Your Linux Data Center Experts

Gmail. Some people love it, some people love to hate it. No matter which camp you're in, I think it's pretty obvious that Gmail has changed the way we look at web-mail.

Gmail has done a lot to radically change the whole web-mail world. Their user interface is amazing. Better than every web-mail system I've seen, and even better than many local MUAs. However, in todays Internet, any e-mail solution is only as good as it's anti-spam technology. I've been testing that out and found some curious results.

I originally signed up for a Gmail account fairly late in the game. I really didn't need one, but I was curious to see what the fine folks at Google were doing. I was also a little interested in picking up my preferred username because I've been using it a very long time and recently have found it getting used more by others. Unfortunately, for some unknown reason, Gmail doesn't allow 4-letter account names. Gah! Eventually, Gmail opened up enough that the pressure on accounts dropped, and I was able to get one.

After I had given out accounts to all the people I knew who wanted one, I created a few other accounts to use for different purposes. No, not because I needed extra gigabytes of storage or for backups, I've got plenty of gigabytes here thanks. They were just to split out different types of correspondence, and because I decided that I didn't really like my initial account name and tried another variation.

I've been watching the spam situation, and mostly I haven't gotten any spam on the Gmail accounts until the last couple of weeks. In the last 2 weeks, I've gone from not receiving any spam in these accounts to getting up to 17 per week per account, worst case. Not horribly bad, about the rate that I'm currently getting on my main mail box after tons of spam fighting. However, it's a bad trend.

I have a total of 5 accounts:

  • (1) My 4-letter username + '00'
  • (2) 'the' + my 4-letter username
  • (3) A misspelling twist on a common English word.
  • (4) A random pronouncable username generated using APG, a great password generator.
  • (5) The combination of two short English words.

I'm intentionally leaving out the account names because I don't want them published anywhere and it really doesn't matter what exactly they are.

The first 3 accounts got 25 to 36 spams in the 2 week sample period. The last two got absolutely no spam. It should be noted that the two English words I selected, when combined, result in exactly 2 hits on Google, so it's not at all a common user or domain name. The account getting the 36 messages was (3).

First of all, I'll say that none of the messages which were marked as spam were legitimate messages. However, I'm not using these accounts very heavily yet. All of them have received under 10 legitimate messages since I set them up. So far, Gmail is doing a good job of classifying the spam.

In looking at these messages, it seems pretty obvious that the spammers are using dictionary attacks. This is when they take a “dictionary” of common (or even uncommon) user names, and try all of them at a particular domain. On the plus side, it seems that Gmail is not rejecting any of these addresses in the SMTP phase, so the spammers can't find out quickly what accounts are bad and target the good accounts.

The vast majority of these messages had the same format in their subjects. This makes me think that it's one spammer who is really targeting the dictionary attacks on Gmail. Or, at least, only one that is really trying a huge dictionary which includes my (fairly uncommon) account names on it. These all had something somewhat close to the account name at the beginning of the subject, and various phrases after that.

One thing I found quite surprising is that one of the subjects contained the username of a another account I previously used which gets a lot of spam. I'm fairly sure that they got this account name from me, because if you search for it on Google there are only 2 pages of results, all of which are pointing at my pages. That account is published on a fairly high-profile web-site, which probably explains why I got so much spam on it. I have since had to deactivate that account because of the spam. Throw-away accounts are very good.

I think the fact that this account showed up on the list of account names they're trying at Gmail goes to show just how widely they're willing to cast their nets. I can only imagine how many account names they're throwing at Gmail. I remember, when I was getting more spam, seeing spamvertisements for “30 million addresses on CD-ROM”, but many of those were unique only because of the domains. In reality, I expect it would be much smaller, but could see it running into the millions. I do see that they are using BCCs (Blind Carbon Copies) or CCs instead of sending individual messages, which probably helps Gmail (and the spammers) handle the load.

I suspect that Gmail (because of Google) has enough bandwidth that this isn't a huge problem for them. It probably impacts the spammers business more than Gmail/Google. It also looks like Gmail isn't leaking information about who their real subscribers are, which should help prevent them from being targeted.

It looks like Gmail also does not return bounce messages for invalid accounts, so as long as you don't do something stupid like reply requesting they remove you, visit any of the advertised sites, or trigger any “e-mail bugs” or buy anything from these spammers, you probably won't get particularly targeted by the spammers at your Gmail accounts.

My conclusion is that the trend towards spam is getting worse on Gmail, but that Gmail is doing a good job so far of blocking and filtering the spam. A very good job in fact. You should still try to limit your exposure by not “leaking” your address excessively including on web-sites or Usenet, using throw-away addresses for limited-time uses, and never buying anything from a spammer. Buying from non-spammers is OK, in fact I'd say it's encouraged. And consider having “apg” generate you a random user name…

comments powered by Disqus

Join our other satisfied clients. Contact us today.