Tuesday, July 12, 2005

HACK: Use Gmail as a Spam Filter

Using Gmail as a Spam FilterI recently got my Gmail account up and running, but I wasn’t finding a whole lot of use for it since I have a primary account on MBoffin.com that I use for everything. Just for kicks, I decided to have all my MBoffin.com e-mail (spam and all) forwarded to my Gmail account to see how well it would handle my e-mail habits and workflows, and to see how well it would handle the spam.
Gmail did surprisingly well on all fronts. Much has been written in other circles about the nice and not so nice parts of Gmail’s user interface, so I won’t get into that discussion here.
After a couple of days using Gmail as my primary e-mail account, I started missing my MBoffin.com account. I like my MBoffin.com e-mail address and I’m not quite ready to leave it behind. But what to do with this nice new Gmail account? Then it hit me....
Could Gmail be used as a spam filter for my MBoffin.com e-mail account? The answer is yes, it can. And here’s how I figured it out.

Basic Procedure
Gmail allows you to forward incoming messages to any other e-mail address. Go to the Settings page and then to the Forwarding and POP tab. In the Forwarding option, set Gmail to forward all incoming mail to your regular e-mail account, and keep a copy in Gmail’s inbox.
(In this explanation, I will assume your regular e-mail address is user@domain.com and your Gmail address is user@gmail.com, and I apologize to Mr. User over at Domain.com and Mr. User over at Gmail if they get any extra mail from people following the steps in this article too literally.)
Once that forwarding rule is set on Gmail, all incoming mail to user@gmail.com will get spam filtered and anything left over will be forwarded to user@domain.com, with a copy left at Gmail. But that doesn’t help you much yet, because people are still sending spam directly to your user@domain.com account.
Now, over at your user@domain.com’s mail server, create a server-side filter to check the headers of any incoming e-mail. Have it forward to your Gmail account if it does not find the following in the header:
X-Forwarded-For: user@gmail.com user@domain.com
In English, the filter would be written: “Any mail that does not contain ‘X-Forwarded-For: user@gmail.com user@domain.com’ in the mail header should be forwarded to user@gmail.com”.
Once this server-side filter is in place, only mail on its way back from user@gmail.com (already filtered for spam) will be passed to your user@domain.com account's inbox. Everything else will be forwarded on to user@gmail.com to be filtered and forwarded back.

Another Advantage: Backup
Since Gmail is keeping a copy of all the mail it’s forwarding on, you now have an online backup of all your e-mails. If you were to somehow lose all the e-mails stored on your hard drive, you wouldn’t have to worry, as they would all be safely backed up over at Gmail, already spam filtered and everything. This means you can keep your local e-mail client clean and tidy, deleting e-mails as you see fit without worry that they are being deleted forever. They’re all backed up on Gmail the instant you receive them.
Will Spammers Now Add Headers to Prevent Being Forwarded to Gmail?
Sure, they could easily add the required header and trick your user@domain.com account into accepting spam, thinking it had already been spam filtered by Gmail. But here’s the kicker: They need to know your Gmail account address too.

Final Thoughts
Keep in mind that I only just figured this out tonight. I ran some tests and confirmed that it works, but that’s as far as it has gone. This hasn’t been tested over weeks and weeks, so if it continues to work well in the long run, great. Otherwise, I’m sure someone else will come up with a way to improve this.
While doing the testing, actual spam was being sent to my account (I get hundreds a day), and none of it made it through. It was all trapped at Gmail.
Update: Joe is testing this out with his Yahoo! account to see if a similar thing can be done. Report back, Joe! Let us know how it goes. Alex pointed out that you could set up parallel Yahoo! and Gmail accounts and sign up for the same spam lists to see which has better spam filtering.

(special thanks to mboffin.com for the info)

I've noticed that the GMail spam filtering is very good. Part of its success comes from the fact that the spam rules are being written by its users. If a user gets a spam mail in his/her inbox, all they have to do is mark it as spam, and after a set number of these instances from multiple users, that mail becomes marked as spam GMail-wide. The same applies to phishing scams, since GMail makes a definite distinction between the two, and allows you to report it as such. For those of you not in the know about such things, "phishing" is a type of email scam where the scammer creates an email that looks like it's from a legitimate sender, like eBay or some banking institution, notifying you about their need to update their records, or requesting you to confirm your account info before it's mysteriously cancelled. The goal of course is to get the reader to submit their personal account information on the phony site to which they have been forwarded from the email.

I have a ball every other day flipping through my spam box contents, and picking out the obvious phishing mails, marking them as phishing attempts. Every once in a great while, I get an obvious spam I've received in the spambox before, or a phishing email (even tagged as such) in my inbox. Compared to what Hotmail used to do to me, the rare slip up is absolutely acceptable in my eyes.

If you're a GMail user, and you'd like to know how to mark a mail in your spambox as a phishing attempt, simply look at the top of the email, where there is a little link called "more options" Click this link, and a line of links will now appear. Among them is an option called "Report as phishing". Click that link, and confirm your choice, and BOOM. You're done.

Some cues you can use to determine a phishing attempt are really obvious to most casual netizens, but might not be so readily apparent to the first-timer. Here are some hints:

1) The email claims to be sent from a banking institution, asking you for your account info to "update their records" or "prevent your account from being closed". The problem here? You probably DON'T have an account with that bank. DON'T even click anywhere in that email. It's one big image, and a complete fake. Also, banks will NEVER ask you to confirm private account information via email or the internet. EVER! Your bank has your phone number. They will call you and ask you to visit a nearby branch to get that information if they need it.

2) The email appears to be sent from PayPal or eBay, and basically encourages you to do the same thing as the bank scams. They want you to submit your account info online so they can use it to hijack your account, clear out any cash, and use it to scam someone else in a sale while remaining completely anonymous the entire time. Do you even HAVE a PayPal and/or eBay account? If so, remember that both PayPal and eBay will NEVER ask you for your personal info through email. They will send you a letter via regular US Mail, or call your phone if you left a valid number when setting up the account.

3) If you suspect a scam email, try this: move your mouse to the right, outside the frame of the email. Hold down the left mousebutton, and drag to the left across the body of the email. You are effectively drawing a selection box across the email. If the entire body of the email becomes highlighted, in one big block, even the empty space between sentences and paragraphs, then you can now clearly see that the entire message is one big image cleverly made to look like the real thing. NOBODY sends their official communications as an image made to look like typed text. Obvious scam attempt. Mark it as phishing and delete that sucker from your spambox.

Hope these tips help you to feel more confident and stay safe while you explore the Web!
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?