Gmail Gets Tough on Non-letter Characters to Fight Spam
Certain identified combinations of Unicode characters in emails will now be rejected by Google's Gmail in an effort to continue to reduce spam messages to recipients.Google's Gmail service is now watching for inappropriate Unicode characters in emails so that the messages can be diverted and rejected, instead of passing them on to unknowing recipients. The extra layer of email anti-spam protection is being done to fight continuing and often escalating efforts by scammers who try to trick recipients into clicking on links and messages that appear to be normal but instead use characters that are slightly different from the normal alphabet, wrote Mark Risher of the Gmail spam and abuse team, in an Aug. 12 post on the Google Online Security Blog. Under the new initiative, Google will "now block emails that use deceptive Unicode characters in effort to continue to reduce spam dangers in email," wrote Risher. "We also want to ensure [that email users] aren't abused by spammers or scammers trying to send misleading or harmful messages." The problem shows up often when spammers exploit the use of certain Unicode characters that, for example, look nearly identical to the letter "O." By mixing and matching such characters with normal letters from the English alphabet, "they can hoodwink unsuspecting victims" and send them to the wrong site, he explained.
Such combinations of traditional and Unicode letters have previously been identified by the Unicode community to help anti-spam experts work to keep their systems and users one step ahead of spammers, wrote Risher. The Unicode community "has identified suspicious combinations of letters that could be misleading, and Gmail will now begin rejecting email with such combinations," he wrote. "We're using an open standard—the Unicode Consortium's 'Highly Restricted' specification—which we believe strikes a healthy balance between legitimate uses of these new domains and those likely to be abused."