Posted by Mark Risher, Spam & Abuse Team
Editor's note: Businesses rely on email to communicate, and on Google to ensure that their email communication is secure. Today, we’re adding to our spam filtering support in Gmail to handle duplicitous “Unicode Homoglyphs.” This release strengthens our ongoing commitment to keeping our customers safe and protected from scams, phishing attacks and spammers.
Last week
we announced support for non-Latin characters in Gmail — think δοκιμή.com and 测试@example.net and みんな — as a first step towards more global email. We’re really excited about these new capabilities. We also want to ensure they aren't abused by spammers or scammers trying to send misleading or harmful messages.
Scammers can exploit the fact that
ဝ,
૦, and
ο look nearly identical to the letter
o, and by mixing and matching them, they can hoodwink unsuspecting victims. Can you imagine the risk of clicking “Sh
ဝppingSite” vs. “ShoppingSite” or “MyBank” vs. “MyB
ɑnk”?
To stay one step ahead of spammers, the Unicode community has identified suspicious combinations of letters that could be misleading, and
Gmail will now begin rejecting email with such combinations. We're using an open standard—the
Unicode Consortium's “Highly Restricted” designation—which we believe strikes a healthy balance between legitimate uses of these new domains and those likely to be abused.
We’re rolling out the
changes today, and hope that others across the industry will follow suit. Together, we can help ensure that international domains continue to flourish, allowing both users and businesses to have a tête-à-tête in the language of their choosing.