Last week, Google announced that it started recognizing non-Latin characters in email addresses, opening up the ability for users to send and receive emails in more languages. By doing this, however, they were potentially opening the door to more spam slipping through the cracks courtesy of bad actors using sneak character combinations.
Google isn’t letting this happen though. The company announced in a blog post that they have taken measures to prevent this type of thing. Mark Risher of the Spam & Abuse Team writes:
Scammers can exploit the fact that ဝ, ૦, and ο look nearly identical to the letter o, and by mixing and matching them, they can hoodwink unsuspecting victims. Can you imagine the risk of clicking “ShဝppingSite” vs. “ShoppingSite” or “MyBank” vs. “MyBɑnk”?
To stay one step ahead of spammers, the Unicode community has identified suspicious combinations of letters that could be misleading, and Gmail will now begin rejecting email with such combinations. We’re using an open standard—the Unicode Consortium’s “Highly Restricted” designation—which we believe strikes a healthy balance between legitimate uses of these new domains and those likely to be abused.
These changes began rolling out on Tuesday. Google says it hopes others in the industry will “follow suit”.