Gmail, officially Google Mail in Germany and the United Kingdom, is a free web-based (webmail), POP3 and IMAP e-mail service provided by Google. Gmail is available to individuals with Google accounts, who receive “their.username@gmail.com”, but can also be configured to handle mails for an organization that already has their own domain name.
Google claims that Gmail includes “award-winning spam and virus filtering”. Brad Taylor, “spam tsar” at Google, stated:
“When [Gmail] launched 25% of e-mail was spam. We caught a lot of that. Over time it’s grown and grown and currently around 75% of all e-mail is spam and so our job has got a lot harder.”
Brad Taylor can also be seen in this cheeky ephemeral film explaining how the Gmail spam filter works.
In the summer of 2007, I took on a new domain name to manage, and it started receiving a ton of spam as soon as it was configured. The domain was previously registered since 1997 and was never renewed. Upon careful inspection of the incoming mail for the first few days, it was readily apparent that less than 1% (probably closer to 0.001%) of incoming mail was direct communication, or at least a legitimate opt-in marketing mail. Since Google Apps offers Gmail for domains for free, this provided a sensible solution for the staggering amount of mail being received. It also was a good opportunity to stress test Gmail’s spam filter. I configured the Gmail for domains MX records exactly like Google specified. Then I set up a catch-all address so that all emails coming to this domain were trapped to a single folder.
So how much spam was it? See below…
Extremely large amount of Gmail spam
Also note the somewhat amusing targeted ad text, perhaps Gmail is trying to tell me something?
WIth over 600,000 spam mails trapped in the last 30 days, and another 322 spam mails that made it to the inbox, this domain receives by far the most spam mail I’ve ever seen. The 322 mails in the Inbox were hand filtered by me to remove any attempt at legitimate communication, so each of the mails in the Inbox is a false negative. As far as I can tell since I set up Gmail for this domain, I haven’t noticed any false positives, although I didn’t sift through 600,000 subject lines to confirm that. That means Gmail’s spam filter is roughly 99.95% effective according to this unscientific experiment.
Most of the spam is addressed to a set of random characters as a user on the domain. The spam is a grab-bag of zeitgeisty spam, acting like a barometer of spam. There is so much spam, it consumes 1825 MB (25%) of my 7085 MB quota.
What’s the most spam you’ve ever seen in a Gmail account? What’s the most spam you’ve ever seen in general? Sound-off below.
I used the same email address for about 12 years, from 1996 to 2008. My address was nearly the only one ever used from that domain, and I posted publicly on mailing lists, UseNet news, etc (especially for the first few years). Things like webmaster@ were aliased to me, but invalid randomly generated usernames would just be bounced by sendmail. SpamAssassin correctly categorized as spam 51,745 out of 51,996 emails received to that address in the last 15 days. So that’s just under 3,500 spams per day to a single address, which is about twice what I remember it being when I did similar math about a year ago. About 200 of those remaining 251 mails were also spam. So that’s a 99.6% success rate for SpamAssassin. Gmail beats SA by a narrow margin 😉
[…] this rather unusual attack email in one of our catch-all email honeypots after making it through Gmail’s infamously strong “award winning spam and virus filtering”: Dear […]