No matter how hard Google tries to keep important stuff in our Gmail inboxes and garbage filtered away into our spam folders, we still end up dumpster-diving into that spam folder to find missing email.
Well, we should be taking fewer and fewer of those dives, thanks to Google having smartened up its spam filters and having launched what it’s calling Gmail Postmaster Tools, the company said on Thursday.
These are tools for qualified senders of high-volume email: the senders who send out large amounts of non-spammy email, such as banks or airlines that send monthly statements or ticket receipts.
Sometimes these innocent, desirable emails mistakenly get lumped in with the seedier inhabitants of email land, and thus do they wind up in the spam folder and force us to go picking through the garbage to find them.
The new tools will help such high-volume senders analyze their email, Google says, including data on delivery errors, spam reports, and reputation:
This way they can diagnose any hiccups, study best practices, and help Gmail route their messages to the right place.
As far as getting smarter about accurately identifying spam goes, Google’s been using machine learning to improve its spam filters from the get-go.
Every time we click “Report spam” or “Not spam”, the spam filters get a little bit smarter about what we want and don’t want in our inboxes.
Google says it’s now also bringing the same intelligence of its Google Search and Google Now services to its spam filters in a number of ways that should help identify the truly spammy and weed out the truly phishy.
From its announcement:
- For starters, the spam filter now uses a neural network to detect and block the especially sneaky spam—the kind that could actually pass for wanted mail.
- Google says it also recognizes that not all inboxes are alike. So while your neighbor may love weekly email newsletters, you may loathe them. With advances in machine learning, the spam filter can now reflect these individual preferences.
- Finally, Google says the spam filter is better than ever at rooting out email impersonation – what it calls “that nasty source” of most phishing scams. Thanks to new machine learning signals, Gmail can now figure out whether a message actually came from its sender, and thus keep bogus email at bay.
These are glad tidings. At Naked Security, we’re always warning people to stay alert to phishing attempts by:
- being wary when it comes to unsolicited email;
- never clicking on links in unsolicited email; and
- never opening attachments in unsolicited email.
But things can and do get a lot stickier in real life.
We open unsolicited email all the time, which is why we should of course learn to recognize the overt signs of a scam email – i.e., poor spelling and grammar, suspicious senders, uncommon requests, terrible formatting, bogus links, and more.
Naked Security’s John Shier dove into just how tricky it can be to discern if an email is real or a scam.
Being able to discern the difference is important, given that cyber crooks doggedly attack us on a daily basis, be it via phishing email or phishing sites.
After all, as Google found in a study last autumn, phishing may sound old school, but it’s alive and well, with some masterpieces of phishery being so convincing that they work on an eye-popping 45% of visitors.
So good on Google for throwing its machine learning at this continuing security threat.
Thankfully, its postmaster tools are only available to qualified senders who meet its reputation requirement: no spammers or phishers allowed.
So tough luck, guys: you’re on your own when it comes to trying to contact us about that Nigerian prince’s inheritance.
Image of spam folder courtesy of Shutterstock.
Damon
I’m trying to figure this out. At the moment mail for the domain I setup for my company is hosted by Office 365 and thus has a TXT record as recommended by Microsoft of the form:
v=spf1 a mx ip4=93.184.216.34 a:server.example.com include:spf.protection.outlook.com -all
Google’s postmaster tools recommend I add an additional TXT record of the form:
google-site-verification=someAlphaNumericCodeThatOnlyGoogleUnderstands
What will this additional “Google” stamp of authority provide?
Mark Stockley
They do different jobs.
The first TXT record is an SPF (Sender Policy Framework) record. It’s a short, coded description that lists the computers that are allowed to send email on your behalf and recommendations about how email software should treat emails that don’t comply.
If my email software receives an email that appears to be from you that’s sent from a computer that isn’t described by your SPF record my software will reject it.
SPF syntax is widely used and widely understood and reaches beyond the realms of Microsoft and Google.
If you want to know what your SPF record says, read this:
http://www.openspf.org/SPF_Record_Syntax
The second TXT record is something Google gives you to prove to Google that you control a particular domain. If you can add that TXT record to your DNS then by definition you have control of your DNS records.
Damon
Thanks for your response, Mark. So Google’s postmaster tools are essentially a statement confirming control over your DNS? That’s all?
Mark Stockley
The TXT record is a demonstration of ownership, yes. As to whether or not that’s all there is I can’t say—I’ve not used Postmaster tools.
What I do know is that in other contexts where that TXT record is used (such as Webmaster Tools) it’s a security check that you have to pass before Google will let you see or do anything useful.
Bandi
So, Do we need to have 2 TXT records for one domain . One SPF and google-site-verification code?
Mark Stockley
The TXT record containing the Google verification code is a necessary precursor to using Google Postmaster Tools or Google Webmaster Tools.
The TXT record containing the SPF information has nothing to do with Google Postmaster Tools and isn’t mandatory, but it is a good idea.
Niraj Ranjan Rout (@nirajr)
Excellent article, Lisa! No more ‘you have won $25m’ annoying mails I hope. Thanks, Niraj
Brendan Casey
Where do I send my Invoice for Teaching Googles AI how to do it’s job?