Date: 2004-11-05 15:26:00
Tags: email, spam
gmail thinks I'm a spammer

I've been using gmail for a while now. I have set up procmail rules that forward all my email to my gmail account for easier reading (I like the way gmail lets me read mailing lists and such). What I've noticed for a while now, is that whenever I make a post to a mailing list, my own message ends up in my gmail Spam folder. Every time this happens, I mark it as "Not spam" and move it back out. It doesn't help. I tried some test messages today to my gmail account and other gmail accounts, and each time my email was marked as spam.

Unfortunately, gmail does not provide a way for me to determine why a given message is marked as spam. But I have my own theory...

Recent generations of email worms (such as Netsky and Bagle) send worm messages using email addresses found on the infected computer. These email engines scan through the computer's hard drive looking for various types of files that contain email addresses, and send email worm messages using those addresses in the To and From field. I get a lot of these messages, usually about a thousand per day (slightly less on weekends). Assuming the worms randomly select addresses, I can assume that at least an equivalent number of worm messages are also sent "From" my email address.

The next question is why does my email address appear on so many computers around the world? I believe the answer lies with VNC. Many years ago I contributed some code to the VNC project, and the VNC authors acknowledged my contribution by including my email address in the VNC "history.txt" file. Since VNC is a very popular program, my email address appears in a .txt file on an unknown number of computers on the Internet, where it can be easily picked up and used by email worms.

I have done some analysis of email worm messages I receive, and a significant number of them (around 20%, I don't remember the exact number) have addresses in the From field that also come from VNC-related files. This lends support to my theory.

Connecting the dots, it seems that gmail's systemwide spam filter has identified <greg@hewgill.com> as a sender whose messages should always be marked as spam. It's quite disappointing for me to reach this conclusion.

I have submitted a problem report to gmail, asking whether they can shed any light on this issue. The ideal solution would be to remove my name from their global address filter list, and instead let the filtering happen by content (gmail rejects worm-infected email). The worst case solution is they ignore the problem or just tell me to change my email address (which I don't consider an acceptable solution).

Another disheartening implication here is that other email providers, large or small, might also automatically consider my email messages spam for the same reasons. This would not make me very happy.

[info]cowbert
2004-11-08T23:27:44Z
haha you are blacklisted!
[info]ghewgill
2004-11-09T03:44:59Z
I fail to see the humour in this.
[info]joee92 : possible fixes
2009-08-24T21:50:05Z
Have you checked out these articles?

http://mail.google.com/support/bin/answer.py?hl=en&answer=9008
http://mail.google.com/support/bin/answer.py?answer=10514
http://mail.google.com/support/bin/answer.py?answer=6579

I had a similar problem -- or rather a friend who uses my server did. I believe our problem was exacerbated by the fact that my server was accepting mail with itself as the "sender" (this is postfix's default configuration). So spammers sent lots of email from me@example.com to myfriend@example.com and "relayed" it through my server.

Anyway, I added postfix's check_sender_access restriction and then we used the "filter" trick, above. Works OK and, since nobody else received lots of spam through this server, hopefully I won't have to convince ALL my friends with gmail accounts to make a filter just for me.
Greg Hewgill <greg@hewgill.com>