41 comments

[ 57.0 ms ] story [ 1098 ms ] thread
Whatever, I never get spam with Gmail.
How do you know Gmail doesn't misclassify valid mail as spam? This is what terrifies me about the thought of using a spam filter: false positives.
GMail's filter is actually incredibly accurate, and if you periodically scan your spam for anything that shouldn't be in there, you've really got nothing to worry about.

I've only found three or four false positives in the five and a half years I've been with GMail.

When I used spam filtering I was receiving perhaps ten spams for every valid mail. This made it very difficult to scan my filtered mail. There was just so much of it.
When using Gmail I have a bunch of filters that make it easier to read through my spam mail.

For instance: IF X email is in the spam folder AND contains any of the words (Cialis, Viagra, Rolex, etc...) -> Move it immediately to the trash.

This cuts down the number of emails that stay in my spam folder by a huge margin, and makes it much easier to check for false positives.

That being said, I no longer even bother checking. I've been with Gmail for 5 years and I've never had a false positive.

so if someone includes the word 'specialist' in an email to you, you would never see it. spe cialis t
After college I worked as a network administrator for a doctors office that dealt with pain medications. We constantly had problems with work mail going to the spam folder when it actually concerned drugs like Vicodin.
The salient point here is the email have to already be in the spam box. If Gmail already thinks it's spam AND it contains any of the keywords, then it gets trashed.

That being said, you still have a point.

If you've reviewed the spam folder so closely you're certain you have no false positives, it may not be saving you any time. If you give it a more cursory review, then your claim is really, "I've never noticed a false positive."
I've seen one false positive since I started using Gmail in 2005. It was an important email, but I'm far from terrified.
(comment deleted)
I don't know, but I don't sweat it either. Anyone who is sending me super-important email has other ways of contacting me if they don't get a response. And in the case that they dont, a missed email still isn't the end of the world.
If you rely on business leads where the sender is also contacting competitors, those "others ways" won't always matter and you'll just miss the job. That's my concern.

That said, I openly list my email address online (and have with the same address for 12+ years) and have really average filtering that leaves me deleting spam that slips through and chasing down false positives.

For about 1 year I checked my spam folder. After never seeing a false positive, and only 1 or 2 spam in my inbox, I stopped checking.

aside: for poor man's obfuscation (like in my HN profile) I do jhl805atgmaildotcom ... my belief is that this is hard to extract automatically.

If the regexp:

  ([^\s]+)\s*[Aa][Tt] *([^\s]+)\s*[Dd][Oo][Tt]\s*[Cc][Oo][Mm]
matches text in an exemplar, it's worth checking out as a possible email address (assuming one is a low-down, good-for-nothing spammer)

Yours is no harder to pull out automatically than the examples in the original article, and the above regexp took me under 2 minutes to write and verify. It's not your "obfuscation" that's saving you, it's gmail's spam filtering.

My take on this: the benefit of filtering spam largely outweighs the downside of false positives (which, as far as I know, never happened to me and if it did, it probably wasn't that bad since I didn't notice). If someone really needs to contact me, the said person can message me on my various social profiles or simply call me.
I don't use gmail for anything that can't be missed. I periodically run a search in my work mail Spam folder for my first name - anything addressed to me will have Jacob in it, but the spam can't work it out from the address (jaldridge@).

Found one false positive in the last six months, and even that was a mailing list so didn't matter.

(comment deleted)
Me neither! One of the points I try to make at the end of post though is since gmail seems to stop all spam anyway, lets all just start using a nice readable email address on the internet.
Sure you do, it just gets filtered into the spam folder.
A basic search also returns things like "XYZ(AT)gmail(DOT)com", "XYZ[at]gmail[dot]com" and xyz.at.gmail.dot.com . It returns everything, no matter how clever you think you are. And it's not that hard to write a regexp that replace this all into your actual email...
My gmail address is not fark.sam, but if it was you could still figure it out. Getting a regex to do that correctly would be a pain. As would replace the v with a n in avother@gmail address. Still my gmail account was getting spam before I started to use it. So I think simple spray and pray approaches will catch most people.
My experience shows that simple bots looking for mailto: links still work just fine. I doubt many spammers are going to go through the trouble of decoding even simple obfuscation.

There used to be a website where a guy actually tried different methods for posting an email address on the web and then measured the number of junk messages at each address. Wish I could remember where I saw it.

cache:

http://74.125.153.132/search?hl=en&q=cache:http://varenh...

tl;dr: you can search 'AT gmail DOT com' on google

I think this technique has been doing by spammers for decades.

The best way to prevent email harvest bots is to use DOM+JS, something like

    <span id='my_span' my_chars='onix'>elec</span>tr
    <script id='my_script' language='javascript'>document.write(document.getElementById("my_script").parentNode.firstChild.getAttribute('my_chars')+String.fromCharCode(0x74, 0141, 115-1))</script>
    @gmail.com
The trouble with these and some other solutions (like use of imgs), is that they aren't an option on something like linkedin.com or a forum where users can only post text!
1. use a special account for special sites

2. use id+mask@gmail.com or anything that can filter

3. something like this myemail_REMOVE_UNDERSCORE_AND_CAPITALIZED_TRAILING@gmail.com

Post a link to your own webpage where you can obfuscate the address?
Why is this news?!

Follow Postel's law and simply apply (ever cheaper) horsepower to filtering on the back-end + gray-listing & white-listing. This IS NOT rocket science people.

If one can write a regular expression to parse the "obfuscated" content, it's just one more rule in a markov validation chain in a data mining script.

"...Same as it ever was..."--The Talking Heads

but it signifies that I am competent enough to not reply to spams
On my about page, I simply display my email address as an image instead of text. http://techiferous.com/about/

This does have significant disadvantages, the worst being that users cannot cut and paste the address.

I like to say James2456 of Gmail it's the avant garde thing to do
I like that. I've been using "my.username at gmail" ... fairly close but I might switch to "of". As a bonus it might filter out humans you'd rather not converse with as well.
I haven't heard of any email harvesters getting around my Email Icon Generator (yes, it is the original!). Just enter your email and it gives you an image of your email address to link to.

http://services.nexodyne.com/email/

Nice tool, although embedding images isn't always an option. Thanks for sharing.