logo

drewdevault.com

[mirror] blog and personal website of Drew DeVault git clone https://hacktivis.me/git/mirror/drewdevault.com.git

Gmail-is-a-huge-source-of-spam.md (2801B)

    

  1. ---
  2. title: Gmail is a huge source of spam
  3. date: 2021-02-25
  4. ---
  6. 5× as many spam registrations on sourcehut are from gmail than from the
  7. second-largest offender.
  9. ```
  10. # SELECT
  11.   SPLIT_PART(email, '@', 2) as domain, count(*) as count
  12.   FROM "user"
  13.   WHERE user_type = 'suspended'
  14.   GROUP BY domain
  15.   ORDER BY count DESC;
  16.           domain           | count
  17. ---------------------------+-------
  18.  gmail.com                 |   119
  19.  qq.com                    |    26
  20.  mail.ru                   |    17
  21.  mailinator.com            |    10
  22.  yopmail.com               |     6
  23.  aol.com                   |     6
  24.  yahoo.com                 |     6
  25. [...more omitted...]
  26. ```
  28. This is just the ones which got through: most spam registrations are detected
  29. and ignored before they make it to the database.
  31. A huge number of spam emails I recieve in my personal inbox originate from
  32. @gmail.com, and often they arrive in my inbox unscathed (as opposed to going to
  33. Junk) because Gmail is considered a reputable mail provider. My colleague
  34. estimates that between 15% and 25% of the spam emails sent to a mailing list he
  35. administrates comes from Gmail.
  37. One might argue that, because Gmail is the world's largest email provider, it's
  38. natural to expect that they would have the largest volume of spam simply because
  39. they have proportionally more users who might use it for spam. I would argue
  40. that this instead tells us that they have the largest responsibility to curtail
  41. spam on their platform.
  43. I've forwarded many, many reports to abuse@gmail.com, but they've never followed
  44. up and the problem has not become any better. I have had half a mind to block
  45. Gmail registrations on sourcehut outright, but about 41% of all registrations
  46. use Gmail.
  48. It bears repeating that anyone with any level of technical expertise ought to
  49. know better than to use Gmail. I usually recommend
  50. [Migadu](https://www.migadu.com)[^1], but there are many options to choose from.
  51. If you're worried about mail deliverability issues, don't be — it's more
  52. or less a myth in $CURRENTYEAR. If you set up
  53. <abbr title="DomainKeys Identified Mail, an means of verifying message authenticity">DKIM</abbr>
  54. properly and unlist your IP address from the
  55. <abbr title="DNS blocklists">DNSBL</abbr>s (a simple process), then your mails
  56. will get through.
  58. [^1]: Full disclosure: sourcehut has a business relationship with Migadu, though I've recommended them since long before we met.
  60. In case you're wondering, the dis-award for second-worst goes to Amazon SES.
  61. They don't register on sourcehut (it's outgoing only, so that makes sense), but
  62. I see them often in my personal inbox. However, SES only appears at a rate of
  63. about a tenth of the gmail spam, and they appear to actually listen to my abuse
  64. reports, so I can more or less forgive them for it.