Lessons Learned While Protecting Gmail

Tuesday, January 26, 2016 - 9:30am10:00am

Elie Bursztein, Anti-spam and Abuse Research Lead @Google


In this talk we summarize the main (hard) lessons learned while defending Gmail users against a plethora of threats that include network attacks, spam, phishing, malware, and web based attacks. After summarizing Gmail defenses overall architecture, we delve into the detail of our spam and phishing detection systems and how we leverage email authentication technologies. Next we discuss the challenge of building malware scanners at scale and how to deal with malicious documents not detected by traditional AV. We then discuss how we secure the network communication and what are the limitations of current STARTTLS implementation. Finally we showcase the techniques and tools that we found effective to harden our web front end against web attacks and malicious content. We illustrate each of those components with key statistics and examples of attacks that we had to curb.

Elie Bursztein, Anti-spam and Abuse Research Lead @Google

Elie Bursztein leads Google's anti-abuse research, which invents ways to protect users against cyber-criminal activities and Internet threats. Elie helped redesign Google's CAPTCHA to make it easier, and made Chrome on Android safer and faster by implementing better cryptography. Recently he got the best paper award for his research on Secret Questions at WWW 2015 and malicious Ads injectors at S&P 2015. Elie was born in Paris, France, wears berets, and now lives with his wife in Mountain View, California.

@conference {206255,
author = {Elie Bursztein},
title = {Lessons Learned While Protecting Gmail},
year = {2016},
address = {San Francisco, CA},
publisher = {{USENIX} Association},