Good luck. These big tech companies have no incentive to care about support or really anything that isn’t tied directly to making money. And unless you have a friend there, Google staff have no incentive either. Solving this won’t help with their promotions.
> Google staff have no incentive either. Solving this won’t help with their promotions.
I don't think people appreciate that this is really the key observation here. In large institutions, for anything significant to happen, there have to be incentives and alternatives, and these are set by management. Management in turn usually cares about their incentives, and the company overall mostly cares about the bottom line and the financial reports.
As a result, this is unlikely to get addressed, unless there is significant pressure, like media coverage, people mass-resigning from Gmail, or major email servers blocking Google. But none of these are likely to happen.
It honestly is a bit dissapointing that most of the internet's "infrastructure" is tied up in large corporations that just get money for free by being the only provider and face little to no backlash (because of their monopoly) when they neglect things like basic customer service.
Google suspend email accounts that get lots of spam reports. It happens a couple of times a year for salespeople in my company who use Gmass (a bulk email sending tool).
I mention it only as a useful data point, and in the absence of anyone else on the thread mentioning that Google have robust email abuse monitoring.
Had Google trying to send me mails to non-existing mail-addresses over months. You would think their logs might catch something like that or they would react to my complaints ... they don't and they just dont care.
It sometimes stops for weeks, then it continiues.
from my logs as an example:
Nov 13 22:10:51 bert postfix/smtpd[2693931]: NOQUEUE: reject: RCPT from mail-oi1-x248.google.com[2607:f8b0:4864:20::248]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-oi1-x248.google.com>
Nov 13 22:12:07 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-ua1-x948.google.com[2607:f8b0:4864:20::948]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer1000@nerd-residenz.de> proto=ESMTP helo=<mail-ua1-x948.google.com>
Nov 13 22:12:18 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x346.google.com[2a00:1450:4864:20::346]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x346.google.com>
Nov 13 22:12:37 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lf1-x146.google.com[2a00:1450:4864:20::146]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer333@nerd-residenz.de> proto=ESMTP helo=<mail-lf1-x146.google.com>
Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com> to=<rmayer@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com>
Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x345.google.com[2a00:1450:4864:20::345]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayerrmayer@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x345.google.com>
Nov 13 22:14:03 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayera@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com>
As you can see, the to-address is generated and its different hosts at google trying to send mails.
Searching for zf.thesparklebar.com shows others having the same problem.
gmail, outlook and salesforce create about 90% of the spam that gets through blacklists. Salesforce is simple to fix: I just block anything from salesforce from our network, as it just seems to be 100% used by spammers. Gmail and outlook are the major problem, as there is no way of addressing their spam issue.
I have been observing this for the last 2-3 years (4 postfix servers sysadmin)
Gmail cannot be whitelisted anymore: spam, phishing,...
On the other hand, if your users redirect twitter or linkedin notifications from their domain to a gmail account, Google claims you are sending too fast and is suspicious (and throttles or blocks ip).
I've been using SpamCop for years (decades?) but lately I've been wondering if they're still relevant.
One example: they seem to have a size limit of 50KB when you report a spam mail via their web form. I've received quite some spam that exceeds that because they use base64 encoding of the body, add non-visible filler content to drown out the actual spam/phishing message, etc.
SpamCop suggests to cut off the message and still process it but then they miss e.g. the link to the phishing website and thus they can't send out a report for that.
Speaking of phishing links: a lot of the phishing mails I receive, link to some account on storage.googleapis.com. I've seen mails with links to the same account for weeks on end before they switch to a different one, implying that these links remain online for a long time. You would think that marking such mails as phishing in GMail (they are already flagged as spam) would get them on some kind of radar but apparently not...
I gave up on trying to report abuse to Google, Amazon or Microsoft. It seems reports simply get ignored and the big providers do nothing. I hope the FSF with its weight and media presence can finally do something.
Google, Microsoft, and Amazon are my major sources of spam. These days, this is where spam comes from.
At this point, they are also too big to block. We allowed this to happen, through neglect and laziness. Even in this discussion: how many people use Gmail as their primary email service?
On YouTube I reported bot accounts for a couple days, the only reaction I got was that at some point it showed a popup that told me too many false reports would lead to a ban. Not sure what Google gets out of it, but there is no way they could be that bad at fighting bots unless they're not even trying. Even trivial tricks like copy-pasted texts keep working.
This is called a monopoly. I know people who run their own mail servers to be as independent as possible. Ironically, they show up as spam in Gmail all the time because "This message is similar to messages that were identified as spam in the past." Meanwhile, it's a fucking simple one paragraph message to a programming mailing list. They have to wrestle with DMARK or choose not to as they feel DMARK is playing into the hands of the monopolies giving them too much influence and power over something as simple and fundamental as email.
I was getting spam called constantly every 5 minutes (blocked by Google call screening) and the attackers made an error if sending a message with their AWS bucket url. I was able to submit an abuse report to Amazon and puff Amazon dismantled the entire spam group. No more spam since then.
Maybe try saying the spam has porn or inappropriate images?
I got a human being at Google to look into my problem and take action after sending a police report to Google‘s legal department certified mail return receipt along with a letter describing how someone was impersonating me and my business using a Gmail address in an attempt to commit fraud.
Yes, it was a pain to take all of these steps and it probably took about 3 hours but it was absolutely necessary considering there was no avenue for me to shut down this person otherwise.
(I haven't run my own mail-server in a while. It's getting harder and harder.)
Are the real-time-blackhole lists still a thing?
If they're regularly allowing spam and not responding to reports in any sort of timely manner, possibly they should be reported to those.
Not going to work though, is it. Too big to fail shouldn't be a thing. It's not like you can't be flexible about it or give them some room to deal with it within corporate policy; but they do need to deal with it, right?
Realistically, I think some companies have outgrown the size where internet can still self-regulate them. You'd hurt yourself more than gmail.
This either needs laws or new game theory.
Or -you know- deprecate the current email system. I know that's a perennial proposal; but that's because every year it gets even more broken in even more interesting ways. It's patch-on-patch-on-patch at the moment. Just spinning up sendmail on a random box won't quite cut it anymore, if you want to participate.
47 comments
[ 3.1 ms ] story [ 64.3 ms ] threadI don't think people appreciate that this is really the key observation here. In large institutions, for anything significant to happen, there have to be incentives and alternatives, and these are set by management. Management in turn usually cares about their incentives, and the company overall mostly cares about the bottom line and the financial reports.
As a result, this is unlikely to get addressed, unless there is significant pressure, like media coverage, people mass-resigning from Gmail, or major email servers blocking Google. But none of these are likely to happen.
I dont think this is limited to big tech.
I mention it only as a useful data point, and in the absence of anyone else on the thread mentioning that Google have robust email abuse monitoring.
They're not sending emails directly from their gmail address.
But they are adding victim emails to other Google services and then Google themselves send them invitations emails.
And if you name your service like "Google helpdesk - password reset" or something like that.
Invitation email from Google will look very official, but URL in the email will be controlled by the attacker.
It's pretty old working technique used for phishing for years now.
Spam report does nothing, since you're reporting official Google email.
I’ve not been reporting them because I already know they aren’t valid and do not google’s work for them
It sometimes stops for weeks, then it continiues.
from my logs as an example: Nov 13 22:10:51 bert postfix/smtpd[2693931]: NOQUEUE: reject: RCPT from mail-oi1-x248.google.com[2607:f8b0:4864:20::248]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-oi1-x248.google.com> Nov 13 22:12:07 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-ua1-x948.google.com[2607:f8b0:4864:20::948]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer1000@nerd-residenz.de> proto=ESMTP helo=<mail-ua1-x948.google.com> Nov 13 22:12:18 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x346.google.com[2a00:1450:4864:20::346]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x346.google.com> Nov 13 22:12:37 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lf1-x146.google.com[2a00:1450:4864:20::146]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer333@nerd-residenz.de> proto=ESMTP helo=<mail-lf1-x146.google.com> Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com> to=<rmayer@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com> Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x345.google.com[2a00:1450:4864:20::345]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayerrmayer@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x345.google.com> Nov 13 22:14:03 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayera@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com>
As you can see, the to-address is generated and its different hosts at google trying to send mails.
Searching for zf.thesparklebar.com shows others having the same problem.
Gmail cannot be whitelisted anymore: spam, phishing,... On the other hand, if your users redirect twitter or linkedin notifications from their domain to a gmail account, Google claims you are sending too fast and is suspicious (and throttles or blocks ip).
Hilarious.
It's not perfect though. For some reason, it doesn't find (or deliberately ignores) OVH hosts that are relaying spam.
One example: they seem to have a size limit of 50KB when you report a spam mail via their web form. I've received quite some spam that exceeds that because they use base64 encoding of the body, add non-visible filler content to drown out the actual spam/phishing message, etc.
SpamCop suggests to cut off the message and still process it but then they miss e.g. the link to the phishing website and thus they can't send out a report for that.
Speaking of phishing links: a lot of the phishing mails I receive, link to some account on storage.googleapis.com. I've seen mails with links to the same account for weeks on end before they switch to a different one, implying that these links remain online for a long time. You would think that marking such mails as phishing in GMail (they are already flagged as spam) would get them on some kind of radar but apparently not...
Google, Microsoft, and Amazon are my major sources of spam. These days, this is where spam comes from.
At this point, they are also too big to block. We allowed this to happen, through neglect and laziness. Even in this discussion: how many people use Gmail as their primary email service?
That would imply that someone actually sees them... vs shoving them under the rug, or giving them to a bot to delete.
I figure an email is worth a beer.
Google Workspace email is very generous with the kind of outgoing email you can send via their SMTP servers.
Maybe try saying the spam has porn or inappropriate images?
Yes, it was a pain to take all of these steps and it probably took about 3 hours but it was absolutely necessary considering there was no avenue for me to shut down this person otherwise.
Are the real-time-blackhole lists still a thing?
If they're regularly allowing spam and not responding to reports in any sort of timely manner, possibly they should be reported to those.
Not going to work though, is it. Too big to fail shouldn't be a thing. It's not like you can't be flexible about it or give them some room to deal with it within corporate policy; but they do need to deal with it, right?
Realistically, I think some companies have outgrown the size where internet can still self-regulate them. You'd hurt yourself more than gmail.
This either needs laws or new game theory.
Or -you know- deprecate the current email system. I know that's a perennial proposal; but that's because every year it gets even more broken in even more interesting ways. It's patch-on-patch-on-patch at the moment. Just spinning up sendmail on a random box won't quite cut it anymore, if you want to participate.