Download our in-depth report: The Ultimate Guide to IT Security Vendors
UPDATED: An examination of spam originating from the major free e-mail providers shows that like consumers, spammers prefer Google.
In a three-week period from mid-June to this month, e-mail filtering firm Roaring Penguin said it saw an explosion of spam originating from Gmail, while Microsoft Hotmail and Yahoo Mail remained flat.
The company attributes this meteoric rise in Gmail spam to the cracking of Google's CAPTCHA. A CAPTCHA (define) is a test, typically used in Web site registration, that is designed to tell humans apart from programs designed to hack or automate registrations. It consists of a word displayed in such a way that it's difficult for a computer to read, but not a human. A user would be able to successfully enter the word into an input box to gain entry.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iIn Gmail's case, the CAPTCHA was designed to prevent automated programs from signing up for thousands of e-mail accounts. But according to David Skoll, CEO and CTO of Roaring Penguin, spammers developed an optical character recognition scanner smart enough to read the Google CAPTCHA, and programming to enter in the information to make e-mail addresses on Gmail for spamming.
Earlier this year, company spokespeople told InternetNews.com in an e-mail that the online search leader was aware of efforts to defeat its CAPTCHA and that it disables the accounts of spammers on its service.
When asked for comment on the Roaring Penguin findings, a Google spokesperson issued the following statement: "We expect spammers to use every means possible to try to send spam. That's why we have a robust spam-fighting effort at Google. We disable these accounts immediately and will continue to do so."
If Google (NASDAQ: GOOG) responds by changing its CAPTCHA, Skoll figures the spammers will simply break it again.
"Spammers have an economic incentive to keep spamming, so they have an economic incentive to keep breaking Google's CAPTCHAs," he told InternetNews.com. "Even if Google came up with something extremely difficult to crack, spammers can get around that."
During the period from June 13 to July 3, spam from Google grew from 6.8 percent to 27 percent of all outbound e-mail detected by Roaring Penguin. At the same time, spam from Yahoo and Microsoft rose between 2 percent to 4 percent, the company found.
Spammers are also now taking advantage of Google's reputation. While most spam comes from botnet-infected (define) computers, those sources are easier to block based on their IP addresses. But if it comes from Gmail, an e-mail gateway's spam filters are for more likely to let the mail through, Skoll said.
"They could block it if the same IP is making accounts, but it's like an arms race," he said. "For every measure Google can take, there's a countermeasure the spammer can take. You can't really stop it -- you can slow it down a bit."
Skoll added that Google needs to start getting a little tougher and looking more closely at its signup process and outgoing mail.