logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

Gmail-is-a-huge-source-of-spam.md (2826B)

    

  1. ---
  2. title: Gmail is a huge source of spam
  3. date: 2021-02-25
  4. outputs: [html, gemtext]
  5. ---
  7. 5× as many spam registrations on sourcehut are from gmail than from the
  8. second-largest offender.
  10. ```
  11. # SELECT
  12.   SPLIT_PART(email, '@', 2) as domain, count(*) as count
  13.   FROM "user"
  14.   WHERE user_type = 'suspended'
  15.   GROUP BY domain
  16.   ORDER BY count DESC;
  17.           domain           | count
  18. ---------------------------+-------
  19.  gmail.com                 |   119
  20.  qq.com                    |    26
  21.  mail.ru                   |    17
  22.  mailinator.com            |    10
  23.  yopmail.com               |     6
  24.  aol.com                   |     6
  25.  yahoo.com                 |     6
  26. [...more omitted...]
  27. ```
  29. This is just the ones which got through: most spam registrations are detected
  30. and ignored before they make it to the database.
  32. A huge number of spam emails I recieve in my personal inbox originate from
  33. @gmail.com, and often they arrive in my inbox unscathed (as opposed to going to
  34. Junk) because Gmail is considered a reputable mail provider. My colleague
  35. estimates that between 15% and 25% of the spam emails sent to a mailing list he
  36. administrates comes from Gmail.
  38. One might argue that, because Gmail is the world's largest email provider, it's
  39. natural to expect that they would have the largest volume of spam simply because
  40. they have proportionally more users who might use it for spam. I would argue
  41. that this instead tells us that they have the largest responsibility to curtail
  42. spam on their platform.
  44. I've forwarded many, many reports to abuse@gmail.com, but they've never followed
  45. up and the problem has not become any better. I have had half a mind to block
  46. Gmail registrations on sourcehut outright, but about 41% of all registrations
  47. use Gmail.
  49. It bears repeating that anyone with any level of technical expertise ought to
  50. know better than to use Gmail. I usually recommend
  51. [Migadu](https://www.migadu.com)[^1], but there are many options to choose from.
  52. If you're worried about mail deliverability issues, don't be — it's more
  53. or less a myth in $CURRENTYEAR. If you set up
  54. <abbr title="DomainKeys Identified Mail, an means of verifying message authenticity">DKIM</abbr>
  55. properly and unlist your IP address from the
  56. <abbr title="DNS blocklists">DNSBL</abbr>s (a simple process), then your mails
  57. will get through.
  59. [^1]: Full disclosure: sourcehut has a business relationship with Migadu, though I've recommended them since long before we met.
  61. In case you're wondering, the dis-award for second-worst goes to Amazon SES.
  62. They don't register on sourcehut (it's outgoing only, so that makes sense), but
  63. I see them often in my personal inbox. However, SES only appears at a rate of
  64. about a tenth of the gmail spam, and they appear to actually listen to my abuse
  65. reports, so I can more or less forgive them for it.