Google has introduced a major security upgrade to Gmail’s spam filters, addressing the challenge of “adversarial text manipulations.” These manipulations involve emails filled with special characters, emojis, typos, and obscure characters, making them difficult for traditional spam filters to decipher. Google’s solution is RETVec (Resilient & Efficient Text Vectorizer), a new text classification system.
Through an official blog, Google has said that starting in 2024, they will require bulk senders to authenticate their emails, allow for easy unsubscription and stay under a reported spam threshold. In a recently launched update, Gmail’s AI-powered defenses stop more than 99.9% of spam, phishing and malware from reaching inboxes and block nearly 15 billion unwanted emails every day. But now, nearly 20 years after Gmail launched, the threats we face are more complex and pressing than ever.
In the past, emails employing homoglyphs—characters resembling those in the Latin alphabet but with different meanings—often bypassed Gmail’s defences. The complexity of these manipulations, such as bolding using Unicode glyphs and subtle substitutions like “CONGRATULATIONS,” posed a significant challenge to spam filters. Google’s RETVec is designed to tackle these issues, being resilient against various character-level manipulations, including insertion, deletion, typos, homoglyphs, LEET substitution, and more.
RETVec works on top of a novel character encoder that efficiently encodes all UTF-8 characters and words, allowing it to function across more than 100 languages without the need for a fixed vocabulary size or lookup table. Google emphasises the efficiency of RETVec, with only 200,000 parameters compared to alternative approaches that require millions, making it resource-friendly and deployable even on local devices.
By February 2024, Gmail will start to require that bulk senders: According to Google Official Release
Authenticate their email: You shouldn’t need to worry about the intricacies of email security standards, but you should be able to confidently rely on an email’s source. So we’re requiring those who send significant volumes to strongly authenticate their emails following well-established best practices. Ultimately, this will close loopholes exploited by attackers that threaten everyone who uses email.
Enable easy unsubscription: You shouldn’t have to jump through hoops to stop receiving unwanted messages from a particular email sender. It should take one click. So we’re requiring that large senders give Gmail recipients the ability to unsubscribe from commercial email in one click, and that they process unsubscription requests within two days. We’ve built these requirements on open standards so that once senders implement them, everyone who uses email benefits.
Ensure they’re sending wanted email: Nobody likes spam, and Gmail already includes many tools that keep unwanted messages out of your inbox. To add yet another protection, moving forward, we’ll enforce a clear spam rate threshold that senders must stay under to ensure Gmail recipients aren’t bombarded with unwanted messages. This is an industry first, and as a result, you should see even less spam in your inbox.
Functioning akin to human visual comprehension, RETVec leverages TensorFlow’s machine learning to identify words based on visual similarities rather than individual character content. This approach mimics human reading, leading to significant improvements in spam detection rates and false-positive reduction within Gmail.
Google’s testing internally over the past year has shown promising results. By replacing Gmail’s previous text vectorizer with RETVec, Google achieved a 38% improvement in the spam detection rate and a 19.4% reduction in false positives. Additionally, RETVec reduced the model’s TPU (Tensor Processing Unit) usage by an impressive 83%. What is OpenAI GPT Store: Release Date and How to Access?
Google has already rolled out RETVec to Gmail accounts, aiming to enhance spam detection and reduce false positives. The open-source nature of RETVec suggests potential applications beyond Gmail, with Google envisioning its use in various platforms to combat homoglyph attacks. The deployment of RETVec is hailed as one of the most substantial defence upgrades in recent years, showcasing the continuous efforts to enhance user security in the ever-evolving landscape of email threats.