Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: 6-char Gmail account flooded by "legit" bot signup spam. Can I retake control?
12 points by kalvin on April 19, 2009 | hide | past | favorite | 17 comments
My first Ask HN! I've had this issue forever and I'm hoping someone here will have a brilliant solution. I created my Gmail account the day Gmail went into public beta, and I was never able to use it once. It's a short name; spam bots started submitting it into every signup form around, so I got/get about 100 "legitimate" emails a day (not including spam which is mostly caught by Gmail.) How can I get myself off the 50,000 or so mailing lists I'm on and make my address usable again? I'd like to bounce all messages for six months, then set up a whitelist afterward. Don't think I can bounce on Gmail, though. Other thoughts?


Why your 6-char account on a free email service is so important? Get another account and stop thinking (and asking) about this.


Seriously.

Just get yourself a domain, and set it up on Google Apps for your Domain. Result? You now have infinite email addresses.

So, if you're bob@yourdomain.com, you can create a catch-all so that anything@yourdomain.com comes to you. This is actually the most effective spam-fighting mechanism I've found yet.

The trick is to then sign up to things as bob.thing@yourdomain.com. For example, you might sign up to HN as bob.hackernews@yourdomain.com. Then, if you ever get a spam to that email address, you know exactly where it came from. Moreover, if one of those addresses gets sold off to some dodgy email resellers and flooded with semi-legitimate spam that just seems to get through GMail's filters (e.g. if you ever buy a ticket from the scummy spam-loving bastards at TicketMaster), you can just block that specific address while keeping everything else functional.


Even better - because GMail recognises aliases, you can do "bob+siteisignedupto@mydomain.com", which means you can PINPOINT the exact site the spam comes from, and rat them out. This is without creating extra email addresses or wildcards/catchalls. It just works out of the box with your regular "bob@mydomain.com".


Except that with catchall address, you will inevitably be a collateral from spammers using your domain for fake FROM headers. You'll get a lot of people have auto-away messages, spam reply notifications, and "message undeliverable" responses from mail servers in your inbox. And since all of that is legitimate traffic, you can't train Bayesian filter over it.

Been there done that :)


My strategy is to use a catch-all and filters (with Google Apps). I have my catch-all for the domain go to an address like spam@<mydomain>, and then within that account have a filter set up such that all email with a destination that includes my code gets forwarded to my real address.

For example, I sign up to HN with the email address hn.rfg@<mydomain>. This gets forwarded to my real address because it's got the rfg string in it. If I start to get spam on that account, I can add a filter for hn.rfg on either my real or spam@<domain> account, depending on which is more convenient, and I know where it came from.

Blanket spam to <mydomain> rarely comes through to my email, since the to is unlikely to include the rfg string, and will probably get picked up by the spam filter on the spam@<mydomain> account. Backscatter spam with faked from headers rarely gets to my real account, since the faked address is unlikely to include the rfg string.


You're right. That's why I've let it sit for five years. But I thought it might be solvable, so I asked.

I'm sure you guessed what those six characters were-- it's partly a vanity thing, obviously. :)


I have a 6-char Gmail account that's also an English dictionary word, which was made the day Gmail launched as invite-only. It gets a TON of spam, but I never notice it. The spam filter is well-trained. If you don't use any of the mailing lists you're on, one thing you can do is filter by the word "unsubscribe" or the phrase "remove yourself" :)


The problem of this guy, it's not spam. It's legitic sign in and welcome emails from reliable sources. :-(


Honestly, don't over think it. Just start marking every single email you know is spam as spam. Occasionally check the spam box and un-spam anything legit. The filters on gmail are really, really good and they learn quickly what to filter and what not. Don't do anything weird or complicated, just hit the spam button.


There must be a pattern to filter (typical words in 'welcome to XYZ' and 'Sign in XYZ' emails) all those emails and delete them as they hit the inbox.


Try activating the IMAP/POP settings on gmail, then suck in your gmail emails into a desktop client that supports bouncing to spam accounts, c.f. http://www.raymond.cc/blog/archives/2008/10/23/bounce-email-...


Your best bet is to use Gmail's filtering feature for stuff you know is spam for sure. Make sure to make the filter mark it as spam.


I don't think you can do much except use filters + aggressive labelling as spam for a while. Hopefully after a while when you've got down the filters to an art form, unwanted things should stop hitting your inbox.


Gmail allows you to connect via IMAP and send via POP3; setup a postfix server and filter the crap out of it.


How is Postfix going to help? IMAP and POP3 are mailbox access protocols, not for sending mail (SMTP is for that). I also seriously doubt you could set something up with Postfix that's better than Google's spam filtering solution.


Create a whitelist using gmail's filters.


haha, I can relate, I got a 2-char hotmail address! The amount of spam on that is ridiculous but I still use it. Obviously not my primary anymore.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: