The latest Google security blog post provides a detailed overview of a new upgrade to the Gmail spam filter, which Google calls "one of the biggest defense upgrades in recent years." This upgrade incorporates a new text classification system called RETVec (Resilient & Efficient Text Vectorizer). According to Google, this system helps understand "adversarial text manipulation" - emails filled with special characters, emojis, spelling errors, and other messy characters that humans can read but machines struggle to understand. Previously, spam emails filled with special characters easily bypassed Gmail's defenses.

These emails are difficult to classify because while any spam filter could easily intercept an email claiming "Congratulations! Your bonus account has a balance of $1,000," the actual content of the email doesn't say that. The strange bolded appearance of the subject "?????_????_???????" is not due to the use of bold styling, but rather the use of Unicode characters like "mathematical bold capital letter C." It is a mathematical symbol that looks like the letter "C" to humans, but the filtering machine accurately recognizes it as a mathematical symbol, not understanding its intended English meaning. Upon closer inspection of this email, the situation worsens: an "O" character in "C0NGRATULATIONS" is replaced with a zero, and the underlined letters in "Jᴀ̲ᴄ̲ᴋ̲pot" are so peculiar that even Unicode searches can't find them. Many spaces are replaced with dots or underscores. As a result, the spam filter sees this mess of an email and essentially gives up.

Google claims that RETVec comes to the rescue: "RETVec is trained to resist character-level manipulation, including insertions, deletions, spelling errors, homoglyphs, LEET substitutions, and more. The RETVec model is based on a novel character encoder that efficiently encodes all UTF-8 characters and words. Therefore, RETVec can support over 100 languages without the need for a lookup table or fixed vocabulary."

Google states that efficiency is a major concern here. Previous alternatives that used fixed vocabulary or homoglyph lookup tables were resource-intensive at runtime. Imagine listing out every possible spelling and misspelling of "Congratulations," where one or more characters are replaced with numbers, mathematical symbols, Cyrillic letters, Hebrew letters, or emojis - you would have an almost endless list. Google says that RETVec has only 200,000 "parameters instead of millions," so while Google's spam filtering cloud may be large enough to run anything, it is small enough to even run on local devices. RETVec is open source, and Google hopes it can eliminate homoglyph attacks, so it may even run in your local comment section in the future.

RETVec works similarly to human reading: it is a machine learning TensorFlow model that uses visual "similarity" to identify word meanings rather than their actual character content. Google's similarity demo uses the same technology to identify pictures of cats, so it seems quite feasible to transform it into the world's most peculiar optical character recognition system. Clearly, this approach has achieved significant improvements. Google states, "Replacing the text vectorizer before Gmail's spam classifier with RETVec allowed us to increase the spam detection rate by 38% and reduce the false positive rate by 19.4%. Additionally, using RETVec reduced the model's TPU usage by 83%, making RETVec deployment one of the biggest defense upgrades in recent years."

Google mentions that RETVec has been "tested internally for over a year" and has already been deployed to your Gmail account.