Received an email purporting to be from Dick’s Sporting Goods, McAfee, MedicarePlans or any other random businesses you’ve never interacted with lately?
You aren’t alone.
Anecdotal evidence from Gmail users—including the author of this story—suggests that something changed with Gmail’s spam filter settings in recent weeks, resulting in the email provider letting through messages that would otherwise never make their way out of a user’s spam folder.
Social media is rife with complaints from people receiving spam messages in their Gmail accounts promising free Yeti coolers and window replacements.
Users are now complaining that Gmail’s spam filter “has fallen off a cliff this year” and has “decided to quit working without handing in its two-week notice.” One person wants to “have a frank and honest conversation about how bad your spam filter is.”
No one really knows how Gmail’s spam filter works, according to Francisco Jáñez-Martino, a researcher at the University of Leon who studies spam detection software and how those seeking to subvert it play their cat-and-mouse game to avoid changes.
“If email services publish their filters, they directly give worthy clues to bypass them,” Jáñez-Martino said to the Daily Dot. “Hence, Google, Meta or Microsoft, among others, hardly ever publish papers where they explain their filters.”
However, academics think there are ways to decipher at a high level what goes on with Gmail’s filters. Jáñez-Martino says that the current crop of anti-spam filters utilize artificial intelligence—and in particular, natural language processing (NLP) to extract and collect information from email headers, bodies, and attachments. This feeds an intelligence system that decides whether an email is spam.
How a user interacts with that email, including whether they mark a specific email as spam or suggest that it isn’t, trains Gmail’s filtering process, the Daily Dot understands.
It’s also believed that if you accidentally click on one of those emails, sating your curiosity, it would send a signal to Gmail that you’re interested in more like that—potentially opening you up to a whole host more emails. If you’ve ever opened one and not reported it, you may accidentally made matters worse.
Alan Woodward, a cybersecurity professor at the University of Surrey, suggests that Google’s spam filter doesn’t have the finesse of others.
“The filter uses a few factors, and depending on the receiving server it includes time it was sent, content of message, as well as comparing it to blocked senders lists, blacklists, and blocked character sets,” he said to the Daily Dot.
Those components come together to give each email a score. If the email gets a high spam likelihood score, it’s sent to junk mail. “This threshold can vary over time,” Woodward said.
The cybersecurity professor suggests that the reason we may be seeing more spam trickling through is because Gmail may have tinkered with the threshold after criticism by the Republican party, which claimed that an overly large proportion of its emails were blocked in comparison to those sent by Democrats.
As a result, some verified political groups can now sidestep Gmail’s spam filter.
And given spammers are always looking for ways to eke out an advantage against those trying to stop them, this may have given them a new in.
Spammers “design sophisticated strategies to bypass the current filters, over and over again, in what may consider an endless fight between spammers and organizations and researchers,” said Jáñez-Martino.
A Google spokesperson told the Daily Dot: “Gmail blocks more than 99.9% of spam, phishing, and malware from ever reaching users’ inboxes. To protect users at scale, we rely on machine learning powered by user feedback to catch spam and help us identify patterns in large data sets—making it easier to adapt quickly to ever-changing spam tactics.”
The company declined to answer direct questions on whether something has changed in the way that Gmail’s spam system works, as well as what Google intends to do about the problem.
Woodward points out that it’s all well and good for Google to claim 99.9% efficiency in blocking spam, but that doesn’t mean anything to end users. “Of course, if the overall volume increases, you will still see that tiny fraction grow in absolute numbers,” he said.
So until things change, be wary of those emails you’re getting that promise a free Yeti cooler—and make sure to keep clicking “Report spam” if you do open them.