Greg Hewgill (ghewgill) wrote,
Greg Hewgill
ghewgill

gmail thinks I'm a spammer

I've been using gmail for a while now. I have set up procmail rules that forward all my email to my gmail account for easier reading (I like the way gmail lets me read mailing lists and such). What I've noticed for a while now, is that whenever I make a post to a mailing list, my own message ends up in my gmail Spam folder. Every time this happens, I mark it as "Not spam" and move it back out. It doesn't help. I tried some test messages today to my gmail account and other gmail accounts, and each time my email was marked as spam.

Unfortunately, gmail does not provide a way for me to determine why a given message is marked as spam. But I have my own theory...

Recent generations of email worms (such as Netsky and Bagle) send worm messages using email addresses found on the infected computer. These email engines scan through the computer's hard drive looking for various types of files that contain email addresses, and send email worm messages using those addresses in the To and From field. I get a lot of these messages, usually about a thousand per day (slightly less on weekends). Assuming the worms randomly select addresses, I can assume that at least an equivalent number of worm messages are also sent "From" my email address.

The next question is why does my email address appear on so many computers around the world? I believe the answer lies with VNC. Many years ago I contributed some code to the VNC project, and the VNC authors acknowledged my contribution by including my email address in the VNC "history.txt" file. Since VNC is a very popular program, my email address appears in a .txt file on an unknown number of computers on the Internet, where it can be easily picked up and used by email worms.

I have done some analysis of email worm messages I receive, and a significant number of them (around 20%, I don't remember the exact number) have addresses in the From field that also come from VNC-related files. This lends support to my theory.

Connecting the dots, it seems that gmail's systemwide spam filter has identified <greg@hewgill.com> as a sender whose messages should always be marked as spam. It's quite disappointing for me to reach this conclusion.

I have submitted a problem report to gmail, asking whether they can shed any light on this issue. The ideal solution would be to remove my name from their global address filter list, and instead let the filtering happen by content (gmail rejects worm-infected email). The worst case solution is they ignore the problem or just tell me to change my email address (which I don't consider an acceptable solution).

Another disheartening implication here is that other email providers, large or small, might also automatically consider my email messages spam for the same reasons. This would not make me very happy.

Tags: email, spam
Subscribe

  • url blacklists

    One of the most useful antispam techniques of late has been the "URL blacklist". This compares all URLs found within a message body against one or…

  • another spam filter rendered ineffective

    A while ago I turned up as much spam and junk mail protection stuff as I could find in my Postfix configuration. Specifically, I had the following…

  • stock spam disclaimer

    I happened to read the disclaimer text at the bottom of a stock spam I got today. I was amused (emphasis mine): Information within this report…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 3 comments