Happy 20th birthday Gmail, you're mostly grown up – now fix the spam It was 20 years ago on Monday that Google unleashed Gmail on the world, and the chocolate factory is celebrating with new rules that just might, hopefully, cut down on the amount of spam users receive. Sure, it may have seemed like an April Fool's joke in 2004, but nearly two billion users later, Gmail is arguably Google's …
...But I don't really use it use it, you know?
There is no real way to stop all all of the spam. I am not going to take the time to make all spam as spam and it's been weeks since I deleted all the unwanted messages so I'll have to set aside an hour soon or it will turn into an all day project before I know it.
One thing I've found that helps is to use a plus address (like chuckufarley+companyname@gmail.com) when signing up. Then if you get spam to that address you can just filter everything sent to it as junk. You also know who has been selling you out or careless with security, so you can stop doing business with them. Alternatively if you can't (like it is a local utility you have no alternative to) you can at least change your email address in their records so you can block all the previous spam and hope you don't get new spam with the updated address.
Now yes people who know email know that that + part can be removed and email will still reach its destination, but I don't think nearly enough people do this for spammers to bother with putting anything into place for it.
I don't use gmail so I don't know 100% if this method would work there (i.e. if it rewrites the headers to remove the plus you're screwed) but I'd guess it probably does.
Disagree. Gmail is more than 99% effective in identifying spam. That's a serious estimate - my email address is very public, so attracts about 100 spams per day, and only one or two a week make it into my Thunderbird inbox. And the false positive rate is definitely less than 1% too, maybe one message a week.
Weeks??? I quickly check the spam folder daily and then clear it. Unfortunately no system is perfect, so an occasional false positive is unavoidable.
I have a number of beefs with Gmail, but on spam filtering, kudos. And their handling of the horribly broken DMARC has so far been sensible.
So when I sent you that legitimate email offering you a job for a millions pounds a year, that's why you never replied?
I had to shut off gmails spam filtering because too many legitimate things were being marked as spam and then being autodeleted after a while without my say so.
Having said that, gmail seems to be the best of the big providers.... At least they don't blackhole. Anyone who thinks it's a good idea to "accept" and then blackhole email without notice needs to be forced to watch daytime soaps for eternity.
I once was involved with emailing a mental health councillor at the local council. After a few important emails had gone through and hadn't been replied to for a few days, i eventually found out a week later she hadn't received them. Their spam filter provider (a commercial one that often pops up handling mail for local councils) had given a positive ACK to the SMTP convesation complete with ID.
A few trial and error test later, it seemed that the word "penis" was to blame. Instead of rejecting the email, they silently accepted it, and discarded it.
I contacted them with my findings, and the ridiculousness of the whole situation (including the flagging of medical words in emails sent to a health department) and they said they won't do anything as I'm not their customer. My non-techie contact in the council didn't know what/how to do it, so it meant that from then on, every email back and fore would be manually acknowledged.
OK, sidetracked rant there.
tl;dr Email is unreliable not because of spammers, but because of the way clueless email "techies" deal with spam.
As I said, google is one of the best. They have fierce *rejection* rules, but at least the email is rejected rather than blackholed. I'm not comfortable that the stuff they flag as spam (that has already passed their entry filters) is autodeleted after a time though.
Gmail is not email. Gmail is something similar to email, but different. Its "labels" system is non standard and IMAP clients do "more or less" work.
Also, their antispam rules are obscure and if you are "bad" in their eyes, like my domain is, there is NO WAY you can actually ask them what's wrong. You are just fucked.
My domain is a business one, used by one person (me). My mail server has never sent spam or even legit bulk mail. I have DMARC DKIM SPF and all of that is needed. I have no issues with every other email service IN THE WORLD. But gmail (the free version) files my emails in spam. At least the business version does not.
I hate Gmail.
Also, their antispam rules are obscure and if you are "bad" in their eyes, like my domain is, there is NO WAY you can actually ask them what's wrong. You are just fucked
To be fair, the same applies to Microsoft (or any other very large provider) They don't care about individual customers - unless you're a noticeable percentage of their income/profit.
Microsoft is not so bad, it has a procedure for requesting delisting that works. If my domain or ip is listed (and it seems that they blacklist more or less everything) you get an error message that states what's wrong and how to solve the issue. You fill a short web form and you are delisted. Never had an issue with that. (Of course if you send spam you'll probably fool them once and then be blacklisted forever)
I have been managing mail servers for 20 years, and the only provider that makes me go crazy is Gmail. Everyone else is more or less fine or at least it answers your emails if there are issues.
PS: I don't like MS365 for a lot of other reasons, but their antispam service is not as bad as Gmail's.
Gonna have to play a bit of devil's advocate here :)
Gmail is something similar to email, but different. Its "labels" system is non standard and IMAP clients do "more or less" work.
That it is, and as someone who is a born-again desktop e-mail client believeruser, it really messes them up and I have some resentment that google never seemingly bothered to make a specification for tags. They do add actual, useable, sensible features over IMAP folders tho (just because I don't use those features doesn't make them meaningless)
Also, their antispam rules are obscure and if you are "bad" in their eyes, like my domain is, there is NO WAY you can actually ask them what's wrong. You are just fucked.(snip to your other reply)Microsoft is not so bad, it has a procedure for requesting delisting that works.
My experience was the exact opposite as yours. I've had spam issues with my e-mail server twice (compromised accounts), and once I stopped the flood of e-mails (and requested delisting from the e-mail provider neutral denylists) I had normal service against every e-mail vendor within 6-24 hours ... except Microsoft (which is the provider of choice for an institution we have close ties to), which took a good week to stop black-holing our e-mails (which gmail didn't do), and either I couldn't find the form/procedure or Microsoft did nothing with it (last time was a good 6-7 years ago at least 0:)).
I will say, I still resent google for demanding either proper valid SSL/TLS certificates or no encryption when using the "check other e-mail accounts"[1] feature back in December 2011/2012, without any warning, a full 5 years before LetsEncrypt >:(, while I was on vacation, and with most of my workplace syncing their accounts with gmail.
[1]: To this day they don't demand proper certs for SMTP, only for POP3
I love Gmail, but there are some things you have to not do - mainly, don't use the webmail interface except for spam checking or emergency use when on travel; disable conversation view; don't use labels; steer clear of the Android app except for emergency use.
I'm a traditionalist and use POP3, so I have nothing to say about IMAP. Local folders rule!
@Kurgan: drop DMARC and you might be happier. If you believe in magic and insist on running DMARC, set the policy to None. Guess what, if you set it to Quarantine or Reject bad things will happen.
Weird, I have one I created when it was still by invitation only, use it regularly, and receive almost no spam at all - just checked and there's none there (and I don't clear it, so no spam received in the last 30 days)
No idea why though - do spammers not like me? boo hoo hoo
Not true. Anyone can create a google account (and then use it for android play store etc.) using a non-gmail email address.
I did so years ago, and I don't pay for, or have, a business account.
How many people using it actually read the terms and conditions?
{crickets}
Or realise that google reserves the right to store all emails, both outgoing and incoming?
{crickets}
Or understand that people they email might not want google knowing anything about them?
{crickets}
It's the only way (icon) ->
Disagree, this is a great feature. It's not a good feature on it's own, but with identified senders etc it's a big improvement. Identifying senders is the big piece in this campaign, the unsubscribe requirement is icing. If they continue to send emails after you unsubscribe, they get spam binned. The basic idea is to stop people from sending from unidentified servers then improve their etiquette. It's certainly not perfect but this is a very positive step. It's certainly not the end of the war either.
BTW I think you should be using Gmail's unsubscribe link rather than the one in the email itself as that allows Google to track compliance.
It's to train users not to click links in an email.
As a user, you just click the gmail-provided "unsubscribe" banner to unsubscribe. It's clearly located outside the email, so the sender cannot fake it.
Google takes the risk of actually contacting the "unsubscribe" link.
That's why it has to be one-click unsubscribe. The hardened agent they use isn't going to fill out a "please resubscribe" form or any of the other dark patterns. It probably instantly discards whatever response came back.
It probably also unsubscribes a random selection of undeliverable spam, so senders can't be sure if there's a human there or not.
If it was a grown up service it would be designed to be a user centric design, with capabilities configured by the end users. Instead, even and especially on the business offerings, you get what Google deigns to decide is available. Oh, you didn't want that feature to be removed? We've decided it's better for you, so you don't get a choice.
I have a number of legacy business domains, for non commercial purposes. It's annoying enough for free, I'd be highly irritated if I was paying actual money for it. Thinking of moving to Mythic Beasts.
Actions on large amounts of messages simply do not work. Got 20,000 messages in a filter that need deleting? Set up the rule. Tell Gmail to delete them. It says it has been actioned. Has it? No. Repeat and repeat again until it's actually removed the messages.
Unilateral changes of attachment settings. Irritating login dialogs and security. Spam filters that whilst not bad still consistently filter messages away from particular mailing lists. Not to mention the moderately well known issues with Oauth support that basically make gmail non open standards.
For free for consumers this might be livable. For business I wouldn't touch it with a barge pole.
That's one of my biggest peeves with google. They change things for the worse for no reason, and NEVER give you the option to keep the original.
The big android play store update they did a few years ago is daft. Extra hoops to get to the "update apps manually" page.
And don't get me started on youtube..... I unfortunately use youtube a lot, and hate ads, and would otherwise pay for the service, but there's no way I'm ever paying for a service that actively sets out to annoy me.
Not only do comments disappear without notice if they fail some of their arbitrary anti-spam rules, they will now also shadowban certain posts. Your reply appears to stay posted, but only you can see it - you have to check the comment thread via an anonymous session to see if they deemed you worthy enough to be seen.
A great way of telling if a video is poor, or spam? The video downvotes. Despite all the protests from content providers and users, they went ahead and removed its visibility.
Now google has shutdown their podcast app - shunting you to the totally not appropriate youtube music.... Mind you, give it a few years and they'll probably kill that off too.
tl;dr yep, I'm still ranting!
I have a gmail account. I don't use it a lot, but practically the only commercial email there is from places where I did sign up to something (one exception this week, I can't remember the last one before that - it wasn't in the last month), and the unsubscribe links work. It's weird how many people apparently have such bad experiences with it - I don't know what the difference is.
I get some a bunch of online casino spams, one or two of which make it through the spam filters daily. The senders of these spams use constantly changing disposable sender domains, mangle the subject line, sender etc in constantly varying ways, and encode the actual content of the email so that the text that you see on screen isn't visible to the spam filters. I don't really blame Google for not being able to identify all such messages reliably (although with the amount of data they have access to, you'd have thought it would be possible), but what really irks me is when I click the "report spam" button, Gmail asks me if I want to unsubscribe instead. There is absolutely zero chance that spammers that go to such lengths to avoid spam filters are going to honour unsubscribe requests, so doing that would likely only confirm to the spammers that my address is a valid one. I suppose I shouldn't take it personally, but that prompt feels like Gmail saying "That's not really spam is it, it's something you signed up for." No, Gmail, that is definitely f**king spam that I did not sign up for, thanks all the same. Anyway, rant over I guess, and anything they can do to fight the spam will be appreciated.
I'd imagine Google's take is that they want to reduce illegitimate bulk spam simply because it contributes to their energy and probably storage costs and the inferrable data is nil or very low quality, not because they care about the service you get (it's not like you're paying as such). "Legitimate spam" they're fine with because they are an advertising business, and the content of the messages, and responses or other traffic data have value to them. Whilst your casino spam undoubtedly falls into the illegitimate category, Google will be playing a numbers game - get the biggest senders first, then follow down through the ranks until the costs of spam are within acceptable limits and at that point if your casino emails aren't on the big players list, Google won't care.
Of course, by advertising the 5k per account per day limit, they've already told the enterprising spammer how to get round the filters for now. Maybe it's all just smoke and mirrors to persuade users that Google are doing something, when in practice they're not?
> when I click the "report spam" button, Gmail asks me if I want to unsubscribe instead.
Because false spam reports are a problem. Some users (not you) DO click "spam" for valid emails they do not want to see again. That's (one way) how legitimate emailers get blacklisted.
My example. A GMC dealer in Alaska has an airbag recall on my GMC truck. I never had a GMC truck and sure would not buy one 5,000 miles away. Someone fat-fingered their email. But because it was not me, and a Federal Safety Recall is too important to Unsubscribe, I can't stop them. I've tried registering in GMC's systems to denounce my email but they are arcane and won't accept the possibility they are wrong. I know better than to say "GMC is spam" because 99,999 GMC owners do need their recall notes.
I do wonder about the flood of "I hacked your web camera on that naughty site, send 1,709 buttcoins or I post to all your contacts!" These come as plain text, in several languages, and several amounts, but not a hard task for 1988 BASIC to text-match. But last year they would not stop, so bad that they flooded-out responses/excuses from the school postmaster.
I've also noted "unsubscribe" becoming more complicated. One quasi-legit email wanted a whole sentence to unsubscribe. Is this to evade auto-unsubscribe like Gmail pushed at you? "You didn't say 'please' so you don't really mean it."
and some people I deal with use hotmail and believe that the 'report spam' button is equivalent to the 'delete' button - they're not trying to unsubscribe or file a report, they're just finished with that particular message. They don't care, because they can't see the problem from the other side. But this is why spam filters are not better than they are.
When I see somebody using a Gmail account for business, my first impression is they aren't a professional. If they don't have their own domain name and an email address with that domain, how can I take them seriously. I'm really boggled by companies that have a domain name and a good one at that but list a Gmail account for email. WTH. One company that is a customer of mine has a Google backend and from time to time it's a major PIA. They aren't so big that they need all of the services that a large provider can give them especially since they've scaled back their operation to the most profitable core services. The owners are internet savvy as well so they can manage their own mail services without any problems.
I counsel people to not use Gmail for any business related communications. Trying to save what it would cost for a domain and isp shouldn't make or break a company. I know a couple of vendors I've used over the years have been one-man shows but they look like fair sized operations online. One company I use now is based in the owner's garage and it's a family operation. Buying a house with a large garage to house the business has given him a huge ROI and his kids (now in their early teens) are getting a first class business education as that's part of the goal. He normally doesn't show what's behind the curtains, but we've got to know each other over a few years and I've visited a few times. From his website and communications you'd never know that it wasn't a bog standard company operating from a business estate somewhere.
I do the same, plus add businesses that use a antisocial media address as their primary web site.
I don't mind this 'too' much if it's just someone doing a bit of a hobby type business on the side, nor do I mind if this is a secondary location to push the business to those platform users, but if you're a proper business driving around in a van with a company name and logo splashed all over it, please use a real domain (and the same one) for both the web page and email!
Plenty of one person (or 1 + a trainee/ helper) businesses in building related work e.g. plumbers, electricians, carpenters. Most of them do not have a website, but quite a few have an email address.
If they do have an email address its very rarely a company branded one, its generally gmail, hotmail or similar (see a few aol ones still too, this is in UK).
I don't regard them as unprofessional as they get a lot of work via word of mouth if they are any good, and setting up a "customized" email address is probably not worth their while (plus likely outside their skillset) as people will generally phone them anyway (certainly in UK, if you are contacting a chippy, sparky etc).
..I don't even know if either the sparky or plumber we usually deal with has an email address, we contact them via phone
.. Chippy we normally deal with lives just down the road, often see the in the pub, so if we want any carpentry doing (assuming its not urgent, if so would phone) then this is typically arranged over a pint when we bump into him in the local.
When I see somebody using a Gmail account for business, my first impression is they aren't a professional.
Well, good. I'm an old woman who has a very non-techie small business. I use gmail, have since it was generally available, and it suits my needs, thankyouverymuch. I get 50-100 emails a day, mixed business and personal, and just weed through once a day and delete, answer, unsubscribe as I get them. Empty spam folder just about daily (wow, three clicks. How do I EVER find the time?) The wailing and gnashing of teeth and promises of "I could set something up much better" need to be met with, "OK, then do so." I await your better mousetrap.
Gmail is fine. What is really unprofessional is using an ISP-provided email address. Yes, I still see a few around the place. Every time I talk to such a person, I ask them if they’ve thought of what happens if/when they need to change ISPs: do they really wanto go around all their family, friends, contacts etc to tell them to update their contact for you to a new address?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
