Why don't Google sign emails?

4 points by pbhjpbhj ↗ HN
Google adsense sent me an email that looks just like a phishing email. It's all good barring a "Report.zip" attachment. No signature?

Why are big internet companies still doing this? It's not as bad as the ones that send you an email from a spoof-styled domain ... oh that's Google again [and several others] google@elocation-google.com sends me adwords email with a link saying "http://www.google.co.uk/adwords/coupons/terms.html" that actually goes to http://clicks.elocation-google.com/email/S-... exactly the m.o. of phishers.

Couldn't they just use subdomains of the genuine domain, do some signing or other confirmations?

Seems the standards are very low in being able readily verify sender and content. Can we expect this to get better any time soon.

3 comments

[ 3.0 ms ] story [ 19.3 ms ] thread
Why is Adsense sending you a report by email anyway? I can't remember anything like that happening to me. Can you ask it to do so from the admin panel?

Maybe the email was a phishing attempt?

Me neither, the only email I ever get is from payments-noreply@google.com to say a payment has been made and I should log-in to my account for details.

There is a link to 'sign in' but I expect most folks have the sense to not click on those kind of links in the first place.

It's genuine. I only recently set it to send a monthly report; just the appearance is exactly that of a phishing email. Virus/malware scans showed nothing, so looked at the attachment and it's proper - just a CSV report in a ZIP.

I'm just surprised that we haven't got further than this with emails, it seems so basic.