Categories
Uncategorized

Gmail Spam? This Default Google Setting May Be Why

I feel very good right now. I feel lighter. This post is written with the hope I may help some others feel the same.

Clearing Junk Mail had Become Part of an Unconscious Daily Routine

For years now, I have been receiving incredibly annoying spam e-mails at my primary Gmail address. Increasing amounts of blatantly obvious spam subject lines littering my junk folder would leave me wondering if it might just be the cost using an email address over time. Purging it daily became mind-numbing ritual. It takes a few seconds each day and it goes like this:

  1. Notice a non-zero amount of mail in the Gmail spam folder
  2. Eyeball it to ensure there’s no legitimate e-mail there (an unfortunately necessary step as 1/1000 spam mail happens to be valuable)
  3. Move the rare legitimate mails to my Inbox
  4. Clear the rest to bring that spam counter back to zero

Robotically executing this routine this morning, I began to wonder, “had I clicked an unsubscribe link or something with a malicious action”? Much of the spam have subjects rife with emojis, non-standard character sets, and typical spammy terms like “Viagra”, “male enhancement” or “get rich”. I decided to click a few and examine the headers and noticed a pattern: none of these were actually addressed to me!

Here’s an example of a typical subject line for one of these spam e-mails:

💲-$-FIVE HUNDRED CHIP$💲-📩ᴘᴀʏᴏᴜᴛ-ᴠᴇʀɪғɪᴄᴀᴛɪᴏɴ 💰 𝟻.𝟶𝟶𝟶$ ᴡᴀɪᴛɪɴɢ ʏᴏᴜ🔥 OPEN-IMMEDIATELY⭐️! N°:TU9FYWCWZ

Perpetrator Revealed! 😱

Naturally, I wondered why I was receiving these mails if my e-mail wasn’t in any of the recipient mail headers. I noticed that much of the spam was addressed to specific groups that were common targets for many of them. Strangely, I couldn’t recognize any of them! I took to Googling and managed to identify them to be Google Groups. I started to feel like a noob! With over a decade of web development experience, taking all the usual precautions one ought to take online is second-nature to me. Had I inadvertently signed up for one of these spammy groups? Shame!

Check Your Google Groups Now!

As it turns out, I didn’t exactly do anything wrong. No. To my surprise, what led me to this situation was actually a lack of action! I suggest you check out Google Groups. It was on this page that I noticed I was in a whopping 12 different groups I can’t even recognize! I strongly encourage you to go check it out and see if you’re in any yourself. If you discover any, please let me know in the comments! I’d love to know how many people were in Groups without even knowing it.

Example of 1 of the 12 groups I had apparently been part of. Purge ’em all!!!

Digging deeper, I discovered that the default setting for Google Groups allows people to add you to groups without even needing your approval! People can add you to groups, spam the groups and you’ll get the spam. Fortunately, there’s an action you can take to stop this. Google Group settings allow you to toggle off the ability for Group admins to add you without permission. I encourage you to take this action now to protect yourself moving forward.

Why would Google make this a default? I’m changing it immediately and believe it should be an opt-in, not an opt-out

I hope this helps someone out there. I’m surprised how good it felt to leave these groups I never wanted to be part of and to protect myself against being added to more.