Filtering Gmail image spam
August 30, 2006 10:16 AM   Subscribe

Argh! Gmail image spam! I'm getting 20 of these a day. Since Google has failed to filter these messages, is there a workaround I can use? Also, would simply deleting these messages rather than marking them as spam reduce the possibility of false positives?
posted by Saucy Intruder to Technology (25 answers total) 6 users marked this as a favorite
 
Gmail doesn't automatically show images, you need to click on "Display images below". Did you accidentally click on " Always display images from..."?
posted by Blue Buddha at 10:32 AM on August 30, 2006


Same thing happening to me - a huge increase in image spam.

I don't know about Saucy - but I don't click on the display images button or open the emails Blue Budda - these are text embedded images. They're just in my in box instead of being filtered out as the spam they are.
posted by LadyBonita at 10:35 AM on August 30, 2006


I think Saucy Intruder is less worried about seeing the images than about the 20+ garabage messages filling up their inbox.
posted by alan at 10:36 AM on August 30, 2006


Blue Buddha: The spam image is displayed regardless of what your "Display images" setting is. From the linked article:
The email spammer's latest trick is to embed the text in an image with a plain background and send the picture as an attachment. GMail will automatically render the image when you open the email message since the image is an attachment and not linked to an external website.
posted by turbodog at 10:38 AM on August 30, 2006


I don't click on the images - in fact I didn't realize they had images until I searched out some reasons as to why I was getting more spam. The messages are filled with crap text in microscopic font and the ad itself is an inline image. I want Gmail to recognize these messages as spam without the possibility that legitimate messages will get blocked as a result of more creative spamming techniques.
posted by Saucy Intruder at 10:39 AM on August 30, 2006


Same here! Google's spam filtering has really failed me in the last, oh, I guess three weeks.

No advice, just sympathy.
posted by xmutex at 10:47 AM on August 30, 2006


These periodic upswings in spam seem to happen every so often, as they change their tactics. (I've noticed this one too. It's driving me nuts.) I'm sure Google is working on an effective detection method as we speak, however.
posted by BackwardsCity at 10:49 AM on August 30, 2006


would simply deleting these messages rather than marking them as spam reduce the possibility of false positives?

I'll be honest, here. I don't know anything about spam filtering technology. However, I would doubt that you'd get many false positives if you marked all these as spam. Unless you frequently have people that email you messages with nothing in the body of the message and a single image attachment. Personally, if it's spam, I mark it as such, in the assumption that Google will do better with more information than it would with less.
posted by MrZero at 10:53 AM on August 30, 2006


The worst part is that the spam I keep getting in this form is stock "tips". So there's even no "no one's buying the products/services I'm spamming for" disincentive. The subject lines are random, but believable words. I'm sure I've deleted legitimate emails thinking they were this new kind of spam.

I don't have any tips, just commiseration.
posted by ontic at 10:54 AM on August 30, 2006


I've seen an upswing in these too. They seem to use a variety of tricks to avoid spam filters-- no direct links to sites and the image is subtly altered with noise (random pixels and lines) so collaborative filters don't work.
posted by justkevin at 11:11 AM on August 30, 2006


Unless you frequently have people that email you messages with nothing in the body of the message and a single image attachment.

Unfortunately, the spammers are smarter than this. They often include unrelated text in addition to the image, usually conversational in nature and often pulled directly from e-text archives like Project Gutenberg. Therefore, it can look quite similar to your mate sending something over to get a laugh.

That said, the included text isn't that good. Keep marking them as spam, and the filter should be able to make some Bayesian rules to catch them. It's starting to work with my SpamAssassin install, although only around 70% right now.
posted by deadfather at 11:33 AM on August 30, 2006


I have been getting these exact spams for many months, now on the order of several dozen a day.

I tried creating a filter of "has attachment" checked and "Has the Words:" with ".gif". A test search reveals this works for almost all spam, but there are false positives from legit sites that send messages with their logo embedded as an attachment instead of loaded remotely.

I wish Gmail had a "From: no one that I've emailed with before" option, because these image spams are always some random made up email address.
posted by mathowie at 11:39 AM on August 30, 2006


Oh man, I think I got it!

I just included words that show up in the legit company email, and the test search reveals thousands of these spams, with no visible false positives.
posted by mathowie at 11:42 AM on August 30, 2006


Um. Care to spell out what you did for the less filter-y inclined, Matt? Thanks!
posted by pzarquon at 11:49 AM on August 30, 2006


Sounds like Matt just looked at the few legit e-mails that had ".gif" attachments and found some words they always contained, then included them in the filter (as negatives). Words like: "Matt" and "company", I imagine.

Doing stuff like that always makes me squeamish, though, because (to me) it's just screaming for false positives. But I imagine that if you get 10 trillion e-mails a day, as Matt does, that squeamishness subsides.
posted by deadfather at 12:02 PM on August 30, 2006


Here it is, spelled out. Keep in mind it will delete any email with a gif attachment instantly, which is crazy, but I'm so tired of this spam I'm doing it.
posted by mathowie at 12:02 PM on August 30, 2006 [1 favorite]


The worst part is that the spam I keep getting in this form is stock "tips". So there's even no "no one's buying the products/services I'm spamming for" disincentive.

I can't recall where, but I recently read an article about a guy who was buying these stocks, sending out the spam, waiting a day, and then immediately selling the stock. He was turning a 6% profit off of these idiots. In addition, since he was getting results and had now been profiled, expect more idiots to try it, which means more stock spam.
posted by dobbs at 12:09 PM on August 30, 2006


Man, Matt, when you make a blunt tool you make it really blunt. Alas, the next step is these guys will switch to JPG or PNG. I'm not quite willing to delete all email with attached JPGs.

For what it's worth, it's not just gmail. My own custom spamassassin/spambayes setup can't filter these things either.
posted by Nelson at 12:40 PM on August 30, 2006


I've just marked them as spam over the last couple of months and now GMail automatically filters them. It took longer than usual to train the filter, but I never see them anymore.
posted by jacquilynne at 1:49 PM on August 30, 2006


OK, I tried this:
Has the Words | multipart/related .gif
X Has attachment
and to forward everything to the trash (which will automatically clear after 30 days)

No false positives from what I see so far... thanks Matt, and everyone.
posted by Saucy Intruder at 3:00 PM on August 30, 2006 [2 favorites]


I followed saucy's settings but also included my name under the field "doe not contain." so far no false positives.
posted by nyu2 at 10:24 PM on August 30, 2006


I found adding my name meant email that was addressed to my email (with my name in it) would get through unfortunately.
posted by mathowie at 11:21 PM on August 30, 2006


Saucy, could you spell out what exactly you mean there? I don't follow the syntax. Thanks!
posted by coolhappysteve at 8:53 PM on August 31, 2006




posted by Saucy Intruder at 7:56 AM on September 1, 2006


I should add however that all my spam is sent to an aliased e-mail address that is no longer heavily in use by legitimate mail senders. My own version of the filter puts the alternative domain in the "to" box. Leaving it out still captures some legitimate messages - almost all of these are messages from relatives with vacation or new-baby picture attachments. So you could conceivably white-list these people by putting them in the "Doesn't Have" box.
posted by Saucy Intruder at 7:59 AM on September 1, 2006


« Older Cheap travel from Estapona to Gibraltar or...   |   How do I get the Outlook web browser in c#? Newer »
This thread is closed to new comments.