I run my own mail server with full SPF, DKIM and SRS, routing the mail through a relay at a reputable VPS provider on high-reputation IPs. Over the last few months, there seems to be this pattern where if I email someone @gmail who I've never mailed before, they don't seem to ever get it. I wonder if this is the issue.
This is one of the reasons I use Google Apps for Business for email (that and I find running mail servers tedious) as deliverability is consistently simpler.
Having to use a Google product instead of your own mail server, in order to have your email delivered to Google customers, sounds like anti-competitive business practices to me. You'd think they'd be a wee bit more careful with something like that given EU interest in them...
It also isn't enough. Some of our gmail users' email (sent through the gmail smtp server with oauth) will be marked as spam in gmail. Very frustrating!
I doubt there are very many lawyers on the spam protection team. I also doubt the people on that team have any intention of harming minor-league competition. So it's not particularly surprising that they aren't more careful about avoiding something that a) is not well-known to them, and b) they don't think they are doing.
Your mail server isn't real competition to Gmail. Yahoo and Outlook probably are, but considering Gmail handles their mail fine, I'm not sure "anti-competitive" is the right angle here.
The problem with this apart from the cost is that all the other big email servers are more likely to mark your email as spam if it comes out of google apps :(
Do you actually mean Google Apps (i.e. Gmail) or are you thinking of Google App Engine? Because I don't think most other providers particularly distrust Gmail.
I also run like this and have had no problems. I don't commonly send emails though (mainly receive) so it is possible that I just haven't sent enough to see the issues.
I had a problem with my personal server for a little while; all my SPF, DKIM, etc was all set up for IPv4. I have a couple IPv6 interfaces on my machine, and my mailserver was delivering to GMail over IPv6!!
Ditto, this. Some recipients find mails in the spam folder, others claim they aren't even in there, but have simply vanished. All were accepted for delivery by gsmtp.
Relatively little. Gmail's filtering system just seems to be increasingly erratic, so one Meetup group email ends up in the Spam filter whilst another appears with high importance. If anything, the problem appears to be the opposite: de-emphasising the sending organisation.
Which is presumably done so that if you forward the newsletter to someone else they can't (accidentally or maliciously) unsubscribe you by clicking the link.
When it's trivial to re-subscribe if you want to, I'd prefer that they do include a one-click unsubscribe. I'll deal with anyone who maliciously unsubscribes me from a mailing list that I want to be subscribed to, and this will highlight who my "good" friends are anyway.
A big problem I've had is that many of these are "business relationship/transactional" e-mails, which play by different rules.
My address is my first name + last initial (neither of which are all that uncommon), and this is made much worse by Gmails idiotic ignoring of periods in addresses. There is a dude in Denver, CO who is absolutely convinced his e-mail address is tyler.e@gmail.com. It isn't. I'm really sick of getting his AT&T and car insurance e-mails.
I suppose I could, but I"ve seen MANY variations, and tbh there are enough mis-sends to tylere@gmail.com that it wouldn't really help.
TBH I hardly use personal e-mail these days, it's basically a bucket that receipts and confirmation gets dumped in to, in which case search works well enough. Most actual conversation is done via Facebook or IM, etc.
This happens to me all the time as well. I also have firstname.lastname@gmail.com and apparently a lot of other people seem to think they do as well.
Or at least, they have firstname.lastname1@gmail.com and people easily forget to add the number.
I wish there was a better way to deal with this type of situation other than constantly sending "please fix your address book" emails. Email is a broken system.
I'm not sure how you go from: Unless you have Google Apps for Business (or whatever), there are no vanity domains for gmail; to: email is a broken system?
Gmail.com is certainly broken in the sense that they want to cram 10 billion users into a single domain. It's ridiculous marketing/brand-motivated UX failure.
Since forever most mail services had a few vanity-domains, so people could get first.last@wherever.com. But no, Google doesn't want to provide email, they want to provide "Google Mail".
Apologies for the rant, but I can't stand it when big companies create problems through stupidity.
I dont believe I said anything about vanity domains, so I dont know what you mean by that.
I meant that email is broken in the sense that when some stranger mistakenly thinks that your email belongs to them, and continues to give it out or sign it up for mailing lists, you have absolutely no recourse. If you have an email address that like mine is easily mistaken for other ones you get incorrectly-addressed personal emails many times a day. There is no way to find the actual intended recipient or get in contact with that person to say "hey you seem to be confusd, stop using my email address". And there is no really good way to filter those emails, since after all they are coming to your correct address.
I think this is the kind of problem that's difficult to appreciate unless it happens to you frequently.
The problem with email is that anyone can email you if they have your address.. thats why we have so much spam. I dont know what the solution is, but it would be much better if the recipient had to opt-in to the conversation somehow as well.
I believe he means that if tizz.dogg@gmail.com was already taken, Google should offer tizz.dogg@loopyloop.com rather than tizz.dogg1@gmail.com. In fact they shouldn't even show that as an option.
Since Google Is now a domain registrar they could create the new domains on the fly.
Indeed. Google/Gmail do two strange things: a) While they support the age old username+whatever@gmail.com in order for users to hand out special addresses to mailinglists etc (eg: user+facebook@gmail.com, user+lkml@facebook.com) -- they don't distinguish on dots in the username (so username == user.name == u.ser.name etc). And b) they don't offer other domains than gmail.com, which leads to strange things like smith1, smith79 etc.
As for there being "no recourse" -- apart from spam, that's just wrong. It's much faster to reply with a "This is not your Smith"-mail, than it is to write a "return to sender" on an envelope. Same thing for getting phone calls from a different timezone etc.
[ed: I do agree that it's a bit more difficult with people that don't know their own address -- still think it should be quicker to reach their contacts via email than via comparable means.]
>> It's much faster to reply with a "This is not your Smith"-mail
Right, and I've sent literally hundreds of those emails. They almost never do any good, because while one person may fix your address in their contacts list, the original person who gave out the faulty address is still out there, unaware that they're giving out bad info. I always ask if the email sender can tell the intended recipient about this when they figure out the right address, but that rarely works. Anyway, I know this is a very specific problem that only affects a small fraction of people, but it's extremely annoying.
I dont really see how allowing other domains would help.. that just shifts the issue to the domain string instead of the user string. I guess it gives people more options. But one of the main benefits of gmail addresses is that it's so common. Everybody knows it, so nobody ever misspells the 'gmail' part at least.
I have a rather uncommon first.last combination. Still, there is a woman in a flyover state married to a guy with my same name who seems to think my gmail address is his. I am building up quite the profile of their family. Thanks to Gmail I know where he works, what car she drives, where they went to college and where they fill prescriptions. Fortunately for them, I have no desire to use any of this information.
It is annoying however especially since most of the spam in my spam folder is addressed to her through my email address.
I'd assume cybojanek is talking about majordomo-like mailing lists, the sort used by lots of open source projects, which typically require an email sent to a specific address with "unsubscribe" in the subject line and so on and so forth.
Curiously, having to email <mailinglist>-unsubscribe@server.com to unsubscribe from a mailling list is, to me, preferable to having to login to a website in order to unsubscribe from the same mailing list.
I think it's because I'm beginning to resent the idea of every website and its dog requiring that I have a user account before I'm allowed to even browse the content.
You're not alone. I much prefer majordomo to any other web-based mailing list system. I just chalked it up to a greybeard quirk; HN at large seems to be the opposite.
How much of this is caused by marketing mailing lists sending messages to people who never subscribed?
I know I get a fair amount of unsolicited marketing list messages that do have an Unsubscribe link, which I click, but I also mark as spam because I never subscribed to it in the first place (of course, I'm also not using Google Mail, I'm using FastMail with a personalized SpamAssassin filter, but I assume it will still influence the global default SpamAssassin filter).
Sounds like there should be another choice after you report something as spam: Spam - ads I didnt ask for. Spam - fraud attempt, Spam - I unsubscribed 5 times but still get updates, Spam - my ex keeps stalking me, etc.
It might not be related, but I've been seeing some spam in my gmail inbox in the past month. It seems that something has upset the balance. For example, this went to my inbox:
I have the same problem, before these emails would go into the SPAM folder but now even some obvious 'YOU HAVE WON THE LOTTERY !" emails are arriving into the inbox directly.
Same. After years of almost zero spam, recently I've been getting stuff like that about once a week in my primary inbox. Very annoying when my phone dings only to show me obvious spam.
Have you checked the mail raw text. Maybe it's just disguised as gmail but sent from another third party server. Or spammers found a way to spam within gmail or hacked gmail. Both had happened at least once.
Happened to me as well.
Some of the eMail were just "updates" email that I like to receive but if they get lost is not a big deal.
But a couple of them were very important one, and to make things worst, they were answer to email in which I was in CC. So, a colleague of mine send an email to someone and CC me. The second person answer and that mail is marked spam for me but not for the person who wrote the original eMail.
Doesn't make sense that an answer to a legitimate conversation is by default a legitimate eMail?
I've had the same experience with the LKML lately (been subscribed for about 8 months, generally spam filter has had v. few false positives), can't remember exact numbers, but big, big chunks have been incorrectly labelled.
There seems to be a fair bit of spam sent to the LKML, I don't know whether there's been more lately, but perhaps the large amount of email sent to many people for the LKML and the fact there's a decent amount of real spam sent there, combined with a more aggressive setting is an explanation?
Data point: of the 28 messages in my spam folder just now (recently cleared down after picking out real LKML messages), 8 are LKML, though all are legitimately spam atm.
I could see 20% false positives on spam for Linus equating to 0.1% of false positives across the board since I suspect the people emailing Linus are 200 times more likely to be running their own mail server than the general public.
Were they set up initially, or after you noticed problems? I wonder if prior messages routed to the spam folder that people haven't marked as non-spam count against you for a certain prior period.
I added them after I noticed problems really. Postfix and Dovecot have somewhat of a learning curve (I started up and trashed a few VM's before I got it right). I ended up using IRedMail, the defaults are pretty much Gmail ready.
I don't know about prior messages counting against you, given what I've seen it seems to makes sense. Without insider info we can only speculate.
And the moment someone accidentally clicks the SPAM button you'll find yourself with weeks of pain on a low volume mail server.
Because, as an individual, you won't qualify for their FBL service and "mysteriously" you'll have weeks of everyone saying you end up in their spam folder.
And they don't tell you whether you meet those criteria, until after you go to the trouble of logging in and serving a DNS TXT record for ownership verification, as I just found. Granted, I didn't expect to qualify, but it would have been nice if they'd told me up front.
Yes, but at least they're using the same verification mechanism as elsewhere so if you have already added the domain to Google Webmaster for example under the same Google Account, it will be automatically verified.
Fun, but it doesn't scale. Google can only do this because they have a near-monopoly on email. What would you say if I gave you tools to whitelist yourself on my email server? You'd tell me to get my spamfilter straight, or more likely, simply ignore me.
I'm not against Gmail, just like I'm not against Outlook.com or Yahoo mail or something. It's just that providing tools only work for players in a power position (i.e. Google) who can afford to ignore small players (i.e. me), and what's more, this further strengthens their power position: the better they can detect spam so more people will start using it (the postmaster tools are there to help people prove they are good, thus helping Gmail distinguish).
I had exactly the same setup, but I had to create 10 fake Gmail accounts, add the email address to the address book and flag several emails as "not spam" before it was useable. Google Mail just ignores the fact that there are private people who want to have their own mail server to be independent from Gmail.
Yes, Google seems to have flipped some switch or pushed some change that takes well established domains and senders from that domain and for reasons that are not well understood written them off as spam. In theory they are getting a huge 'not spam' signal back at HQ but I agree with Linus that they screwed up big time. Stuff they should know wasn't spam and have in the past not classified as spam, now suddenly is. Algorithm update fail.
For some sender's I don't even have the "report as spam" button, even though most of the shit I get from them is ads I didn't ask for. Just because it's from a well recognized company domain.
This started hitting several of my mailing lists a while back. Not just personal servers, but several major web mail providers, most notably Yahoo and AOL. Some theories floated around that it had to do with a change to header/certificates, but I don't recall if I saw any actual confirmation of that.
Pretty ironic, then, that many suggestions in comments (on the source) are "you should just run your own mail server". Maybe two 'wrongs' do make a right..
This hit us at work really badly: we use GApps, and everything from our internal list server (which we can't replace with GMail aliases because $REASONS) was being sent to spam ... and there was literally no way to whitelist this across the company automatically.
You know how Google treats its free customers with utter contempt? I can assure you, they treat paying customers with the same contempt.
Yeah, its part of why I gave up on running my own mail server and signed up for Google Apps back when it was free. Its just not worth fighting the spam filters for side projects.
It was probably something along the lines of "Well consumers are what matters and they all use major services".
What about using it as one of many criteria (maybe whether the email seems to contain gibberish being another, which patch files might be classified as).
Out of all the people in the world who regularly get mailed "gibberish" patchfiles, and not only fail to mark them as spam, but continue to interact regularly with the senders - do you not think it's reasonable to assume Gmail might notice Linus has been doing this for two or three decades?
I wondr what other forms of "gibberish" Gmail classifys as spam? GPG encrypted mail? Mail containing public ssl keys or CSRs? ANy foreign language not regulalrly hard in Bro-ville, South Bay?
Value judgements aside, that's not what I'm postulating. It's more like "unknown" mail servers (meaning any mail server with low enough volume that Gmail doesn't have an opinion about it yet).
Speaking as someone who is at least 200 times more likely than the general gmail-using public to receive mail from completely normal, mainstream Chinese email addresses... I'm still mad at gmail for just assuming mail from China must be spam. It's not spam!
(There's been improvement - for example, recently I received mail from someone I'd corresponded with in the past, and it wasn't initially marked as spam. Gmail used to be more aggressive than that, such that it would be marked as spam unless it was a direct reply to an email I had sent.)
(...for extra irony, that recent message was "I'm stuck in England and can't get home without a few thousand dollars". Her account had been hacked.)
What about the possibility that 'vanity' email servers are more likely to have something non-obvious misconfigured? Maybe, for example, they send spam rejections back to the envelope from address (generating backscatter which looks like spam), rather than rejecting spam within the SMTP session?
It's what happens when you can control such a large portion of a resource. Just imagine, Google can at any moment blacklist just about anyone. Most websites and companies they can do nothing to stop it.
Haven't a clue what you mean. I run several mail servers and have no issues whatsoever with GMail. And I run through all the spam filtering, too, and only recall one that was inadvertently marked as spam but, iirc, the mailer was the problem.
I wrote a daemon that monitors a mailbox that users can submit spam to, for spam that makes it through the other filtering layers. The daemon finds the original message in the user's mail directory, reads the headers, tracks down the originating network using whois, and then blackholes the network and emails me a notification about it.
Some networks are whitelisted for practical purposes. Google's one of them.
If necessary, I could provide a list of the subject lines of the emails that have been reported. A YC company, Zenefits, is one offender that comes immediately to mind.
While we're waiting for Monday, here are some subjects of spam emails I've received from Gmail's SMTP servers recently. Mentions of my domains replaced by example.com:
Example.com SEO Issues
Tough Times With Example.com? Needs Attention!!?
Get ranked higher: Example.com
Google optimization for Example.com
Get ranked higher : example.com
Website Audit Report to increase website traffic
Example.com - audit report now available
Give a glamorous new look to your website
Web Design Proposal example.com
Organic SEO Promotion For Example.com
Back. Here's a recent selection of subject lines, extracted from spam daemon replies. The "Zenefits + Problem" ones are funny .. my dba is "No Problem", and they're not smart enough to correctly handle that I guess, which makes sense, since they're also dumb enough to spam me. I've never replied to any of their messages.
"Re: Zenefits + Problem"
"Higher Targeted Traffic: Associatedtechs.Com"
"Re:re: UL,CE,ETL Split-core Current Transformer(0.333V or 1A/5A output) ,Rogowski coil,hall AC-DC transducer"
"Poor support processes could be costing you customers"
"Get ranked higher:"
"Higher Targeted Traffic: Associatedtechs.Com"
"Re: Zenefits + Problem"
"Re: Zenefits + Problem"
"Your Website...!"
"Get ranked higher: associatedtechs.com"
"Google Update for: associatedtechs.com"
"How to increase your website traffic and generating leads??"
"Zenefits + Problem"
"Mobile Apps Development"
"Digital marketing proposal- www.associatedtechs.com"
This isn't a complete list, sadly, since it turns out the daemon isn't logging ban attempts against whitelisted networks. I should fix it so that it does.
Well, as he said, some emails on the middle of threads were marked as Spam
Funny thing that happened to me, a mail from Google was marked as Spam. This was a long time ago, and it was from a mailing list, but apart from that, it was a legitimate mail.
This happens because of DMARC. It does actually make sense, in a way.
DMARC allows a domain to say "email that claims to come from my domain must be signed by me. If it doesn't, burn it with fire, no exceptions". So Gmail is only following the instructions laid out by the sending domain.
This is helping to make the email ecosystem a lot more robust by ending the problem of From forging. Ordinary users rarely realise that the From header is otherwise meaningless so phishing them can be very easy.
However it does not play well with mailman's default settings, and a lot of mailing list admins refuse to help the email ecosystem become more secure (whilst often PGP signing their own mails, doh). So DMARC creates a lot of noise in the technical community from people who have to/want to use mailman based lists.
I decided to do a quick check of my gmail; there were 151 emails in spam, and literally not one I would want in my inbox.
It seems entirely likely that Google is weighting whether something comes from a private mail server very heavily, and Linus, being who he is, gets a lot of email from private servers.
Not saying this isn't a problem, but it probably doesn't affect 99% of email users.
True. We send thousands of emails a week and all of a sudden a large portion weren't even delivered. Turns out it's all DMARC and once those policies were fixed (assigned at all) the delivery denials ended.
Thanks for pointing out the real numbers. In my defence, I was thinking "conservative for the near future", so the next 5 years or so. An of course giving 9M users a bad experience isn't that great either.
If we're being pedantic, it's probably worth noting that the "99%" was a completely arbitrary assumption, and trying to run statistics based on one anecdote and an unfounded assumption is not going to produce accurate results.
True. I suppose the main point is that with a billion users, even some "small fraction" of users having problems, is going to translate to a lot of people having problems.
Honestly, if Google took support even half-seriously (or: they considered eg: users of gmail their customers, rather than just their advertisers) -- these kind of issues wouldn't be so bad.
I do think it's just a question of time before Google relegates itself to irrelevance through a strictly inferior product though.
Oddly, I have had the opposite problem. This past week I have had to delete 4 or 5 obvious V!@g&a!!!!!-type spam emails from my priority tab of my inbox. I can't remember the last time I had that happen. Something isn't working quite right.
Have been seeing the same thing here as well. With spam messages coming through as normal mail.
I have also been having any messages that are replies to messages I send being diverted to my spam folder randomly. It is happening on both my personal gmail account and on a business account.
It seems lately Google has really been less focused on the core components that made them successful in the first place. I have found their search results seem to be returning more spam sites than before. My vote is to get Matt Cutts to come back and start cleaning up spam again :)
True, but the spam filter could certainly learn to weight private mail servers as Ham on a per-user basis. Perhaps the learning algorithm can't generalize the feature to new unseen private make servers. However, Google certainly has the engineers who can add that functionality, they just need to properly manage them to get it done.
FWIW, I just checked my mail from the last week, and had 4 false positives, out of ~80 mails. That's WAY higher than I've traditionally had with Gmail, where I might expect that many in a year.
The way you worded the sentence is classically used to indicate "well, this is an anomoly, because he is not a normal user, and is maybe even doing something absolutely abnormal, making this a trade off between the needs of the many vs the needs of the few, one he can easily bypass by doing something different inside his niche"; it took me reading a few of your later replies before I felt you were just providing an explanation for how Google's math could be flawed, as opposed to providing an explanation for why this might be an acceptable casualty.
You're probably right. Mailing lists (of the discussion group variety, not marketing mail) often have problems with spam filter false positives, most commonly due to DMARC policies.
There's not really a great solution to that at the moment - either you technically violate RFCs by having your your discussion group software modify some headers, or you deal with other kinds of breakage.
Doing header rewrites is effective for reducing FPs due to DMARC, but adoption is far from universal - off the top of my head I'm not even sure if Mailman supports that at the moment.
You only have to rewrite headers if your mailing list is actually modifying the mails i.e. doing a MITM attack on the mail flow. Some mailing list admins feel very strongly about footers, subject line tags etc and then claim they "must" rewrite the From header, but I am not sure it's technically required.
Discussion groups retransmit messages, which is enough to fail authentication in a lot of cases.
Here's an example: you have an address @google.com, which has a DMARC policy of 'quarantine'. You send a message from this address to a discussion group, which in the process, resends your message from a non-google server, thus failing DMARC.
Google's DMARC policy says that if an ISP receives a message from a @google.com From address and the message fails DMARC, that ISP should place the message in the spam folder.
So it boils down to: does a list operator change the From address in distribution group mail to use a list address they own in order to pass DMARC, or do you deal with the filtering consequences of failing DMARC for many domains?
The whole point of DKIM is that messages can be relayed without breaking authentication, because it uses digital signatures instead of sending IP. So I think it wouldn't break
... IF the body is not modified, and the header signature matches, AND headers retain DMARC alignment... the reality is that retransmittal (as opposed to just relaying) almost always does one or more of these.
Here's an example from a Google email engineer's recent post to the Mailop list, which is running Mailman software.
Authentication-Results: mx.google.com;
spf=neutral (google.com: 2001:41c8:51:83:feff:ff:fe00:a0b is neither permitted nor denied by best guess record for domain of mailop-bounces@mailop.org) smtp.mail=mailop-bounces@mailop.org;
dkim=neutral (body hash did not verify) header.i=@google.com;
dmarc=fail (p=REJECT dis=NONE) header.from=google.com
That message says the body was modified. The solution is simple: don't do that. Your original message said DKIM breaks if you simply relay mail, but it isn't correct.
Yeah, whatever the problem here is, it's almost certainly very user-specific, depending on the mix of email they get, and Linus is probably somewhat atypical.
I saw his original post on G+, and of course immediately went and checked my gmail spam folder.... and... no false positives at all, 100% correctly identified spam.
I got problems this week with mailing lists routed through apache servers & for which I had filters created, etc. And this happens not only for mailing lists
He said it mostly affected mailing list messages. His subscriptions come from a single server, so random spam classification of messages in the middle of some thread doesn't really make sense. Not as a sending-server issue anyway.
I've had a problem with false positives in my spam folder for months. A large percentage of the email newsletters I subscribe to end up in my spam folder every day, and clicking Notspam doesn't help. I can Notspam a certain newsletter every day for a week, and then the next day that same newsletter will end up in my Spam folder once again.
I'm starting to think that Notspam signals have no effect at an individual level. Either that or the button is simply a placebo.
Fortunately, the false positives for personal correspondence from individuals are still extremely rare, at least for me.
Come to think of it, if they're going to have a "Never send it to Spam" flag in filter config, shouldn't it default to TRUE? If you're taking the trouble to set up a filter, it's probably because you are interested in those messages.
Yep, Gmail's spam filters work based on the collective judgment of Gmail users. The core of your and linus' problem is a lot of people use the 'mark as spam' button as unsubscribe button for mailing lists.
I find this trend of "follow the majority" quite disturbing - it's as if they're implicitly saying that everyone should think the same way and punishing those who don't follow. What's spam to me may not be spam to you, and vice-versa.
Then again, having a personalised spam filter for each user would probably consume a huge amount of resources...
Not sure why you are down-voted. Perhaps because everyone (that run their own mail) generally runs individual filtering per account. Typically spam assassin will score an email, but filtering (based on that, and other criteria) is up to the individual user (eg: by having a white-list, choosing spam score to treat as spam etc).
As mentioned further up, some scoring works well for many users, but not for all, such as marking eg: Russian/Chinese/Not-spoken-here-by-most language as spam.
I really see no reason for why Google should be so bad at classifying email as they apparently are.
That idea sounds compelling at first, but the data doesn't support it. There are plenty of email marketers who are focused on a non-technical audience (who presumably use 'mark as spam' to unsubscribe frequently) and which have no problems with spam folder placement.
There's a spectrum, and if a given sender looks considerably worse than average, they're more likely to get filtered.
If anything, if a newsletter is getting filtered, it's more likely to be the marketing manager's fault - perhaps they don't adequately monitor deliverability, or they don't test their content, or they don't use activity segmentation... etc.
How easy is it to unsubscribe from those newsletters? Is there a one-click unsubscribe link that doesn't require you to login or enter anything before unsubscribing you?
If I've subscribed to a mailing list or newsletter and there isn't a one-click unsubscribe I'll click the Spam button to get it out of my inbox instead of going through their procedure.
One-Click Unsubscribe is paramount for mailing lists and newsletters not getting marked as Spam.
If your newsletter has a good reputation then clicking "mark as spam" in Gmail prompts the user to automatically unsubscribe instead of marking spam, or to do both. If your newsletter has marginal or bad reputation or does not offer automatic unsubscription then that doesn't appear.
I fear SMTP is going to go the way of RSS at the hands of these giant corps. Closed protocols within machine gun lined walled gardens are the future. Sorry old idealistic computer hipies, we've failed you.
I think that the parent is talking about how much power Google has over mail delivery within its own system, which encompasses a larger number of people. If Google decided to switch to a non standard protocol, then smtp'ers would be left high and dry as Microsoft and Yahoo possibly follow suit to maintain an advantage.
Speculation of course but it does point out the problem with Google becoming too big.
SMTP is the only mainstream mail protocol that leaves the end user in control. That must bug companies like Google something fierce.
I still run Outlook 2010 with Paul Graham's SpamBayes plugin. It's far from perfect -- a whitelist would sure be nice, and how hard can it be to automatically refrain from marking anything as spam if I've emailed that sender before? -- but the fact that I can train it myself and adjust its classification parameters covers a multitude of sins.
I've resisted a lot of peer pressure to use server-side email over the years, both commercial and FOSS. I fully expect to be using SpamBayes in 10 years, probably with a wheezing, clunking copy of Outlook in a VM.
From looking at that, it appears to be a set of tools that high-volume senders of email can use to help ensure they don't get incorrectly flagged as spam. It seems to do nothing to help high-volume receivers of email.
> We also recognize that not all inboxes are alike. So while your neighbor may love weekly email newsletters, you may loathe them. With advances in machine learning, the spam filter can now reflect these individual preferences.
I really wonder how these preferences are reflected if someone hasn't been using spam filters much. I get maybe at most a dozen spam emails escaped a year, and the rest of the emails go through (all mailing lists... I am on a lot of mailing lists) so I get about 50+ emails per day from just DL. So I barely ever need to mark something as spam, or even more something to another folder, so how does Google know what's my preference? It sounds like people who don't actively mark spams are less likely affected...
I had mail that was in my Inbox, shown to me as a notification in Android... and when I went to find it later it had been moved to the spam folder. Highly unacceptable IMO.
very funny, right after I saw this, I decided to check my spam folder just to see if anything important has been filtered out, and I saw an email sent by google marked as a spam:
this email is sent by google when logging in google account from a new machine. they tag their own email as spam ...
Hi xxx,
Your Google Account xxx@gmail.com was just used to sign in from Chrome on Windows.
Don't recognize this activity?
Review your recently used devices now.
Why are we sending this? We take security very seriously and we want to keep you in the loop on important actions in your account.
We were unable to determine whether you have used this browser or device with your account before. This can happen when you sign in for the first time on a new computer, phone or browser, when you use your browser's incognito or private browsing mode or clear your cookies, or when somebody else is accessing your account.
Best,
Yeah, good point. I guess I was feeling unnecessarily cynical.
If I were on the jury, I'd definitely buy it. Their counsel would have to really bone up the argument that it was such equal treatment, they were flagging their own messages. And the prosecution would have to really stretch things, probably entering into conspiratorial territory in order to make a case.
Then again, I've found myself perplexed by jury decisions on tech-related cases more than once. Although having sat on a jury, I can see how such decisions might be made.
Yes, my first reaction was also thinking those were indeed fake google emails. but I checked the logging in time and the from email address, they are legit (I got two emails like this filtered this week).
those emails were sent from no-reply@accounts.I.google.com
Not long ago, I found in my spam mailbox several emails sent by Google's recruiters (from @google.com domain). I was, at the time, going through their interview process.
Another great one is when you're having a conversation with someone, and after several back and forth emails, the next one goes to spam. Sent from the same device, same headers, etc. Presumably it triggered some keywords. But I mean, come on! Obviously if I've replied to this person four times in a row, their fifth email is not spam.
I realize that everything takes time to implement, and developer time is not infinite, but this one seems like pretty low-hanging fruit.
Funny, I used to get a ton of false positives in my gmail Spam folder (mailing lists, marketing I subscribed to, forwards from another address) but with the recent changes, I have just 1 false positive of 476 in Spam.
I had a similar issue at some point, where for a month or two, quite obvious "not spam" emails were getting caught in the filter. Nobody else on the internet seemed to be having the issue, and then it suddenly one day stopped happening again. I rarely mark emails as spam/not spam, so I don't think it was anything I did.
Been having similar issues as of late. A few very important emails got classified as spam; not nearly 20%, but still enough to compromise my confidence in the system.
We've been seeing a huge number of messages sent through Google Groups via our Google Apps domain flagged as spam. I'm not sure what has triggered it lately, but it's almost impossible for us to communicate through our Google Groups email addresses anymore.
I get about 600 emails a day because I forward everything* from all my email addresses through a single email account, and I only see 9 spam messages in my spam box, and they are all spam.
Subscribing to high volume mailing lists from gmail is something I would actually advise against.
I had legitimate emails bouncing because the mailing list had put me over the maximum number of emails that a free Google account can recieve in a day. I didn't even know there was such a limit until I hit it.
I now run my own mail server and have none of these or the other problems outlined here.
267 comments
[ 3.1 ms ] story [ 255 ms ] threadMicrosoft could own business email again just by answering the phone.
[1] https://news.ycombinator.com/item?id=4496688
My address is my first name + last initial (neither of which are all that uncommon), and this is made much worse by Gmails idiotic ignoring of periods in addresses. There is a dude in Denver, CO who is absolutely convinced his e-mail address is tyler.e@gmail.com. It isn't. I'm really sick of getting his AT&T and car insurance e-mails.
TBH I hardly use personal e-mail these days, it's basically a bucket that receipts and confirmation gets dumped in to, in which case search works well enough. Most actual conversation is done via Facebook or IM, etc.
I wish there was a better way to deal with this type of situation other than constantly sending "please fix your address book" emails. Email is a broken system.
Gmail.com is certainly broken in the sense that they want to cram 10 billion users into a single domain. It's ridiculous marketing/brand-motivated UX failure.
Since forever most mail services had a few vanity-domains, so people could get first.last@wherever.com. But no, Google doesn't want to provide email, they want to provide "Google Mail".
Apologies for the rant, but I can't stand it when big companies create problems through stupidity.
I meant that email is broken in the sense that when some stranger mistakenly thinks that your email belongs to them, and continues to give it out or sign it up for mailing lists, you have absolutely no recourse. If you have an email address that like mine is easily mistaken for other ones you get incorrectly-addressed personal emails many times a day. There is no way to find the actual intended recipient or get in contact with that person to say "hey you seem to be confusd, stop using my email address". And there is no really good way to filter those emails, since after all they are coming to your correct address. I think this is the kind of problem that's difficult to appreciate unless it happens to you frequently.
The problem with email is that anyone can email you if they have your address.. thats why we have so much spam. I dont know what the solution is, but it would be much better if the recipient had to opt-in to the conversation somehow as well.
I believe he means that if tizz.dogg@gmail.com was already taken, Google should offer tizz.dogg@loopyloop.com rather than tizz.dogg1@gmail.com. In fact they shouldn't even show that as an option.
Since Google Is now a domain registrar they could create the new domains on the fly.
Then there wouldn't be namespace collisions.
As for there being "no recourse" -- apart from spam, that's just wrong. It's much faster to reply with a "This is not your Smith"-mail, than it is to write a "return to sender" on an envelope. Same thing for getting phone calls from a different timezone etc.
[ed: I do agree that it's a bit more difficult with people that don't know their own address -- still think it should be quicker to reach their contacts via email than via comparable means.]
Right, and I've sent literally hundreds of those emails. They almost never do any good, because while one person may fix your address in their contacts list, the original person who gave out the faulty address is still out there, unaware that they're giving out bad info. I always ask if the email sender can tell the intended recipient about this when they figure out the right address, but that rarely works. Anyway, I know this is a very specific problem that only affects a small fraction of people, but it's extremely annoying.
I dont really see how allowing other domains would help.. that just shifts the issue to the domain string instead of the user string. I guess it gives people more options. But one of the main benefits of gmail addresses is that it's so common. Everybody knows it, so nobody ever misspells the 'gmail' part at least.
It is annoying however especially since most of the spam in my spam folder is addressed to her through my email address.
I think it's because I'm beginning to resent the idea of every website and its dog requiring that I have a user account before I'm allowed to even browse the content.
I know I get a fair amount of unsolicited marketing list messages that do have an Unsubscribe link, which I click, but I also mark as spam because I never subscribed to it in the first place (of course, I'm also not using Google Mail, I'm using FastMail with a personalized SpamAssassin filter, but I assume it will still influence the global default SpamAssassin filter).
From: [...] Baby <[...]baby@gmail.com>
Subject: HELLO HANDSOME
Body: HOW ARE YOU DOING
There seems to be a fair bit of spam sent to the LKML, I don't know whether there's been more lately, but perhaps the large amount of email sent to many people for the LKML and the fact there's a decent amount of real spam sent there, combined with a more aggressive setting is an explanation?
If anyone is interested they can read it here: https://www.linkedin.com/pulse/20141202174235-36852258--spam...
EDIT: Found it. https://news.ycombinator.com/item?id=9855030
However, previous to setting all that up gmail would commonly mark my messages as spam. I haven't tested it in the last few days.
I don't know about prior messages counting against you, given what I've seen it seems to makes sense. Without insider info we can only speculate.
Because, as an individual, you won't qualify for their FBL service and "mysteriously" you'll have weeks of everyone saying you end up in their spam folder.
[0] http://gmailblog.blogspot.com/2015/07/the-mail-you-want-not-...
[1] https://postmaster.google.com/
I'm not against Gmail, just like I'm not against Outlook.com or Yahoo mail or something. It's just that providing tools only work for players in a power position (i.e. Google) who can afford to ignore small players (i.e. me), and what's more, this further strengthens their power position: the better they can detect spam so more people will start using it (the postmaster tools are there to help people prove they are good, thus helping Gmail distinguish).
This was years ago but I guess that person was not alone.
You know how Google treats its free customers with utter contempt? I can assure you, they treat paying customers with the same contempt.
It was probably something along the lines of "Well consumers are what matters and they all use major services".
Assuming non-gmail servers are spammers is a pretty epic fail.
I wondr what other forms of "gibberish" Gmail classifys as spam? GPG encrypted mail? Mail containing public ssl keys or CSRs? ANy foreign language not regulalrly hard in Bro-ville, South Bay?
(There's been improvement - for example, recently I received mail from someone I'd corresponded with in the past, and it wasn't initially marked as spam. Gmail used to be more aggressive than that, such that it would be marked as spam unless it was a direct reply to an email I had sent.)
(...for extra irony, that recent message was "I'm stuck in England and can't get home without a few thousand dollars". Her account had been hacked.)
Those of us that are running mail servers are really not loving Google at the moment.
It's a tad terrifying.
Some networks are whitelisted for practical purposes. Google's one of them.
If necessary, I could provide a list of the subject lines of the emails that have been reported. A YC company, Zenefits, is one offender that comes immediately to mind.
But not until Monday. I'm going camping.
Funny thing that happened to me, a mail from Google was marked as Spam. This was a long time ago, and it was from a mailing list, but apart from that, it was a legitimate mail.
DMARC allows a domain to say "email that claims to come from my domain must be signed by me. If it doesn't, burn it with fire, no exceptions". So Gmail is only following the instructions laid out by the sending domain.
This is helping to make the email ecosystem a lot more robust by ending the problem of From forging. Ordinary users rarely realise that the From header is otherwise meaningless so phishing them can be very easy.
However it does not play well with mailman's default settings, and a lot of mailing list admins refuse to help the email ecosystem become more secure (whilst often PGP signing their own mails, doh). So DMARC creates a lot of noise in the technical community from people who have to/want to use mailman based lists.
It seems entirely likely that Google is weighting whether something comes from a private mail server very heavily, and Linus, being who he is, gets a lot of email from private servers.
Not saying this isn't a problem, but it probably doesn't affect 99% of email users.
This helped us:
https://dmarc.postmarkapp.com
Unfortunately that's not the definition of spam.
However I have the same problems Linus has so I am not excusing gmail one bit in this.
So, with a conservative one billion email users, only 10 million users see this problem.
Honestly, if Google took support even half-seriously (or: they considered eg: users of gmail their customers, rather than just their advertisers) -- these kind of issues wouldn't be so bad.
I do think it's just a question of time before Google relegates itself to irrelevance through a strictly inferior product though.
I find about 2 a week that have been marked as Spam and shouldn't have been. Your experience is not everyones (nor is mine).
I have also been having any messages that are replies to messages I send being diverted to my spam folder randomly. It is happening on both my personal gmail account and on a business account.
It seems lately Google has really been less focused on the core components that made them successful in the first place. I have found their search results seem to be returning more spam sites than before. My vote is to get Matt Cutts to come back and start cleaning up spam again :)
I've seen that happen too. And only recently.
Yahoo's spam filter also does this.
I would venture a guess that many or most of them are coming from similar people, or at very least similar domains, or even the same mail server.
There's not really a great solution to that at the moment - either you technically violate RFCs by having your your discussion group software modify some headers, or you deal with other kinds of breakage.
Doing header rewrites is effective for reducing FPs due to DMARC, but adoption is far from universal - off the top of my head I'm not even sure if Mailman supports that at the moment.
Here's an example: you have an address @google.com, which has a DMARC policy of 'quarantine'. You send a message from this address to a discussion group, which in the process, resends your message from a non-google server, thus failing DMARC.
Google's DMARC policy says that if an ISP receives a message from a @google.com From address and the message fails DMARC, that ISP should place the message in the spam folder.
So it boils down to: does a list operator change the From address in distribution group mail to use a list address they own in order to pass DMARC, or do you deal with the filtering consequences of failing DMARC for many domains?
Here's an example from a Google email engineer's recent post to the Mailop list, which is running Mailman software.
Authentication-Results: mx.google.com; spf=neutral (google.com: 2001:41c8:51:83:feff:ff:fe00:a0b is neither permitted nor denied by best guess record for domain of mailop-bounces@mailop.org) smtp.mail=mailop-bounces@mailop.org; dkim=neutral (body hash did not verify) header.i=@google.com; dmarc=fail (p=REJECT dis=NONE) header.from=google.com
http://i.imgur.com/Icfeh60.jpg
I saw his original post on G+, and of course immediately went and checked my gmail spam folder.... and... no false positives at all, 100% correctly identified spam.
I'm starting to think that Notspam signals have no effect at an individual level. Either that or the button is simply a placebo.
Fortunately, the false positives for personal correspondence from individuals are still extremely rare, at least for me.
That's what I do for the Lua Mailing list.
I find this trend of "follow the majority" quite disturbing - it's as if they're implicitly saying that everyone should think the same way and punishing those who don't follow. What's spam to me may not be spam to you, and vice-versa.
Then again, having a personalised spam filter for each user would probably consume a huge amount of resources...
As mentioned further up, some scoring works well for many users, but not for all, such as marking eg: Russian/Chinese/Not-spoken-here-by-most language as spam.
I really see no reason for why Google should be so bad at classifying email as they apparently are.
There's a spectrum, and if a given sender looks considerably worse than average, they're more likely to get filtered.
If anything, if a newsletter is getting filtered, it's more likely to be the marketing manager's fault - perhaps they don't adequately monitor deliverability, or they don't test their content, or they don't use activity segmentation... etc.
If I've subscribed to a mailing list or newsletter and there isn't a one-click unsubscribe I'll click the Spam button to get it out of my inbox instead of going through their procedure.
One-Click Unsubscribe is paramount for mailing lists and newsletters not getting marked as Spam.
This may be an anxiety issue on my part. Fair enough. I will generally continue to do it.
Speculation of course but it does point out the problem with Google becoming too big.
I still run Outlook 2010 with Paul Graham's SpamBayes plugin. It's far from perfect -- a whitelist would sure be nice, and how hard can it be to automatically refrain from marking anything as spam if I've emailed that sender before? -- but the fact that I can train it myself and adjust its classification parameters covers a multitude of sins.
I've resisted a lot of peer pressure to use server-side email over the years, both commercial and FOSS. I fully expect to be using SpamBayes in 10 years, probably with a wheezing, clunking copy of Outlook in a VM.
http://gmailblog.blogspot.de/2015/07/the-mail-you-want-not-s...
I really wonder how these preferences are reflected if someone hasn't been using spam filters much. I get maybe at most a dozen spam emails escaped a year, and the rest of the emails go through (all mailing lists... I am on a lot of mailing lists) so I get about 50+ emails per day from just DL. So I barely ever need to mark something as spam, or even more something to another folder, so how does Google know what's my preference? It sounds like people who don't actively mark spams are less likely affected...
this email is sent by google when logging in google account from a new machine. they tag their own email as spam ...
Hi xxx, Your Google Account xxx@gmail.com was just used to sign in from Chrome on Windows.
Don't recognize this activity? Review your recently used devices now.
Why are we sending this? We take security very seriously and we want to keep you in the loop on important actions in your account. We were unable to determine whether you have used this browser or device with your account before. This can happen when you sign in for the first time on a new computer, phone or browser, when you use your browser's incognito or private browsing mode or clear your cookies, or when somebody else is accessing your account. Best,
The Google Accounts team
"Your honor, clearly you can see that our services are so impartial as to flag our own email..."
Something tells me that probably wouldn't work.
If I were on the jury, I'd definitely buy it. Their counsel would have to really bone up the argument that it was such equal treatment, they were flagging their own messages. And the prosecution would have to really stretch things, probably entering into conspiratorial territory in order to make a case.
Then again, I've found myself perplexed by jury decisions on tech-related cases more than once. Although having sat on a jury, I can see how such decisions might be made.
Good job, Google!!
those emails were sent from no-reply@accounts.I.google.com
Why is this message in Spam? It has a from address in accounts.l.google.com but has failed accounts.l.google.com's required tests for authentication.
what are required tests for authentication?
I realize that everything takes time to implement, and developer time is not infinite, but this one seems like pretty low-hanging fruit.
It's likely that he'll actually catch a Googler's attention, but for many of us, user feedback is not an option.
@jacquesm's http://jacquesmattheij.com/ham-or-spam-gmail-not-to-be-trust... is another recent instance — but again, there's no call to action.
Gmail is great for some people, but I prefer having more control, and I highly recommend https://FastMail.com if Gmail is failing to meet your needs.
Source: I am an LF employee.
how do you got a work there?
I had legitimate emails bouncing because the mailing list had put me over the maximum number of emails that a free Google account can recieve in a day. I didn't even know there was such a limit until I hit it.
I now run my own mail server and have none of these or the other problems outlined here.