How Gmail lets spammers grab your attention with emoji

What could be worse than email spam? Animated gifs in the subject line of email spam!

This is a trend I've recently started to see on Gmail - here's what it looks like and how it works.

So, what's going on here? How have they got an animated image into the subject line?

Here's the raw text of the message's subject line:

Subject:=?UTF-8?B?876tqQ==?==?utf-8?q?__=79=6f=75=27=76=65=20=62=65=65=6e=20=63=68=6f=73=65=6e=20=66=6f=72=20=33=30=20=66=72=65=65=20=73=70=69=6e=73_?==?UTF-8?B?876tqQ==?=

Let's take a look at the code sequence at the start and end of the subject: =?UTF-8?B?876tqQ=

As all good geeks know, characters outside the ASCII range are encoded as Base64 in emails.

The resultant character is U+FEB69 - a "Private Use" character which has no defined representation in Unicode.

For most of us, the character "󾭩" doesn't display as any meaningful symbol - but on the web version of Gmail, it shows up as: , a flashing star.

WTF?

Ok, here's what's going on...

Way back in the midsts of time (well, about 2009) there was no standard for Emoji. Each company made use of Unicode's private use characters in a different way. If you had a phone from Google and sent a message using the "Glowing Star Emoji" to a phone made by another manufacturer - the symbol would either not display properly, or show up as a completely different character!

Obviously, in an interconnected world, such a situation is untenable - so Google and several other companies set up the Emoji4Unicode project.

Google uses Private Use mappings to represent Emoji ("picture character") symbols in Unicode text. These characters are commonly used by Japanese cell phone carriers. This project makes these mappings available. Google and other members of the Unicode consortium are also developing a proposal for the addition of standardized Emoji symbol characters to Unicode.

The Unicode consortium banged some heads together (in a friendly way) and everyone agreed on a new standardised set of characters.

The new Unicode standard has "Glowing Star" set as U+1F31F and looks like this: 🌟. (If your computer doesn't support Unicode 6.0 you can take a look at the official reference chart.)

But the old version lives on! The animated GIF lives at https://mail.google.com/mail/e/B69 where it is used for the web version of Gmail. (You can alter that end number to get all manner of odd characters.)

Modern Android phones still recognise this relic - although, in Google's typically slapdash fashion, Android's Gmail app won't display the animation in the subject line, only in the body:

The same happens with the iOS version of Gmail. Animated in the body, not in the subject line,

Try it yourself by sending an email with the subject and body "Star 󾭩 vs Animated 🌟".

It doesn't seem to work in Google Hangouts - or any other Google apps, just mail.

Interestingly, when sending this characters from the web or Android version of Gmail, it adds an "X-Goomoji-Subject" header and automatically converts the characters to GIFs. The Unicode is completely stripped away from the message.

So there we have it. An ancient form of Emoji, probably all but forgotten, has been resurrected by spammers in the hope that you'll notice their wares.

What a load of 💩!