Wednesday, July 09, 2008

GMail Filter Is Not 100% Success

It seems that GMail new feature about Phishing filter is not 100% working for all people. Abhinav.Singh still has a problem with Paypal which he posted on his blog. It's dated 8 July, so it's still fresh (only few hours after GMail announced their new filter).

As you can see in the image, phisher usually uses undisclosed-recipient as the recipient and not our single email account because they sent a mass email to lots of people. So by looking at this criteria, we could reduce the risk by deleting or marking it spam. And also, PayPal usually write their customer's name in most of their email messages, so if you receive messages from PayPal without your full name, please beware. It might be phishing attempt.

Update (10 July 2008 : 06:45): Thanks to Somesh for clarification. GMail seems to use filters only for emails that tries to camouflage as PayPal or Ebay and ends with @paypal.com or @ebay.com (email spoofing), but emails that tries to camouflage as PayPal or Ebay and uses domain other than paypal.com and ebay.com will not get filtered away (this is what happened in Abhinav's case with @online.net domain). Please pay more attention about this.

3 comments:

  1. With the new filter, I guess, Gmail team claimed to be able to authenticate every email that seems to be coming from ebay or paypal i.e., with a from field containing @ebay.* or @paypal.com. The mail Abhinav has referred is coming from @online.net and that's probably why that is beyond authentication and not filtered out. So if I compose a message with same format and send it from my personal ID, the phishing filter will not filter it out. But if I set my from field as *@paypal.com and send it from my personal account it will be filtered out. Nonetheless, the mail referred here should've been caught by their spam filter and delivered as Spam not to Inbox.

    ReplyDelete
  2. Anonymous10:51 AM

    There are no system that really perfect. So is gmail security. I definitely appreciate gmail team for their improvement effort.

    Anyway gmail handle phising, junk, and spam better than yahoo mail free

    ReplyDelete
  3. Agreed. At least they have provide better mechanism than Yahoo and it's more open

    ReplyDelete