is SPAM by definition because it's very much an unsolicited advertisement, except every law that makes spam illegal conveniently excludes the very politicians who wrote those laws.

        So what can I do about it? Jack shit.

        Though there are a few times where I've done some things that aren't very nice with this. For example, somebody bought a Hyundai in Vancouver Canada (a place I don't live anywhere even remotely close to) and then gave them my email address. The dealership sent me one of those surveys that makes or breaks the salesman and counts towards the dealership itself with Hyundai, so I gave it the most negative review I possibly could. Somebody from there sent me an email asking if I was sure I wanted to submit a review like that, and that it would have to be submitted anyways if I didn't respond, but they'd like to "speak with me" about it first, so I just ignored them. Serves them fucking right for not verifying who owns the address.

        Another time some girl I don't even know sent me her nudies, but I just ignored the email.

        • Re:WTF? (Score:4, Funny)

          by Anonymous Coward on Monday October 13, 2014 @01:11PM (#48132779)

          Same here. I subscribed way back when it was in beta as well, only my address is my first and last name. Same problem with fucking morons that don't know their own GMail address.

          Lately I've taken to responding to messages I receive for other people. I've cancelled items ordered over the internet because I receive a confirmation email. I've cancelled hotel reservations....that one was funny...I wish I could have been there when the jackass tried to check in. I've even responded to quite obvious business emails where someone was looking for feedback on a project and I told them it was complete shit, they were incompetent and they and their team was about to be fired.

          Confuse my email address for yours because your too fucking lazy to learn the difference....then enjoy the consequences.

          • Lol. You're a lot meaner about this than I am, though I did get a certain pleasure in cancelling the facebook account that someone opened with my address.
          • why cancel?

            step 1 - change shipping address
            step 2 ???
            step 3 Profit!!!
          • by west ( 39918 )

            I too have initial + last name@gmail.com and get a fair amount of misdirected email. I make some effort to find the right address (had to call someone who accidentally had her cell phone bills sent to me... Happened about 2 weeks after the XKCD cartoon.)

            But I don't assume laziness, stupidity or malice when someone uses the wrong address. It's just a mistake. And people are almost always grateful when you help correct their mistake.

            It must be a miserable world where everyone else's mistakes are due to cr

        • So periodically I get political emails from Democrats in Utah, and there's nothing I can do about it.

          you can VOTE. one man can make a difference!

          Another time some girl I don't even know sent me her nudies, but I just ignored the email.

          sweeeet. was she hot?

        • Problem is, I end up getting subscribed to mailing lists all the time because a lot of people with the same last name and a similar first name don't pay the fuck attention to what address they're typing in.

          THIS! I have a rather regional last name... it's not common. But every moron out there seems to think it's theirs. I've done a lot of the same things that others have done... responded, canceled, ignored, etc. I've even tried to get the sources of these to require a confirmation link be sent to the subscribing email... no luck there either.

          Also, GMail is very good at catching SPAM, in my experience. Every once in a while, I'll get a few that I report and from then on, I don't see them anymore.

      • Re:WTF? (Score:4, Informative)

        by swilly ( 24960 ) on Monday October 13, 2014 @01:03PM (#48132689)

        I agree. I can't remember the last time I had spam reach my Gmail inbox. Google is incredibly good at finding spam.

        In fact, my complaint is the opposite, Gmail is too aggressive in flagging mail as spam. I get notifications from Fidelity about my account, and most emails are fine but things like dividend payments are consistently flagged as spam. I always flag them as "Not Spam", they match an existing filter, and I've even forwarded them to Google for review, but none of that has helped.

        I occasionally have other emails incorrectly flagged as spam, but its pretty rare. The Fidelity messages aren't time critical, so this is more of an annoyance than a problem. I wish Google (or Fidelity) would get better at recognizing the difference between spam and legitimate emails that happen to be sent to a lot of people.

        • my issue is the same as yours, I end up missing some emails because of the spam block. I cant recall the last time (if ever) i had spam come through in my inbox (been using since beta)
    • Re: (Score:3, Insightful)

      I agree. Perhaps the author believes Google should not only try to figure out what is and isn't spam but also delete it so we never see it. If so, I disagree as I much prefer Google's excellent spam filter that still allows me to wander through the spam folder looking for something that it miscategorized and train Google to no longer consider it as spam.
      • Maybe it shouldn't delete it but maybe more than one folder or putting a confidence level might be nice.
        It has multiple categories for the inbox now, why not multiple categories for spam? There is spam and
        then there is SPAM. My spam folder on google is full of stuff like viagra, russian bride, nigeria scams,
        emails written in chinese I can't even read and other 110% obvious SPAM. There are also a few emails
        or newsletters from companies with mediocre records. If my spam was split into 2 categories, my
        gue

        • Maybe it shouldn't delete it but maybe more than one folder or putting a confidence level might be nice.
          It has multiple categories for the inbox now, why not multiple categories for spam? There is spam and
          then there is SPAM. My spam folder on google is full of stuff like viagra, russian bride, nigeria scams,
          emails written in chinese I can't even read and other 110% obvious SPAM. There are also a few emails
          or newsletters from companies with mediocre records. If my spam was split into 2 categories, my
          guess is that 100% of the messages that occasionally get misplaced in my spam folder are in this
          questionable category not the blatantly obvious category.

          You mean you don't have the option to use a "Promotions" folder in Gmail where commercial email will go automatically? What are you using, the free version? Chuckle.

          • The free version has a promotions folder. It just doesn't really work well with an IMAP configuration.

    • WTF? (Score:3, Interesting)

      by Matt Cook ( 3875393 )
      Agreed, I run both my companies network (mx, spf, all that jazz) and my personal through gmail, and I get maybe 1 spam message per month on each account tops. I often open them as it is usually an interesting trick that the spammer used (that google will pick up immediately and I'll never see again)
    • by pjt33 ( 739471 )

      Indeed. Now that I've trained it to treat unsolicited e-mails from Twitter as spam, I hardly see any.

    • As other's have stated using the Report Spam feature should make 99% of spam a thing of the past by putting in the spam folder.

      The Original Submitter did not say but based on their description of running their own MX I would guess they are using IMAP (or maybe POP) to pull down their gmail to a local client and thus missing out on the opportunity to mark them as spam...

      I occasionally check my gmail from a local client but use the web interface enough to help the spam filter figure me out by marking messages

      • There seems to be an easy end-route around Gmail's filters that I get hit with. Someone sends me spam from "royalwatches[nn]@gmail.com" and has done for years now. Every time Gmail blocks royalwatches19@gmail.com, they start sending out spam from royalwatches20@gmail.com. And so on. And on. And on.

        I don't know whether the reserved royalwatches up to 100 or 1000 or 1,000,000 or beyond, but if they have, it looks like Gmail is never going to figure out that they're all bloody spam before the heat death of th

    • Same here. I see maybe one legit piece of spam a week in my Gmail inbox. Now if they can just figure out how to predict if an email is unwanted marketing from and block that, I'd be even happier. Sick of having to manually unsub.

      I have email accounts with about 10 different domains. Some are related to work and use various filtering tools, some are with free services. Between all my accounts I see maybe half a dozen spams a week. From an end-user perspective, spam for me died out years ago. I'm always amaz

      • Should have read "unwanted marketing from some random company that still does opt-in-by-default and block that". I forgot that /. still runs off 1970's technology and can't handle angle brackets.

        • ... It's what makes HTML markup like bold and italics and stuff.

          • Yes, and an intelligent text parser can differentiate between markup and angle brackets in text. Half-assed parsers assume that all angle brackets are surrounding markup, even when they aren't. Modern parsers tend to be of the former, Slashdot's is still the latter.

    • Spam folder in my Gmail catches 99.9% of all spam I receive.

      As a bonus: it's also excellent about learning what I mark as spam, and dealing with false positives.

      Exactly. Even without much training, my gmail inbox is as clean as clean can be. Soliciting emails that I want to see (stores I frequent, etc) are properly shunted into "promotions". It has been at least a year or two since I have seen anything resembling a 419 email. I would posit one of two things is going on; either the submitter has done a good job of confusing the filter by moving/marking the wrong items out of the spam folder, or there really is a Nigerian prince looking to strike a deal to get hi

    • Same here. I use my gmail far less than my yahoo account (my Yahoo goes to all sorts of disreputable forums) but I think I see maybe a spam e-mail every week or month on gmail that misses the filter. On Yahoo it is more like a couple a day when I haven't given out my e-mail lately, as bad as ten a day when I do give out my e-mail.
    • I'm going to join the "Me too!" brigade - Google gets almost all of my spam (and I pet a lot of stray dogs) - but add a quick comment.

      Every couple of months, as part of the never-ending cat-and-mouse game, someone figures out a pattern of text, words, links, and/or images that pass the Google sniff test for long enough to break through to mailboxes. I had one particular "class" of message this year that survived the onslaught of "mark as spam" that countless other gmail users must have been engaged in for

    • by XaXXon ( 202882 )

      Me too. I'm very confused seeing this ask /.

  • Spam on Gmail? (Score:5, Informative)

    by Anonymous Coward on Monday October 13, 2014 @12:05PM (#48131807)

    I realize that this is not a helpful response, but my Gmail account never gets spam, it's all properly filtered into the spam folder. Been years since I even gave spam a second though, actually. I imagine that most peoples' situations are similar.

    • Totally agree. Maybe once a month a single 'spam' message ends up in my inbox, and maybe 2 or 3 non-spam ends up in my spam folder. But even the ones that end up in the spam folder are from mailing lists or subscriptions. I've never had an actual hand-written e-mail from a person I know, writing to me about something we actually need to discuss, end up in the spam folder.

    • Anyone want to guess the age of the poster? Because while "Gmail gets a lot of spam" may be true for what he's used to it's nowhere bad as it used to be.

      You want to see spam? Register a domain and create a catch-all address.

      • by Kvasio ( 127200 )

        I second that.
        I have a domain for my business, and also another domain to catch the most typical typo. The latter one was previously used.

        I hardly get any spam addressed to my primary domain; those would be mainly from my "national" spammers harvesting companies registry.
        And with the second domain - typically I get 300-500 messages per day, with false negative every 10-20 days. So gmail is indeed very efficient.
        However, on the break of August and September there were 4 or 5 days when I would get between 400

    • by jopsen ( 885607 )
      Yes, but it's when you have to check for false positives... Most American companies suffers from a high level of institutional incompetence and will ask you to check your spam folder, before checking if they actually sent you an email.... The poster is asking why gmail can't delete the obvious spam, so his spam folder only holds contents with a high likelihood of being false positive...

      IMO, the spam folder should be sorted, not by date, but by likelihood of being a false positive....
  • That's interesting (Score:5, Insightful)

    by 93 Escort Wagon ( 326346 ) on Monday October 13, 2014 @12:07PM (#48131833)

    This has not been my experience at all. I've found Google's email filters to be significantly better than anyone else's.

    I can think of several other reasons not to use gmail - but spam filtering is not on that list.

  • I get almost zero spam in my inbox, it all goes to the spam folder, where I look occasionally for things that might have been false positive, but even that happens almost never unles I've accedentally ID'd something as spam myself.

  • by spacepimp ( 664856 ) on Monday October 13, 2014 @12:11PM (#48131929)

    I think more likely what occurs is that they need to be extremely careful about false positives. So they push everything into a SPAM folder. But if you miss a critical email because Google accidentally thought something was spam when it wasn't, then Hello lawsuits. From a legal perspective, blocking anything going into their inboxen is a risk.

    • But if you miss a critical email because Google accidentally thought something was spam when it wasn't, then Hello lawsuits.

      I'm betting you've never read the TOS of your e-mail provider.

      For Gmail, the short version is that that they make no commitments about anything, including reliability.

      When permitted by law, Google disclaims all warranties and liability for damages.
      To the extent permitted by law, Google limits its total liabilities to the amount you've paid them.
      Also, you agree that Santa Clara County, California is the controlling jurisdiction for any dispute.

      I'm not saying you can't sue Google over misdirected e-mails, jus

  • Article is stupid (Score:5, Insightful)

    by Nimey ( 114278 ) on Monday October 13, 2014 @12:12PM (#48131953) Homepage Journal

    Google does an excellent job of catching spam. The submitter's problem isn't that, it's that he's got other numpties giving out his email address and then he's not using the Google-supplied tool (that little "mark as spam" button) to mark unwanted email so that Gmail learns his preferences. Instead, he's Dunning-Krugered together his own solution that barely works.

    Submitter's problem is PEBKAC.

    • by BitZtream ( 692029 ) on Monday October 13, 2014 @12:30PM (#48132249)

      If the story wasn't so sort, I'd say it was Bennett Haselton talking out his ass again.

    • The submitter does NOT complain about Google's ability to catch spam! He asks why Gmail does not REJECT obvious spam. Rejecting an email means that - in this case the Gmail - server does not even accept it. In such cases the sender gets back a Delivery Status Notification from his own server, telling him that his email did not go through because of such and such error. An important point here is that the email is not lost without any notification. The sender can try to contact the recipient in another way.
    • by suy ( 1908306 )

      Google does an excellent job of catching spam. The submitter's problem isn't that, it's that he's got other numpties giving out his email address and then he's not using the Google-supplied tool (that little "mark as spam" button) to mark unwanted email so that Gmail learns his preferences. Instead, he's Dunning-Krugered together his own solution that barely works.

      Submitter's problem is PEBKAC.

      Sorry, but I completely agree with the story explained. My previous employer gave me an email address managed by Google Apps. I subscribed and posted to about 3-4 different open source project mailing lists. Obviously that's enough to make your address well known to spammers.

      The amount of email in the spam folder was surprisingly high, given that my very personal email address, which has appeared during a decade (not just two years) on online archives of about 20 times more lists, receives a little bit less

  • You vs everyone (Score:5, Insightful)

    by gurps_npc ( 621217 ) on Monday October 13, 2014 @12:13PM (#48131965) Homepage
    You personally only get mail from a specific kind of account. Your spam filters are set up to deny lots of emails that are obviously not someone you are interested in. For example, I bet you can kill any email that contains chinese.

    Google can not do that because while for YOU an email in Chinese is a huge red flag, it means nothing to the chinese american student living in New York who still gets emails from her cousin in Hong Kong.

    Most of the decisions you make are like this one. For you, country, language, etc. etc. are indications of spam, but they are not true for the general population.

    So a spam filter designed for your personal use will always work a lot better than one designed for all users of google.

    • by pz ( 113803 )

      But GMail does, to my understanding, use a personalized filter, in addition to the global filters. I get some legitimate email in a foreign language (not Chinese, but one with a non-latin alphabet), and some spam in that language as well. GMail gets them 100% right. Alphabet is just another feature that you perform Bayesian analysis on.

      What any big message processing service has that a single user won't, is access to the content of messages across users, and the collective action by its users. So, for e

  • I have a rather trivial gmail nickname. I have 3 mails inside the spam folder and of course none in my inbox. Either i've been extremely conservative in publicizing my address or you are especially bad at it.
  • Track down and punish all the retards that actually buy the stuff advertised by spam.

    • No need for that.

      For each account with any supplier, charge a very small fee.

      That would knock down the big spammers. For hijacked computers, the fee would motivate ISP to track down large abusers.

  • by drama ( 32059 ) * on Monday October 13, 2014 @12:23PM (#48132145) Homepage

    I'm not sure what this guy is doing, but when I ran my own mail server (which I did personally and professionally for well over a decade), spam was a huge problem for me. No combination of spamassassin, rbl's, heuristics signature checks, virus, etc... Nothing got me past 85-90% blockage. And I did everything right. And it was a constant unending fight.

    When I switched to Google apps for my personal domain, my life changed. Google catches a HUGE amount of spam. Things still get through occasionally, and definitely get worse as black Friday and Christmas campaigns kick into high gear. But the majority of the spam I get is from legitimate business that decides to put me on their mailing lists without my permission.

    The op either has on blinders, or is baiting.

    • by keytoe ( 91531 )

      I'll echo this experience. I used to run my own MX, and it was constant work to stay current enough to keep spam to barely acceptable levels. Constant work.

      Since switching to Google apps, however, I almost never see spam. I even run a wildcard for my domain (with a blacklist for egregious offenders - every company gets a unique address) and still it's 1000 times better than when I was doing it myself - for no time investment at all. All for 'free' (letting Google read my mail is the true cost).

      Not sure what

  • I've had the exact opposite experience. GMAIL's filters are so much better than any service out there. I get less than 1 SPAM email a month into my actual inbox.

  • by Dishwasha ( 125561 ) on Monday October 13, 2014 @12:29PM (#48132233)

    switch over to Yahoo mail

  • by dbosso ( 457577 ) on Monday October 13, 2014 @12:31PM (#48132263)

    I've seen a lot of recent spam campaigns that get through my basic scanning using the following tactics:
    1. Careful design to not trigger Spamassassin content rules, including blocks of text to fool the bayes filter.
    2, Careful omission of any identifying headers except for completely valid SPF and DKIM headers with appropriately configured DNS.
    3. Real Linux mail servers dropped onto virtual hosting providers.
    4. Fresh IP addresses and domains - never used domains that are not blacklisted yet and IP addresses blocks from the hosting providers that take 10-30 minutes to get blacklisted
    Then they use snowshoe spam tactics to trickle them out until they're blacklisted and then move to the next domain and address.

    If your address is on the lists that the perpetrators of these campaigns are using, it's really hard to avoid spam right now. Not impossible, there are some countermeasures, but vanilla Spamassassin and your standard appliances are going to have problems. I can imagine google is going to have an easier time with this because of its size and volume (=more information), but it's far from trivial.

    -db

  • Catching spam and filtering it is the wrong way to deal with the spam problem. At that point the spam has already been sent, already taken up storage and CPU time somewhere, and already cost you money (yes, even with a "free" email account like gmail it still costs money somewhere). And if you add in the costs of filters, with the admin time and storage they consume, it is even worse.

    As I have said many times before, the only effective way to deal with spam is to approach it from an economic angle, as spam is an economic problem. Spam isn't sent out to piss you off, it is sent to make money. The spammers don't need you personally to buy anything, they just need someone else to buy something. The ROI on spam is incredible as the cost is almost nothing to send to billions of addresses, and only a couple of suckers are required in order to make money off the venture.

    If you want to actually help end the spam epidemic, stop talking about filters and other crappy "solutions" that only accelerate the arms race with the spammers. The way to stop spam is to remove the profit motive. This has been done successfully already; if you can prevent the spammers from getting paid they won't send spam because it won't be worth their time. Groups have succeeded in this and the effect has been dramatic. By contrast filters just encourage spammers to employ more creative measures to get their messages through - many of which result in reducing the S:N ratio of filters.
    • by silfen ( 3720385 )

      They won't get paid if people don't see their messages due to filtering. That's why filtering is a good thing.

      • They won't get paid if people don't see their messages due to filtering. That's why filtering is a good thing.

        Except that they will keep finding ways to get around the filters. Which makes for more wasted time on adjusting the filters. Which means that the filters are not solving the problem but just creating a new one.

        The spammers don't care in the least if 99.99% of the spam they send out gets filtered, as .001% of 1 billion is still 1 million. And if only .001% of the 1 million who receive the spam actually buy something, that is still 1,000 sales which is a great return considering the investment is so

  • Okay, I moved because I had someone spoof my email a couple times, and the IP range of the server farm I was based out of (The Planet) on my shared box got flagged in spamhaus twice in 3 years. For a business, that's death to have everyone in the world reject your (legitimate) incoming emails.

    I might get 1-2 actual spam emails a month through Google's filter, with hundreds blocked every day - easily four 9s. Now, that doesn't include the friend who's email got hacked and now needs $1200 wired to him because

  • I use a spam filter which quarantines suspected spam. I then review the quarantine and white list or black list as appropriate. Not an ideal solution for large scale users, but for us it works.

    Last week I black listed an email. The subject was "You've got to see this!" and the body was only a link. It turned out that it was a legitimate email so I turned around and white listed the sender. But that email would set off the spam flags on just about any filter, including human based filters. Sadly, there is no

  • My first language is not English and even for those mails gmail's spam filter works really, really well. I am starting to wonder whether running your own little email server has got something to do with it. I am assuming you are running a typical home server on a home connection with maybe a static IP. This is generally a very bad idea. Whatever Ip you are connecting from, it is flagged as a "dial up pool" or "home connection pool" so emails coming from there will instantly look very suspicious to any spam

  • Not sure what nasty links you've been clicking on. But the reason I use Gmail and have dumped the Yahoo's and Hotmails of the world is because I get ZERO spam......none, nada. Seriously, how did this become a post on Slashdot?
  • According to 'blame the victim' mentality, you shouldn't send your e-mail address around and it's your fault you're getting spam.

  • by ConstantineM ( 965345 ) on Monday October 13, 2014 @01:01PM (#48132653)

    I was actually thinking of the opposite trend since a couple of years ago: even people fully capable of running their own mail servers are all using gmail these days; I think we're easily at the breaking point where noone really knows how to run a mail server anymore.

  • We have Gmail at work, and the spam filtering seems to work reasonably well. We get an occasional spam message to come through, and for some reason, most of the ones that get through are written in Chinese.

    Two features that drive me nuts are a lack of sorting by headers, and not being able to set a message priority. Yes, I know you can search by sender, keywords, etc., but that only gets you so far. Sometimes I only have a vague idea of what I'm searching for, and being able to sort by subject would be a bi

  • Some of it is UCE, partially due to a couple dingbats with similar names who apparently think my gmail account belongs to them.

    This isn't spam; at worst, it's bacn with a case of mistaken identity.

    As someone whose full-time job is preventing spam (I work on Akismet [akismet.com], which checks about 380MM Web comments per day for spam), my general response to these kinds of questions is this: Fighting spam is hard because what's spam for you is not always spam for someone else, and spammers are continually changing tactics -- what worked to prevent spam yesterday may not work as well tomorrow, so it's a constantly moving target.

    In my experience, GMail's filter is just ok. I see about 50 spam per day end up in my spam folder, 3 or 4 that make it to my inbox, and maybe one false positive per month (when I bother checking). That's a 94% success rate with a 0.3% FP rate (based on my ham email activity), assuming that they're not instantly discarding blatant spam that wouldn't even merit ending up in the spam folder (which they very well might be doing). If Akismet had this same success rate filtering comments on my blog, I'd have to manually mark 230 comments as spam each day instead of Akismet's missed spam average of about one per day. I don't complain about it though, since fighting spam is hard (see above).

  • by fdamstra ( 209474 ) on Monday October 13, 2014 @01:51PM (#48133257) Homepage

    The OP wrote, "I'd think with all the Oompa Loompas at the Chocolate Factory that they could do a better job rejecting the obvious spam emails. If they did it would make checking for the occasional false positives in my spam folder a teeny bit easier." In other words, he's saying that he wants Google to reject the mail before it gets to his spam folder. He's not complaining about the efficacy of their spam filters, but is instead suggesting that Google should find a way to reject it before it even hits his spam folder.

  • by brunobowden ( 1764350 ) on Monday October 13, 2014 @02:03PM (#48133365)

    Disclosure: my name is Bruno Bowden and I managed the engineering team on Enterprise Gmail many years ago at Google before leaving to work in venture capital. My profile is www.linkedin.com/in/brunobowden. Though I didn't work on spam fighting directly, I interacted a great deal with the spam team while I worked there.

    One of the main architects of the spam fighting system - Brad Taylor - published a scientific paper on "Sender Reputation in a Large Webmail Service" - http://www.ceas.cc/2006/19.pdf [www.ceas.cc]. This has a lot of detail about the system. We keep much of the internals secret as it reduces the chance that a spammer can reverse engineer and work around the system. If you'll allow me to be vague, the number of signals it uses was stunning to me. There's a mixture of hard wired tests (e.g. is the sender in someone's address book), reputation (domain and content), machine learning and anything else we can make work.

    One of the principle improvements came when we switched to user classification through the "Report Spam" button. People have different opinions on what constitutes spam, so individual filtering is far more effective. It also avoids the politics of certain lists of domains and IPs from third parties which can be controversial. Even then it has challenges, as sometimes users will mistakenly pick out a phishing email and mark it "Report Not Spam". Because of that, Gmail now adds a red warning banner to indicate more strongly what is a likely a phishing attempt. In general, Google has tried to be very supportive of encryption, e.g. DKIM for authentication (and SPF) to STARTTLS for privacy. I would also like to mention the abuse team that works hard to prevent gmail being used as a source of spam, shutting down accounts as soon as possible after suspicious email is sent, then helping affected users to recover their account.

    In general, the Gmail has received a lot of compliments on the spam filtering, I'm sure the team will be grateful for the positive comments here on Slashdot. There are still things that can confuse the system, e.g. receiving forwarded email (which might be missing source IPs) or genuine email that is sent to the wrong address. Though the system isn't perfect, I know the team will continue to work hard on it.

  • Google filters out ~100-200 spams a day from my email box (which I universally forward all my domain mail through) and leaves me with (usually) only one or two that I have to specifically mark as spam. I've never been able to do better running my own spam filter.

    -Matt

  • What are you doing wrong? Gmail catches spam very well for me, and false positives are at a minimum (and usually they *are* spam, just spam that I willingly signed up for).
  • I think not too long ago, folks were discussing how the spam war was won [moderncrypto.org]. Their spam filtering is so good, that, for the most part for users, incoming spam is no longer a huge issue.

    If they did it would make checking for the occasional false positives in my spam folder a teeny bit easier.

    If it's IN your friggin' spam folder, then they've blocked the spam. They decided it was spam and hid it from your inbox. No filter's gonna be perfect, and the Spam folder is to help you go back if you become aware yo

  • For me, gmail is superb at filtering spam. I have 167 emails in my "Spam" folder over the last 30 days. Maybe 1 or 2 have gotten through over that same period.

You know you've landed gear-up when it takes full power to taxi.

Working...