Filtering Gmail image spam
August 30, 2006 10:16 AM   Subscribe

Gmail doesn't automatically show images, you need to click on "Display images below". Did you accidentally click on " Always display images from..."?
posted by Blue Buddha at 10:32 AM on August 30, 2006

Same thing happening to me - a huge increase in image spam.

I don't know about Saucy - but I don't click on the display images button or open the emails Blue Budda - these are text embedded images. They're just in my in box instead of being filtered out as the spam they are.
posted by LadyBonita at 10:35 AM on August 30, 2006

I think Saucy Intruder is less worried about seeing the images than about the 20+ garabage messages filling up their inbox.
posted by alan at 10:36 AM on August 30, 2006

Blue Buddha: The spam image is displayed regardless of what your "Display images" setting is. From the linked article:

The email spammer's latest trick is to embed the text in an image with a plain background and send the picture as an attachment. GMail will automatically render the image when you open the email message since the image is an attachment and not linked to an external website.

posted by turbodog at 10:38 AM on August 30, 2006

Same here! Google's spam filtering has really failed me in the last, oh, I guess three weeks.

No advice, just sympathy.
posted by xmutex at 10:47 AM on August 30, 2006

These periodic upswings in spam seem to happen every so often, as they change their tactics. (I've noticed this one too. It's driving me nuts.) I'm sure Google is working on an effective detection method as we speak, however.
posted by BackwardsCity at 10:49 AM on August 30, 2006

would simply deleting these messages rather than marking them as spam reduce the possibility of false positives?

I'll be honest, here. I don't know anything about spam filtering technology. However, I would doubt that you'd get many false positives if you marked all these as spam. Unless you frequently have people that email you messages with nothing in the body of the message and a single image attachment. Personally, if it's spam, I mark it as such, in the assumption that Google will do better with more information than it would with less.
posted by MrZero at 10:53 AM on August 30, 2006

The worst part is that the spam I keep getting in this form is stock "tips". So there's even no "no one's buying the products/services I'm spamming for" disincentive. The subject lines are random, but believable words. I'm sure I've deleted legitimate emails thinking they were this new kind of spam.

I don't have any tips, just commiseration.
posted by ontic at 10:54 AM on August 30, 2006

I've seen an upswing in these too. They seem to use a variety of tricks to avoid spam filters-- no direct links to sites and the image is subtly altered with noise (random pixels and lines) so collaborative filters don't work.
posted by justkevin at 11:11 AM on August 30, 2006

Unless you frequently have people that email you messages with nothing in the body of the message and a single image attachment.

Unfortunately, the spammers are smarter than this. They often include unrelated text in addition to the image, usually conversational in nature and often pulled directly from e-text archives like Project Gutenberg. Therefore, it can look quite similar to your mate sending something over to get a laugh.

That said, the included text isn't that good. Keep marking them as spam, and the filter should be able to make some Bayesian rules to catch them. It's starting to work with my SpamAssassin install, although only around 70% right now.
posted by deadfather at 11:33 AM on August 30, 2006

I have been getting these exact spams for many months, now on the order of several dozen a day.

I tried creating a filter of "has attachment" checked and "Has the Words:" with ".gif". A test search reveals this works for almost all spam, but there are false positives from legit sites that send messages with their logo embedded as an attachment instead of loaded remotely.

I wish Gmail had a "From: no one that I've emailed with before" option, because these image spams are always some random made up email address.
posted by mathowie at 11:39 AM on August 30, 2006

Oh man, I think I got it!

I just included words that show up in the legit company email, and the test search reveals thousands of these spams, with no visible false positives.
posted by mathowie at 11:42 AM on August 30, 2006

Um. Care to spell out what you did for the less filter-y inclined, Matt? Thanks!
posted by pzarquon at 11:49 AM on August 30, 2006

Sounds like Matt just looked at the few legit e-mails that had ".gif" attachments and found some words they always contained, then included them in the filter (as negatives). Words like: "Matt" and "company", I imagine.

Doing stuff like that always makes me squeamish, though, because (to me) it's just screaming for false positives. But I imagine that if you get 10 trillion e-mails a day, as Matt does, that squeamishness subsides.
posted by deadfather at 12:02 PM on August 30, 2006

The worst part is that the spam I keep getting in this form is stock "tips". So there's even no "no one's buying the products/services I'm spamming for" disincentive.

I can't recall where, but I recently read an article about a guy who was buying these stocks, sending out the spam, waiting a day, and then immediately selling the stock. He was turning a 6% profit off of these idiots. In addition, since he was getting results and had now been profiled, expect more idiots to try it, which means more stock spam.
posted by dobbs at 12:09 PM on August 30, 2006

Man, Matt, when you make a blunt tool you make it really blunt. Alas, the next step is these guys will switch to JPG or PNG. I'm not quite willing to delete all email with attached JPGs.

For what it's worth, it's not just gmail. My own custom spamassassin/spambayes setup can't filter these things either.
posted by Nelson at 12:40 PM on August 30, 2006

I've just marked them as spam over the last couple of months and now GMail automatically filters them. It took longer than usual to train the filter, but I never see them anymore.
posted by jacquilynne at 1:49 PM on August 30, 2006

I followed saucy's settings but also included my name under the field "doe not contain." so far no false positives.
posted by nyu2 at 10:24 PM on August 30, 2006

I found adding my name meant email that was addressed to my email (with my name in it) would get through unfortunately.
posted by mathowie at 11:21 PM on August 30, 2006

Saucy, could you spell out what exactly you mean there? I don't follow the syntax. Thanks!
posted by coolhappysteve at 8:53 PM on August 31, 2006

« Older What is the cheapest way for m...   |   Outlook Add-in Filter: How ca... Newer »

This thread is closed to new comments.