I’ve been getting a lot of spam in my Gmail inbox lately. I know for sure that someone reverse engineered Gmail’s spam detection algorithm as I’ve been getting these spam emails consistently since a while now. Not only they managed to beat their spam detection, they’ve even successfully managed to force Gmail to mark the spammy email as Important.
Let me explain. Take for instance, the following email that I received from Destiny Mastercard®
If you’re into tech and pay close attention to this email, there’re at least 42 things that scream out that this is a spam email.
#1: Jim Destiny is waiting…
Sure, Destiny is my stripper name, but, Jim? Nope, not me.
#40: It’s from a bank and it’s unencrypted. This ain’t 2005. Look at the red broken lock icon.
#41: It’s routed through a domain called storycomparison.com. It seems like it has nothing to do with the brand whatsoever. Sure, you can have domain names specifically meant to be used for routing emails, but this just seems highly unrelated.
#42 Last but not the least, check out the bottom part of the email –
Okay, since I just posted the screenshot, you won’t be able to tell, but the part that says “click here to unsubscribe” is actually an image itself. I extracted the original link to the image and it’s stored on S3. I would’ve shared the original link, but I didn’t want my blog to seem/look spammy. So, here’s another screenshot of the image.
Gmail let this spam through to my inbox. This seems like it was sent to a mass mailing list and yet, Gmail missed it. My email was likely included in the BCC. They didn’t include the “unsubscribe” link either. Sure, this was a mass mail and wasn’t technically a marketing email and that’s why Gmail didn’t care. But! It marked it as an important email.
I was having a slow Saturday and the weather has been gloomy. So, naturally, I opened the headers of the email and inspected them along with the source of the email. Of course, the headers all seemed spammy as expected. The email was send out from some random Greece based domain name that wasn’t even real (I ran a WHOIS lookup). But, this was the part that intrigued me from the email source.
IDK why folks who create spam content do this. Is it some sort of a secret signature or are they deliberately trying to be stupid? Now, I’m not saying or suggesting that they should, but what if these idiots used ChatGPT or pretty much any other AI based overlords to generate content that doesn’t look spammy? How would Gmail deal with that? Imagine using AI to beat AI. Hell, if Gmail’s spam detection fails (given that it did for a spammy looking email), would we, average computer geeks, be able to look at an email in the eye and tell that it’s spam? Would you? Could you?! What if they come up with something called SpamGPT™? I’m tellin’ ya, the possibilities are endless.
F’reals though, what is up with these spam emails getting into my inbox. It’s slightly annoying.
