Google is making a small, but potentially important, change to the way that Gmail handles some special characters in messages as a way to defeat a common tactic used by spammers to confuse recipients and trick them into opening emails.

In the early days of email, getting junk messages into the hands of recipients wasn’t difficult. The real challenge was getting a list of valid email addresses to hit. Those lists were sold on underground forums and passed around on CDs among spammers. Junk email filters were in their infancy and not very effective. Spammers would make small tweaks to their subject lines or the domains they were using and usually have no trouble evading the filters. As anti-spam techniques improved over the years and reputation systems and other predictive techniques came into play, spammers have had a much more difficult time getting their messages into inboxes.

One tactic that has remained relatively effective is the use of special, non-Latin, characters in domain names in order to fool users into clicking on them. Spammers and attackers will register domains that closely resemble high-value sites such as banking or shopping sites, and replace one or two of the letters in the domain with a character from a different alphabet. So a domain like Hackedbank.com would become Hackedbɑnk.com, using the lowercase Greek letter alpha rather than the Latin lowercase a. The difference is quite difficult to spot for many users and clicking on such a link can be a dangerous mistake.

Now, Google is adopting a technique that will help identify certain combinations of these characters that often are used for malicious purposes.

“To stay one step ahead of spammers, the Unicode community has identified suspicious combinations of letters that could be misleading, and Gmail will now begin rejecting email with such combinations. We’re using an open standard—the Unicode Consortiums “Highly Restricted” specification—which we believe strikes a healthy balance between legitimate uses of these new domains and those likely to be abused,” Mark Risher of Google’s spam and abuse team said in a blog post.

The move by Google comes shortly after the company announced that it was supporting the use of non-Latin characters in Gmail as a way to make the service more useful for users around the world. That change is an important one for many users, but it also could open the door for more of the attacks that Risher described.

Categories: Malware, Scams, Web Security

Comments (4)

  1. Paul M
    2

    I’m getting ridiculous amounts of spam to my primary box on GMail today. It’s almost as if they’ve made it a lot worse than it was. I’m getting several junk mails per hour. Today, Mon 18th. Was fine yesterday and indeed has been for a long time.

    Reply
  2. Kay
    3

    I can not get into my gmail. It says certificate Error. Different website address, navigation blocked. Help I don’t know what to do.

    Reply
    • Paul M
      4

      Kay, it sounds like you’re the victim of [insert any number of things here].

      Firstly, try with a different browser.

      I’m no expert on matters like this but somebody could potentially get your computer to redirect gmail.com to their own server but it still looks like Gmail.

      There’s no doubt people here who can offer better and more useful advice.

      What do you get when you look up Gmail?

      $ nslookup gmail.com

      Non-authoritative answer:
      Name: gmail.com
      Address: 173.194.41.149
      Name: gmail.com
      Address: 173.194.41.150

      Reply

Leave A Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>