Protecting users from look-alike accounts
Gmail recently started accepting mail (and calendar invitations) with non-Latin characters. A lot of fraudulent emails use non-Latin characters as a way to fool users. Google is on top of these security issues, however, and is now throwing away some mail with non-Latin characters.
the Unicode community has identified suspicious combinations of letters that could be misleading, and Gmail will now begin rejecting email with such combinations. We’re using an open standard—the Unicode Consortium’s “Highly Restricted” specification—which we believe strikes a healthy balance between legitimate uses of these new domains and those likely to be abused.
The “Highly Restricted” specification says
- All characters in each identifier must be from a single script, or from the combinations:
- Latin + Han + Hiragana + Katakana;
- Latin + Han + Bopomofo; or
- Latin + Han + Hangul
- No characters in the identifier can be outside of the Identifier Profile