47 comments

[ 3.1 ms ] story [ 64.3 ms ] thread
Good luck. These big tech companies have no incentive to care about support or really anything that isn’t tied directly to making money. And unless you have a friend there, Google staff have no incentive either. Solving this won’t help with their promotions.
> Google staff have no incentive either. Solving this won’t help with their promotions.

I don't think people appreciate that this is really the key observation here. In large institutions, for anything significant to happen, there have to be incentives and alternatives, and these are set by management. Management in turn usually cares about their incentives, and the company overall mostly cares about the bottom line and the financial reports.

As a result, this is unlikely to get addressed, unless there is significant pressure, like media coverage, people mass-resigning from Gmail, or major email servers blocking Google. But none of these are likely to happen.

Well yes, you get what you pay for and if you are on the free plan don't expect much.

I dont think this is limited to big tech.

It honestly is a bit dissapointing that most of the internet's "infrastructure" is tied up in large corporations that just get money for free by being the only provider and face little to no backlash (because of their monopoly) when they neglect things like basic customer service.
Maybe they should try getting a paid Google Workspace subscription /s
It seems weird that Google wouldn't have some kind of observability alert on outgoing email. 10k emails per week is a lot.
Spammer must be a whale spending untold amounts on other Google services.
Google suspend email accounts that get lots of spam reports. It happens a couple of times a year for salespeople in my company who use Gmass (a bulk email sending tool).

I mention it only as a useful data point, and in the absence of anyone else on the thread mentioning that Google have robust email abuse monitoring.

I think in this case and all the others.

They're not sending emails directly from their gmail address.

But they are adding victim emails to other Google services and then Google themselves send them invitations emails.

And if you name your service like "Google helpdesk - password reset" or something like that.

Invitation email from Google will look very official, but URL in the email will be controlled by the attacker.

It's pretty old working technique used for phishing for years now.

Spam report does nothing, since you're reporting official Google email.

I hope you realise, it does sound like you are suggesting that salespeople in your company are essentially spammers.
I wonder if this has to do with the massive number of google calendar invites I’ve been getting as payment/billing notifications lately.

I’ve not been reporting them because I already know they aren’t valid and do not google’s work for them

Had Google trying to send me mails to non-existing mail-addresses over months. You would think their logs might catch something like that or they would react to my complaints ... they don't and they just dont care.

It sometimes stops for weeks, then it continiues.

from my logs as an example: Nov 13 22:10:51 bert postfix/smtpd[2693931]: NOQUEUE: reject: RCPT from mail-oi1-x248.google.com[2607:f8b0:4864:20::248]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-oi1-x248.google.com> Nov 13 22:12:07 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-ua1-x948.google.com[2607:f8b0:4864:20::948]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer1000@nerd-residenz.de> proto=ESMTP helo=<mail-ua1-x948.google.com> Nov 13 22:12:18 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x346.google.com[2a00:1450:4864:20::346]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x346.google.com> Nov 13 22:12:37 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lf1-x146.google.com[2a00:1450:4864:20::146]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer333@nerd-residenz.de> proto=ESMTP helo=<mail-lf1-x146.google.com> Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com> to=<rmayer@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com> Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x345.google.com[2a00:1450:4864:20::345]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayerrmayer@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x345.google.com> Nov 13 22:14:03 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayera@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com>

As you can see, the to-address is generated and its different hosts at google trying to send mails.

Searching for zf.thesparklebar.com shows others having the same problem.

gmail, outlook and salesforce create about 90% of the spam that gets through blacklists. Salesforce is simple to fix: I just block anything from salesforce from our network, as it just seems to be 100% used by spammers. Gmail and outlook are the major problem, as there is no way of addressing their spam issue.
Yeah, Salesforce clearly has some kind of whitelisting at Gmail. I get so much nonsense from that domain.
Unfortunately, the only thing that would work is to hire a bot service that would report the offending account en masse.
Google removed humans, so ... anyone able to contact real people at Google?
I have been observing this for the last 2-3 years (4 postfix servers sysadmin)

Gmail cannot be whitelisted anymore: spam, phishing,... On the other hand, if your users redirect twitter or linkedin notifications from their domain to a gmail account, Google claims you are sending too fast and is suspicious (and throttles or blocks ip).

Hilarious.

Lately I've been using SpamCop.net to make spam reports. It seems to work, and it's free. You are encouraged to donate, and they don't ask for much.

It's not perfect though. For some reason, it doesn't find (or deliberately ignores) OVH hosts that are relaying spam.

I've been using SpamCop for years (decades?) but lately I've been wondering if they're still relevant.

One example: they seem to have a size limit of 50KB when you report a spam mail via their web form. I've received quite some spam that exceeds that because they use base64 encoding of the body, add non-visible filler content to drown out the actual spam/phishing message, etc.

SpamCop suggests to cut off the message and still process it but then they miss e.g. the link to the phishing website and thus they can't send out a report for that.

Speaking of phishing links: a lot of the phishing mails I receive, link to some account on storage.googleapis.com. I've seen mails with links to the same account for weeks on end before they switch to a different one, implying that these links remain online for a long time. You would think that marking such mails as phishing in GMail (they are already flagged as spam) would get them on some kind of radar but apparently not...

I gave up on trying to report abuse to Google, Amazon or Microsoft. It seems reports simply get ignored and the big providers do nothing. I hope the FSF with its weight and media presence can finally do something.

Google, Microsoft, and Amazon are my major sources of spam. These days, this is where spam comes from.

At this point, they are also too big to block. We allowed this to happen, through neglect and laziness. Even in this discussion: how many people use Gmail as their primary email service?

On YouTube I reported bot accounts for a couple days, the only reaction I got was that at some point it showed a popup that told me too many false reports would lead to a ban. Not sure what Google gets out of it, but there is no way they could be that bad at fighting bots unless they're not even trying. Even trivial tricks like copy-pasted texts keep working.
> popup that told me too many false reports would lead to a ban

That would imply that someone actually sees them... vs shoving them under the rug, or giving them to a bot to delete.

Not me, but then most people are allergic to paying $10 a month.

I figure an email is worth a beer.

This is called a monopoly. I know people who run their own mail servers to be as independent as possible. Ironically, they show up as spam in Gmail all the time because "This message is similar to messages that were identified as spam in the past." Meanwhile, it's a fucking simple one paragraph message to a programming mailing list. They have to wrestle with DMARK or choose not to as they feel DMARK is playing into the hands of the monopolies giving them too much influence and power over something as simple and fundamental as email.
Crazy that you can even send that sort of volume from a gmail acc
someone hooked up their web app to Google Workspace email and the web app got pwned.

Google Workspace email is very generous with the kind of outgoing email you can send via their SMTP servers.

I'm reporting every spamm mail that I get through Gmail from Gmail accounts but it doesn't seem to help!
I was getting spam called constantly every 5 minutes (blocked by Google call screening) and the attackers made an error if sending a message with their AWS bucket url. I was able to submit an abuse report to Amazon and puff Amazon dismantled the entire spam group. No more spam since then.

Maybe try saying the spam has porn or inappropriate images?

I got a human being at Google to look into my problem and take action after sending a police report to Google‘s legal department certified mail return receipt along with a letter describing how someone was impersonating me and my business using a Gmail address in an attempt to commit fraud.

Yes, it was a pain to take all of these steps and it probably took about 3 hours but it was absolutely necessary considering there was no avenue for me to shut down this person otherwise.

I’m old enough to remember when the FSF said that blocking spam was censorship. Good to see them wake up.
(I haven't run my own mail-server in a while. It's getting harder and harder.)

Are the real-time-blackhole lists still a thing?

If they're regularly allowing spam and not responding to reports in any sort of timely manner, possibly they should be reported to those.

Not going to work though, is it. Too big to fail shouldn't be a thing. It's not like you can't be flexible about it or give them some room to deal with it within corporate policy; but they do need to deal with it, right?

Realistically, I think some companies have outgrown the size where internet can still self-regulate them. You'd hurt yourself more than gmail.

This either needs laws or new game theory.

Or -you know- deprecate the current email system. I know that's a perennial proposal; but that's because every year it gets even more broken in even more interesting ways. It's patch-on-patch-on-patch at the moment. Just spinning up sendmail on a random box won't quite cut it anymore, if you want to participate.