Scammers can exploit the fact that
ဝ,
૦, and
ο look nearly identical to the letter
o, and by mixing and matching them, they can hoodwink unsuspecting victims.* Can you imagine the risk of clicking “Sh
ဝppingSite” vs. “ShoppingSite” or “MyBank” vs. “MyB
ɑnk”?
To stay one step ahead of spammers, the Unicode community has identified suspicious combinations of letters that could be misleading, and Gmail will now begin rejecting email with such combinations. We’re using an open standard—the
Unicode Consortium’s “Highly Restricted” specification—which we believe strikes a healthy balance between legitimate uses of these new domains and those likely to be abused.
We’re rolling out the
changes today, and hope that others across the industry will follow suit. Together, we can help ensure that international domains continue to flourish, allowing both users and businesses to have a
tête-à-tête in the language of their choosing.
Posted by Mark Risher, Spam & Abuse Team
*For those playing at home, that's a Myanmar letter Wa (U+101D), a Gujarati digit zero (U+AE6) and a Greek small letter omicron (U+03BF), followed by the ASCII letter 'o'.
2 則留言 :
I did several tests on google apps using complete idn.idn domain and found several findings that are bugs and doesn't work as expected.
Where can i share/post these tests results to be resolved by GApps team?
So essentially Gmail will reject an email copy of this very post?
Good thing you didn't update Blogger/Blogspot with the same "feature" too, right?
You're ejecting security discussions about Unicode.
You're rejecting a lot of mathematical equations.
And you're also rejecting numerous other perfectly valid uses like the HλLF-LIFE example shown in the Unicode Consortium's page you linked to.
"cool looking" combinations are sometimes used just for that.
張貼留言