Google is making a small, but potentially important, change to the way that Gmail handles some special characters in messages as a way to defeat a common tactic used by spammers to confuse recipients and trick them into opening emails.
In the early days of email, getting junk messages into the hands of recipients wasn’t difficult. The real challenge was getting a list of valid email addresses to hit. Those lists were sold on underground forums and passed around on CDs among spammers. Junk email filters were in their infancy and not very effective. Spammers would make small tweaks to their subject lines or the domains they were using and usually have no trouble evading the filters. As anti-spam techniques improved over the years and reputation systems and other predictive techniques came into play, spammers have had a much more difficult time getting their messages into inboxes.
One tactic that has remained relatively effective is the use of special, non-Latin, characters in domain names in order to fool users into clicking on them. Spammers and attackers will register domains that closely resemble high-value sites such as banking or shopping sites, and replace one or two of the letters in the domain with a character from a different alphabet. So a domain like Hackedbank.com would become Hackedbɑnk.com, using the lowercase Greek letter alpha rather than the Latin lowercase a. The difference is quite difficult to spot for many users and clicking on such a link can be a dangerous mistake.
Now, Google is adopting a technique that will help identify certain combinations of these characters that often are used for malicious purposes.
“To stay one step ahead of spammers, the Unicode community has identified suspicious combinations of letters that could be misleading, and Gmail will now begin rejecting email with such combinations. We’re using an open standard—the Unicode Consortium’s “Highly Restricted” specification—which we believe strikes a healthy balance between legitimate uses of these new domains and those likely to be abused,” Mark Risher of Google’s spam and abuse team said in a blog post.
The move by Google comes shortly after the company announced that it was supporting the use of non-Latin characters in Gmail as a way to make the service more useful for users around the world. That change is an important one for many users, but it also could open the door for more of the attacks that Risher described.