logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

Gmail-is-a-huge-source-of-spam.md (2801B)


  1. ---
  2. title: Gmail is a huge source of spam
  3. date: 2021-02-25
  4. ---
  5. 5× as many spam registrations on sourcehut are from gmail than from the
  6. second-largest offender.
  7. ```
  8. # SELECT
  9. SPLIT_PART(email, '@', 2) as domain, count(*) as count
  10. FROM "user"
  11. WHERE user_type = 'suspended'
  12. GROUP BY domain
  13. ORDER BY count DESC;
  14. domain | count
  15. ---------------------------+-------
  16. gmail.com | 119
  17. qq.com | 26
  18. mail.ru | 17
  19. mailinator.com | 10
  20. yopmail.com | 6
  21. aol.com | 6
  22. yahoo.com | 6
  23. [...more omitted...]
  24. ```
  25. This is just the ones which got through: most spam registrations are detected
  26. and ignored before they make it to the database.
  27. A huge number of spam emails I recieve in my personal inbox originate from
  28. @gmail.com, and often they arrive in my inbox unscathed (as opposed to going to
  29. Junk) because Gmail is considered a reputable mail provider. My colleague
  30. estimates that between 15% and 25% of the spam emails sent to a mailing list he
  31. administrates comes from Gmail.
  32. One might argue that, because Gmail is the world's largest email provider, it's
  33. natural to expect that they would have the largest volume of spam simply because
  34. they have proportionally more users who might use it for spam. I would argue
  35. that this instead tells us that they have the largest responsibility to curtail
  36. spam on their platform.
  37. I've forwarded many, many reports to abuse@gmail.com, but they've never followed
  38. up and the problem has not become any better. I have had half a mind to block
  39. Gmail registrations on sourcehut outright, but about 41% of all registrations
  40. use Gmail.
  41. It bears repeating that anyone with any level of technical expertise ought to
  42. know better than to use Gmail. I usually recommend
  43. [Migadu](https://www.migadu.com)[^1], but there are many options to choose from.
  44. If you're worried about mail deliverability issues, don't be — it's more
  45. or less a myth in $CURRENTYEAR. If you set up
  46. <abbr title="DomainKeys Identified Mail, an means of verifying message authenticity">DKIM</abbr>
  47. properly and unlist your IP address from the
  48. <abbr title="DNS blocklists">DNSBL</abbr>s (a simple process), then your mails
  49. will get through.
  50. [^1]: Full disclosure: sourcehut has a business relationship with Migadu, though I've recommended them since long before we met.
  51. In case you're wondering, the dis-award for second-worst goes to Amazon SES.
  52. They don't register on sourcehut (it's outgoing only, so that makes sense), but
  53. I see them often in my personal inbox. However, SES only appears at a rate of
  54. about a tenth of the gmail spam, and they appear to actually listen to my abuse
  55. reports, so I can more or less forgive them for it.