Insight into Gmail filtering

Last week I posted a link to an article discussing how Gmail builds defenses to protect their users from malicious mail. One of the things I found very interesting in that article was the discussion about how Gmail deploys many changes at once, to prevent people from figuring out what the change was.

Let’s take a look at what Gmail said.

Make it hard for attackers to understand your defenses – Use overwhelming force and deploy many countermeasures at once

This is probably the most subtle of the lessons. Attackers constantly probe systems to find loopholes. For example, at some point one of Gmail’s spammers became very astute at finding bugs in our parsers and started to find very subtle bugs he could exploit. For example, he realized he could use the @ ambiguity (it is used in email addresses and in http links) to confuse our parsers and for a brief period of time he successfully evaded detection. This is why it is very important to make probing more difficult for attackers by rolling out multiple changes. That way they are overwhelmed by the number of things to test and can’t easily figure out what changed.

Bottom line: When rolling out change in your defenses, don’t rush (too much) and release multiple changes at once.

I cannot tell you the number of people who have approached me – in person at conferences, on twitter, through email, on LinkedIn – asking if I knew, “What gmail changed this week.” Now, at least, I have an answer. “Gmail changes a lot of things at once in order to stop people from figuring out the filters.”

I’ll be honest, I stopped trying to probe Gmail’s filters to identify ways around them a couple years ago. They are just too hard to evaluate. Sure, I can identify certain things to change that will get email into the inbox, briefly. But unless the underlying issues were fixed, the filters catch up and the mail will go back to the bulk folder. Sometimes it takes the filters days to catch up, sometimes it can take hours.

In any case, probing the filters to see what they’re doing is a very short term, limited fix to Gmail problems.

What I’ve focused on, with my clients, is getting the filters to work for them. We know that modern filters don’t treat all mail from a single company, IP or domain equally. Instead they make delivery decisions for each individual recipient of that mail. Those of you who have seen some of my talks may have seen this image before.


Things like IP reputation, domain reputation, content reputation and link reputation all contribute to the reputation of an email. If the reputation is very bad, the mail is bounced and no body receives it. But if the mail isn’t bounced, then they go through the individual recipient preferences. It is the combination of individual preferences and email reputation that determine where the mail ends up for each recipient. Different recipients may get mail differently.

This is why engagement is so important in email. Sending to people who want to receive the mail improves overall inbox delivery. If most of your recipients want your mail than chances are if you mail someone new, they’ll want your mail, too.

Gmail has a goal with their email delivery. You can make filters work for you by sending mail that users want and engage with. If you’re having problems with Gmail delivery focus on the recipients and making them happy. Don’t waste time trying to troubleshoot a filter change. Gmail isn’t going to make it easy for you.




  1. Email Marketing Reading List #009 - says

    […] Insight into Gmail filtering […]

  2. What Makes an Email Message Transactional or Promotional? says

    […] experts","Page":"What Makes an Email Message Transactional or Promotional?"}]); and delivery experts_kmq.push(["trackClickOnOutboundLink","link_572a1488b80ed","Article link clicked",{"Title":"delivery […]

  3. What Makes an Email Message Transactional or Promotional? | SendGrid says

    […] experts","Page":"What Makes an Email Message Transactional or Promotional?"}]);and delivery experts_kmq.push(["trackClickOnOutboundLink","link_572b941e1d7a8","Article link clicked",{"Title":"delivery […]


Your email address will not be published. Required fields are marked *

  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments

  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment

  • Indictments in Yahoo data breach

    Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo's servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals. Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.No Comments