Susceptible Services

an experiment with the wrong parameters

OK, this guy has an interesting experiment going on (and yesterday he succeeded). He has a gmail account, and he wants to test the spam filters. He has asked everyone to sign up his email account for spam, to any mailing lists, and to advertise it on many webpages in an effort to collect as much spam as he can, and to see if he can fill it with spam, and how long that will take.

From his May 25th posting:

I’m beginning to think that a vulnerability to email floodings is going to be Google’s biggest weakness when it comes to email. 999 messages could do a lot of damage to someone’s email account, especially if they all contained attachments (the messages I received did not). What is Google doing to protect its Gmail users from mail bombs? I’m not sure, and they’re not likely to tell us due to security concerns. It may block some such attacks behind the scenes and we are not even aware of it. However, I would argue that this is one area where Gmail must have 100% accuracy if it is going to remain a viable service.

Now, I like his experiment, and I am sure many people are interested in the results, but you know what? Everyone is susceptible to mail bombs. Hotmail, yahoo,, etc are all susceptible to them. My domain is too. How should software determine what is a mailbomb, and what is not? 10 emails in an hour? 100? All the email with the same sujbect? I think it would be difficult to build a spam filter to detect a mailbomb. Build a filter, and the senders will get smarter. Some people have already proven that it is possible to defeat Bayesian filters, and they were supposed to be the spam saviour.

I think Gmail is only mildly interesting, and I don’t necessarily want an email address with them. Why do I want my 1 GB of email on someone else’s servers? The answer is I don’t. I don’t trust any of these “free” services with anything that I consider mission critical. That is what my personal computer is for.

The trickle down effect is interesting too. I have heard rumblings that some of the free email services will be upping their mailbox limits. All this because GMail exists (but isn’t even publicly available yet).