惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
F
Fortinet All Blogs
B
Blog
GbyAI
GbyAI
P
Proofpoint News Feed
量子位
The Register - Security
The Register - Security
宝玉的分享
宝玉的分享
大猫的无限游戏
大猫的无限游戏
云风的 BLOG
云风的 BLOG
V
Visual Studio Blog
B
Blog RSS Feed
WordPress大学
WordPress大学
Recorded Future
Recorded Future
Recent Announcements
Recent Announcements
V
Vulnerabilities – Threatpost
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Secure Thoughts
雷峰网
雷峰网
Stack Overflow Blog
Stack Overflow Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Webroot Blog
Webroot Blog
AWS News Blog
AWS News Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
O
OpenAI News
月光博客
月光博客
H
Hacker News: Front Page
S
Security Affairs
W
WeLiveSecurity
The Hacker News
The Hacker News
aimingoo的专栏
aimingoo的专栏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
MongoDB | Blog
MongoDB | Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
D
Docker
T
The Blog of Author Tim Ferriss
Spread Privacy
Spread Privacy
Blog — PlanetScale
Blog — PlanetScale
J
Java Code Geeks
S
Securelist
Microsoft Azure Blog
Microsoft Azure Blog
TaoSecurity Blog
TaoSecurity Blog
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
A
About on SuperTechFans

Comments for Lauren Weinstein's Blog

Chrome Remote Desktop – Lauren Weinstein's Blog How Some Software Designers Don’t Seem to Care About the Elderly – Lauren Weinstein's Blog Here’s How to Disable Google Chrome’s Confusing New URL Hiding Scheme – Lauren Weinstein's Blog Social Security Administration Cutting Off Users Who Can’t Receive Text Messages – Lauren Weinstein's Blog YouTube’s Public Videos Dilemma – Lauren Weinstein's Blog YouTube’s Public Videos Dilemma – Lauren Weinstein's Blog Why We May Have to Cut Europe Off from the Internet – Lauren Weinstein's Blog Don’t Blame YouTube and Facebook for Hate Speech Horrors – Lauren Weinstein's Blog A Terrible Decision by the Internet Archive May Lead to Widespread Blocking – Lauren Weinstein's Blog Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily – Lauren Weinstein's Blog Another Massive Google User Trust Failure, As They Kill Louisville Fiber on Short Notice – Lauren Weinstein's Blog Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening – Lauren Weinstein's Blog The Tool That Could Save Google+ Relationships – Lauren Weinstein's Blog Google Finally Speaks About the G+ Shutdown: Pretty Much Tells Users to Go to Hell – Lauren Weinstein's Blog Paid “Ad-Free” YouTube Premium Is Now Showing Ads – Lauren Weinstein's Blog The New “Google Contacts” – Lauren Weinstein's Blog A New Invite-Only Forum for Victims of Google’s Google+ Purge – Lauren Weinstein's Blog How to Disable Gmail’s Annoying New “Smart Compose” Predictive Typing Feature – Lauren Weinstein's Blog Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily – Lauren Weinstein's Blog Explaining YouTube’s VERY Cool New Aspect Ratio Changes – Lauren Weinstein's Blog Why We May Have to Cut Europe Off from the Internet – Lauren Weinstein's Blog When Google Gets Your Location Wrong! – Lauren Weinstein's Blog Google Asked Me How I’d Fix Chrome Remote Desktop — Here’s How! – Lauren Weinstein's Blog A Terrible Decision by the Internet Archive May Lead to Widespread Blocking – Lauren Weinstein's Blog Emergency Transition to IPv7 Is Necessary! – Lauren Weinstein's Blog
Fixing Google’s Gmail Spam Problems – Lauren Weinstein's Blog
2018-08-16 · via Comments for Lauren Weinstein's Blog

The anti-spam methodology used by Google’s Gmail system — and most other large email processing systems — suffers a glaring flaw that unfortunately has become all too traditionally standard in email handling.

One of the most common concerns I receive from Google users is complaints that important email has gone “missing” in some mysterious manner.

The mystery is usually quickly solved — but a real solution is beyond my abilities to deploy widely on my own.

The problem is the ubiquitous “Spam” folder, a concept that has actually helped to massively increase the amount of spam flowing over the Internet.

Many users turn out to not even realize that they have a Spam folder. It’s there, but unnoticed by many.

But even users who know about the Spam folder tend to rarely bother checking it — many users have never looked inside, not even once. Google’s spam detection algorithm is so good that non-spam relatively rarely ends up in the Spam folder.

And therein lies the rub. Google’s algorithms are indeed good, but of course are not perfect. False positives — important email getting incorrectly relegated to the Spam folder — can be a really big deal — especially when important financial notifications are concerned, for example.

In theory, routine use of Gmail’s “filter” options could help to tame this problem and avoid some false positives being buried unseen. But the reality is that many of these important false positives are not from necessarily expected sources, and many users don’t know how to use the Gmail filter system — and in fact may be totally unaware of its existence. And frankly, the existing Gmail filtering user interface is not well suited to having large and growing numbers of filters of the sort needed to try deal with this situation (either from the standpoint of actual spam or false positives) — trust me on this, I’ve tried!

So could we just train users to routinely check the Spam folder for important stuff that might have gotten in there by accident? That’s a tough one, but even then there’s another problem.

Many Gmail users receive so much spam — much of it highly repetitive — that manually plowing through the Spam folder looking for false positives is necessarily time consuming and prone to the error of missing important items, no matter how careful you attempt to be. Ask me how I know!

This takes us to the intrinsic problem with the Spam folder concept. Gmail and most other major mail systems accept many of the spam emails from the creepy servers that vomit them across the Net by the billions. Then they’re relegated to users’ spam folders, where they help to bury the important non-spam emails that shouldn’t be in there in the first place.

Since Google accepts much of this spam, the senders are happy and keep sending spam to the same addresses, seemingly endlessly. So you keep seeing the same kinds of spam — ranging from annoying to disgusting — over and over and over again. The sender names may vary, the sending servers usually have obviously bogus identities, but (unlike some malware that Google rejects immediately) the spam keeps getting delivered anyway.

The solution is obvious, even though nontrivial to implement at Google Scale. It’s a technique used by many smaller mail systems — my own mail servers have been using variations of this technique for decades.

Specifically, users need to be able to designate that particular types of spam will never be delivered to them at all, not even to the Spam folder. Attempts at delivering those messages should be rejected at the SMTP server level — we can have a discussion later about the most appropriate reject response codes in these circumstances, there are various ways to handle this.

Specifying the kinds of spam messages to be given this “delivery death penalty” treatment is nontrivial, both from a user interface and implementation standpoint — but I suspect that Google’s AI resources could be of immense assistance in this context. Nor would I assert that a “real-time” reject mechanism like this would be without cost to Google — but it would certainly be immensely useful and user-positive.

The data from my own servers suggests that once you start rejecting spam email rather than accepting it, the overall level of spam attempts ultimately goes down rather than up. This is especially true if spam attempts are greeted with a “no such user” reject even when that user actually exists (yes, this is a controversial measure).

There are certainly a range of ways that we could approach this set of problems, but I’m convinced that the current technique of just accepting most spam and tossing it into a Spam folder is not helping to stop the scourge of spam, and in fact is making it far worse over time.

–Lauren–