Spam filtering services throttle Gmail to fight spammers The growing abuse of webmail services to send spam has led anti-spam services to throttle messages from Gmail and Yahoo! Over recent months security firms have reported that the Windows Live CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) used by Hotmail, and the equivalent system at Gmail …
The counting numbers won't work unless you make the numbers to count high as I'm sure the spammers would be happy with a 1 in 10 hit rate with the numbers of machines they have available to use.
The coloured text may work, but ultimately if the spamers are using humans to answer the captchas then it's going to do it's job and allow them through.
Why don't the ISPs employ their own sweatshop to identify spam? The bulk of the work could be done by computer but messages that pass that stage could be analysed by a human brain that could identify camouflaged words such as V1@gra and read those pesky GIFs.
All it would cost is a few bowls of rice a day....
The focus of this suggestion is that Gmail is losing value for all of us as it becomes spam soaked. Even their filtering is having troubles with false positives and false negatives--and the spam is just increasing--as always. Therefore I think Google should act more aggressively to drive the spammers away from Gmail.
My latest anti-spam idea is a SuperReport option. (Kind of like SpamCop, but not so lazy and laid back.) If you click on the SuperReport option, Gmail would explode the spam and try to analyze it for you to help go after the spammers more aggressively. The result would be returned to your browser as a webform of the expanded email to guide a more direct response to the spam. Here is one approach to implementing it:
The first pass analysis would be a low-cost quickie that would also act like a kind of CAPTCHA. This would just be an automated pass looking for obvious patterns like email addresses and URLs. The email would then be exploded and shown to the person making the report (= the targeted recipient of the spam AKA harassment victim). The thoughtful responses for the second pass would guide the system in going after the spammers--making Gmail a *VERY* hostile environment for spammers to the point that they would stop spamming Gmail.
For example, if the first pass analysis finds an email address in the header, the exploded options might be "Obvious fake, ignore", "Plausible fake used to improve delivery", "Apparently valid drop address for replies", "Possible Joe job", and "Other". (Of course there should be pop-up explanations for help, which would be easy if it's done as a radio button. Also, Google always needs to allow for "Other" because the spammers are so damn innovative. In the "Other" case, the second pass should call for an explanation of why it is "Other".)
If the first pass analysis finds a URL, the exploded options should be things like "Drugs", "Stock scam", "Software piracy", "Loan scam", "419 scam", "Prostitution", "Fake merchandise", "Reputation theft", "Possible Joe job", and "Other". I think URLs should include a second radio button for "Registered Domain" (default), "Redirection", "Possible redirection", "Dynamic DNS routing", and "Other". (Or perhaps that would be another second-pass option?)
If the first pass finds an email address in the body, the exploded options should include things like "Fake opt-out for address harvester", "419 reply path", "Joe job", and "Other".
At the bottom of the expanded first pass analysis there should be some general options about the kind of spam and suggested countermeasures, and the submit SuperReport button. This would trigger the heavier second pass where Gmail's system would take these detailed results of the human analysis of the spam and use them to really go after the spammers in a more serious way. Some of the second pass stuff should come back to the person who received the spam for confirmation of the suggested countermeasures.
Going beyond that? I think Gmail should also rate the spam reporters on their spam-fighting skills, and figure out how smart they are when they are analyzing the spam. I actually want to earn a "Spam Fighter First Class" merit badge!
If you agree with these ideas--or have better ones, I suggest you try to call them to Google's attention. Google still seems to be an innovative and responsive company--and they claim they want to fight evil, too. More so if many people write to them? (I even think they recently implemented one of my suggestions to improve the Groups... However, it doesn't matter who gets credit--what matters is annoying the spammers more than they annoy us.)
"Anti-spam filtering services such as MessageLabs"
Our number one spam source for many months on end has been MessageLabs' server farms. How dare they criticize Gmail et al. when their own barn door is wide open!?!
In the absence of SMTP-Auth or restricting outbound mail in some other immediate fashion, there's nothing any of the aforementioned providers can do to stop spammers.
This post has been deleted by its author
is number one. But what about language problems? Or different kind of humor?
As for me, I only use a bayesian engine, no prob. It trashes 200+ messages a day, never had a false positive, and only around 1 false negative a month.
There is no way to prevent spam from being sent by pre-emptive filtering or multiplication of lame tests, as the spammers don't use web interfaces anyway. It would only annoy legit users.
Suppress free e-mail? Every single site asks for a valid e-mail nowadays, free spam holes are vital then. Plus, being bound to you ISP provided account is NOT a good idea for obvious reasons. Employer-provided email account is slightly less annoying but can still bid a bad idea.
As for the fee (or credit card authentication), well, great. What if you don't have a credit card (not even mentionning 3rd world)? What if spammers use their database of stolen credit card details? (stolen when, you know, legit users provided them!). Maybe GMail should ask for your passport number, check the Gov's database, thend send you a confirmation request by snail mail. Of course, this would only allow "passported" US citizens to have an email account, but they are the only persons in the world that really matter anyway, right?. And this WILL cut on the spam.
@ Shannon Jacobs: Nice idea, but requiring too much effort and technical knowledge will limit how many users participate.
@ max allan: They already *have* botnets sending out most of the spam. So we need to take them down.
I think Spamhaus has the right idea: when spammer's account is identified, block everything from their IP address until their ISP cancels the account for violating TOS. These days, the source is more likely to be a trojaned computer, so block all of that user's mail until they install security patches and antivirus programs and disinfect their system. Have ISPs make that part of their TOS, and threaten to escalate and block the entire domain if they don't cooperate. This will even work for webmail providers, as they log the IPs that access spamming accounts, and can deny any access from that computer until it's clean. Ideally, they'd work with the ISP and block SMTP mail as well.
Most systems try to avoid false positives, but with billions of spam messages sent, a low rate of false negatives still lets plenty through. Deliberately blocking good mail will make individuals take action and stop being unwitting sources of spam. Once their systems are secure, they're also less likely to become part of other botnets in the future.
My e-mail has filters rejecting everything from Google's servers. It has been that way since Google stopped reading abuse complaints years ago. Recently my Usenet reader has been programmed to discard Google's Usenet postings, which can be an astonishing hundreds of spams per day per group. I rarely notice anything missing except for spam floods. I've even started using Yahoo for searches because Google results are spam too.
All of this talk about the difficulty of spam filtering is complete BS. Most of the Google abuse is coming from familiar criminal havens that nobody else accepts traffic from. A few firewall rules will fix at least 90% of the problem. Google is fast on their way to becoming a dot-com memory because they don't maintain their systems.
Where's the popping bubble icon?
.. the new AT&T Yahoo! ( DSL here ) anti-spam .. it's like next to nothing on one very public account I've had for 5 years, my main account, which is listed in the WHOIS for about 60 websites used to get 50-80 pieces a day .. now it's averaging 30 per week .. and as far as I can tell, I'm not missing any *real* email at all ..
the solution is with the major ISPs and mailservers .. it costs them huge money to store, even temporarily, all that SPAM .. what is it .. 90%+ of all email ?
It looks like Trend Micro is now completely blocking mail from Gmail accounts:
Technical details of permanent failure:
TEMP_FAILURE: Gmail tried to deliver your message, but it was rejected by the recipient domain. The error that the other server returned was: 450 450 5.7.1 Mail from 64.233.166.177 blocked using Trend Micro Network Reputation Service. Please see http://www.mail-abuse.com/cgi-bin/lookup?ip_address=64.233.166.177.
I think that Herby's idea has some merit. Forcing users fill out a captcha for every email is too inconvenient, but getting users to fill out a captcha IF their email looks like spam, is less so. That is unless you happen to be a legitimate Viagra salesman. Things are really hard for them these days.
It would be too expensive for spammers to pay for a captcha to be solved by humans for *every email*, even using third world labour.
Paris, because she could make things hard for a Viagra salesman
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
