Wednesday, December 02, 2009

It's not over. The rise of second generation spam.

First generation spam was pretty bad, but it's more or less under control now. Between sharpening spam recognition algorithms, crowd sourcing, and managing the reputation of authenticated sending services Google has beaten back the tide.

So that's it for spam?

Heh. Of course not. Now we have second generation spam.

Second generation spam does not use forged headers -- though the headers do seem to change a fair bit. This spam is not anonymous, it markets real goods, services - and politicians.

The goods and services aren't too hard to manage. I created a filter that sends anything from "" to the trash -- that took care of 80% of it.

The politicians are much worse. I get daily spam from fund raising politicos, PACs and other accessories to the political process. I now have about 25 Gmail filters that do nothing but delete all incoming email from their domains. The domains typically last a few months, and then there's a new crop. At this rate I'll have 200+ Gmail filters that delete email from largely defunct domains.

What? Ask to be removed from the lists? Clearly you're just toying with me. I tried that of course, but it doesn't work. I just get added back in they next time some politico buys a list. (Maybe I should start forwarding to as well?)

It's hard for any ISP to block this kind of spam. Politicians generally exempt themselves from laws that slow fundraising; if Google blocked their spam they'd be asking for a world of hurt. Better to get between a Grizzly and her cub than between a politician and your wallet.

We need a different approach to political spam. Sorry, I have to vote for some these dorks -- better spam than Palin and her ilk! So changing my vote's not enough. Any ideas?

I do have one quick fix. Google could add a "blacklist all from this domain" to the message action select menu. Choose it and the message is deleted and the blacklist entry created in a one move.

Another related fix -- allow Gmail users to share their blacklists. So Google wouldn't get in trouble, because we'd be choosing what block.

Any other ideas?

No comments: