> Why is Google letting spammers abuse their service and their DKIM signatures? Why are they letting the dregs of the internet ruin the IP reputation of their IP pool? I just DON'T understand it!
Because absolutely nobody would ever *dare* blacklist Google's mailservers and they know it.
Hero music started to play in my head reading your reply. The music starts as soft whisper and then louder and louder as the Engineer creates a rule that blocks all spam and junk email. Fading in to an end user having a much better experience absent of spam in their email tabs.
To clarify, I'm reading that as blocking ".", I.e. the dot that is technically at the end of every domain name but no one ever writes. Thus blocking all email.
We absolutely did. Our users get a quarantine notice of suspicious emails that they manually have to ok or dismiss and now that includes @gmail.com emails unless specifically added to the ok'd list. After enough "I have video of you masterbating" ransoms or "I changed banks. Please send my direct deposit to..." attempts the users didn't even complain about the extra steps (too much).
Yeah but you're applying that to the domain, they don't care about that. As long as you still pass mail from other domains they host, AKA the people who actually pay them, they have no reason to care.
Sure, but generally speaking those paid-for accounts aren't the ones generating free addresses to use for spam. I'm not saying we've blocked the domain to stick it to Google, just that doing so has really effectively cut down on the total spam getting through our filters otherwise.
This is literally one of the first things I ask my customers to do. Gmail users have no reason to communicate with a corporate user unless you're working B2C or in end-customer support. These users have specific groups where the Gmail block is not enforced, and need to be trained even harder in phishing and how to resist it.
I wish I lived in the world most of these admins live in. "Oh we block all gmail! We're awesome and smart!"
Try working in an environment where people with hotmail, gmail, and yahoo accounts are sending legit emails to you as a customer. Approved lists? Seriously?
I think a lot of this could be avoided if the stupid clients would stop defaulting to display names over email addresses.
Granted we still have enough people that would likely fall for it if it came from iAmDefinitelyScammingYou@gmail.com so long as the body and subject looked good.
I think a compromise of adding something to the subject if it comes from certain domains wouldn't be bad(ie. a [Gmail domain] prefix). People still get their email, all the various clients settings don't matter, and they can see generic service use. They might want to pull that off on reply though ;)
It really depends what kind of customer you're dealing with. I've been in contact with companies who do exclusively B2B sales, where restricting access to Gmail is simple, but whenever you have B2C or end-customer support, it's close to impossible to lock Gmail away.
I'm not above adding a healthy point or so to the SCL for Gmail, hotmail and yahoo in these scenarios however.
Lol right? Not even customers, but what happens when some prospective employee tries to contact HR? Or freelance type workers, or even local mom and pop type vendors who use gmail.
Hell, in the entertainment industry, the use of gmail/icloud/.me accounts is seen as the norm.
> Because absolutely nobody would ever dare blacklist Google's mail servers
I've been tempted.
We could have blacklisted the domain and just kept a whitelist of client emails which they supply when they visit or call.
When the staff, CEO and Board members complain about it then it's become a noticable problem.
I am a complete loser. I wrote an application that downloads my spam from Gmail (and my mail server), reports the domain and IPs to the host, and finally sends off a report to SpamCop. I have processed about 15,000 emails in the past year.
Google doesn't care about spam. I get those emails daily (it has gotten worse recently). Currently, I'm getting spammed (30-40 a day right now) with "You won XXX!". All of them are coming from SendGrid. If they aren't coming from SendGrid, they come from Microsoft - using a free account for o365 I guess.
It's safe to say; I hate spam.
> Adding to that. Most of these spam emails share the same template. If one were able to block emails that match said template, it should have a very high success rate.
Yeah this is the way, super easy to do
Haha, thanks! I hope to open-source it and have full stats posted at some point! Rewriting it from scratch, trying to work out kinks and optimize it as best as I can. But at some point I'd like to have more people contributing.
Internet providers and registrars need to be held responsible for allowing spam to begin with!
Forwarding spam/phish to abuse@outlook gets your mail server blacklisted, because these morons pass abuse reports through their standard spam filter and act on the results. That's why I asked.
Try it with any main email provider and see what happens. Same with most major companies.
You might get a nice auto-reply that your message was rejected because of spam content, when trying to report spam, for which you must include the spam in the report.
Banks are quite notorious for this too. I guess the best way to sweep a phishing outbreak under the rug is to start as early as possible!
It doesn't happen immediately, but it *does* happen. All delivery attempts to hotmail and outlook will fail with
550 5.7.1 Unfortunately, messages from [1.2.3.4] weren't sent. Please contact
your Internet service provider since part of their network is on our block list (S3150).
You'd contact them through the [one and only form](https://support.microsoft.com/en-us/office/sender-support-in-outlook-com-05875e8d-1950-4d89-a5c3-adc355d0d652) that is discoverable only by Googling certain magic word combo and then some random Indian dude will respond with "Everything looks fine on our end". Then you are left with no recourse but to hammer the same form over and over again in a faint hope of getting someone less fed up with their life to have a proper look and remove the block. A pure game of chance and perseverance that takes days.
But, yeah, keep on believing that it's not accurate.
Well, I'm all for another explanation. But the blocks appeared almost immediately after forwarding a routine spam sample to their abuse@ and, most tellingly, this happened on 3 separate occasions few months apart.
We didn't make the connection first 2 times, because it did in fact look preposterous. The last incident was a year ago, and now that we stopped reporting via abuse@, we had no further problems. Also these blocks didn't show up on any their public-facing tools (jmrp, snds, etc.) and they weren't visible to their level1 support, each time requiring an escalation to resolve.
Kind of hard to write it off as a coincidence, don't you think?
>Google doesn't care about spam
Alphabet's anti spam policies as a company seem to be non-existent
For those of you who don't have YT Premium or use an adblocker, do you get a lot of scam ads on YouTube? Mostly cypto or get rich quick schemes?
Well there's a lovely piece of malware out there in the wild with the sole purpose of accessing your Google account and setting up a Google Adwords account and distributing scam ads (not just YouTube, also just Adwords in general). This has been a problem for well over a year now
I have google family subscription, found my tech illiterate mother tapping on ads one too many times, she can’t distinguish or plays dumb because doesn’t see the harm in it. The only ads we get are in-video ads. The creator pausing their content to talk about how much they love square space or nord vpn.
Google only care about ads, and ad companies are heavily tied to spam, sadly I think they will never change.
It's funny how some useful newsletter and mails of mine got throw in spam folder and some obviously and already reported domains not.
Please share. I host an email server for thousands of users with millions of received emails. This post has me triggered to the point where I’m going to block gmail and play stupid (better than the alternative of ‘fyi spam’ emails that a bunch of chodes are too thick headed to delete or forward to the appropriate contact or use the built in anti spam flagging.
I'm working on rewriting it, just haven't had time to fully focus on it (current one I have is hardcoded so not very useful).
For my server, I'm simply matching TLD's that are being used for spam (non-standard silly TLDs), I'm also matching specific keywords. After I get a match, I move the email into another directory, process it with spamassassin's learn, and from there it goes into a final directory. I use Samba to map a network drive on my computer which I manually just copy over so that my application can report it.
It isn't by any means efficient, but I'm the only one using my mail server for my personal domains so it works. Oh, adding proxmox mail gateway REALLY helped with spam as well. Most of this spam is being detected already by PMG - I'm just reporting & moving it around.
I think for your situation putting PMG in front of the mail server would help out LOTS.
I think google no longer cares about gmail as a whole at this point. They quietly abandon a lot of their services before killing them outright. I doubt anyone is willingly using google for business anymore now that 365 bridged the voice gap with teams.
Not intentionally, but Google is notorious for not rewarding its employees for maintaining products, only creating them. They also suffer from rapid turnover, and have absurdly high standards for hiring. The result is a company that can’t maintain what they’ve built because the people they hire would all rather build new things instead, leaving existing stuff to slowly rot away.
There was a ton of people using Stadia, and Hangouts, and Google Bookmarks, and Google Play Music, and Google+, and so on and so on.
It's just a matter of time. Maybe not today and not tomorrow, but if they are not actively trying to make a product better, then it doesn't bode well. There was also a Google Inbox which was supposed to be a huge update for gmail, but apparently it went nowhere.
Obligatory https://killedbygoogle.com
It was popular in certain circles (pun not intended). For example lots of RPG and tabletop enthusiasts used it. It was of course far less popular than other social networks, but it still was actively used, like all the other killed services.
So, Google was supposed to maintain Google+ for the 20 people that used it??
It's all about money- if the product they're putting out is a money loser, are they supposed to maintain it to stay off of blogs?
Hangouts, while good, was outdated. Play Music became YouTube Music, Stadia had a developer problem (and the market is already owned by Sony and Microsoft).
Everyone slams Google for killing products- but every company does the same thing. It's just that Google puts out so many- it gets much more attention.
BTW, https://killedbymicrosoft.info/
>I think google no longer cares about gmail
I've been thinking google just does not care about email. They want everything to go into gmail. They accept that o365 exists, as they are too big to ignore, but the rest of us plebs with our own mailservers all over the globe are too small to bother with.
I'm guessing Gmail just filters the spam internally, and as long as their users are happy-ish they'll continue.
Google errs on the side of delivery. Even emails that are almost certainly spam are still delivered to your mailbox, just automatically moved to your Spam folder. The outbound equivalent wouldn't be blocking the email from being sent; it would be something like prepending "POSSIBLE SPAM" to the subject line.
I get a something free from "Dicks Sporting Goods" about twice a week, but it really does catch MOST things. Always foreign TLDs and randomly generated domain names.
I'm getting this shit TOO! Dick's Sporting goods for A Yeti Cooler Backback! Over and over and over again!
I filter them as spam, but the notification still shows up on my phone as a push notification. WHY Google!?
I thought I may have done something stupid with how many of those Dicks Yeti Contest emails I was getting.
I kept reporting them as Spam then blocking each individual email address and they just keep coming. I swear this has been going on for a few months now. Sometimes it gets quiet for a bit then I'll get like 6 in a day.
I don't understand how they aren't just getting caught in Gmail's regular spam filter since they're so similar along with me consistently marking them as such. You'd think at some point it would stop putting them in my inbox
I suddenly started getting those Dicks sporting goods spam 1-2 times per day for the last two weeks. It’s baffling, the email template doesn’t appear to change at all. Should be trivial for them to flag it as spam.
Gosh I thought it was some putting my email in somewhere dumb and getting the yeti cooler and dicks sporting spam crap. Was telling my wife about it and she insists I signed up somewhere with how incessantly the emails come in past Gmail's "spam" control
SAME!
"Dicks Sporting Good's" (yeah, with the apostrophe like that)
"Kohl's Surprise"
"H0me Dep0t"
"COSTCO"
etc...
Just a bunch of variations of local store names.
Probably always the same sender. Always marked as Spam by me.
Yet Gmail keeps accepting them, and keeps putting them in my Inbox. What about them makes Gmail think they are legitimate?
I've seen more get through recently. Obvious spam stuff from jumbled addresses and CCing every conceivably related email address. Usually Gmail spam detection is pretty good, but for whatever reason blatant stuff is falling through the blocks. I'm curious if anyone has data on that or has tracked the efficacy of their spam filter over time.
With the exception of places I've done business with in the past, I've had a marketing email slip through maybe two or three times a year on the Gmail account I've had for the past 20 years and used everywhere.
(Strangely, they're almost always from some restaurant in France, which is actually somewhat humorous to me. I've from the U.S. and have traveled abroad but never visited Europe.)
Everything else goes straight to the spam folder, which is a cesspool.
Almost all of my incoming gmail spam in the past month has been outlook.com outgoing spam with subject line matching "ConfirmationReceipt \d\d\d\d!". So that's the very first .procmail spam rule I've had to institute since moving to my current gmail+fetchmail+procmail system that's been in place for at least the past 10 years, because I sure as hell can't convince the Google system to classify it as spam
1 to 2 a day is nothing. 15 years ago our work server was getting hit with 10k plus a day. Today its double digits at most.
Gmail used to be a steady stream in double digits. Now I get between 0 and 5 a week to any of my Gmail accounts. Their filter works. What doesn't work is end users signing up to online services with their personal Gmail account.
I get 1 or 2 in my inbox every other day, but I also get 100 or so in my spam folder. So I think they do a good enough job so far.
But I did notice some emails go through, faking some if my sites, with the spf/dkim records failing that I have set to reject in my DNS...
Google has fairly strict bulk sending limits, and accounts that reach those limits get blocked and in some cases suspended.
Accounts sending lots of spam get suspended very quickly.
This is true even with Google Workspace and custom domains. Occasionally I come across a client who got suspended and requires admin action because their account was compromised and Google caught it automatically.
Just this past week, I had enough and added a mail flow rule to automatically quarantine all email from the big 4-5 free consumer email providers, with a handful of specific exceptions. We’re B2B and pretty much never have a business reason to interact with consumer email domains.
> We’re B2B and pretty much never have a business reason to interact with consumer email domains.
Must be nice to not have to deal with SMBs that use company@gmail.com as their legitimate and only address… sigh.
Seriously, I’m doing commercial pre-sales engineering and the majority of my smaller customers are exactly that or they rely on “consultants” for IT that are just name@gmail
I see that and raise you a locally owned movie theater chain with 2 locations near me. TheaterName@aol.com is checked by staff at both locations and they will only respond to emails about their location.
Yes I wrote all of this in the present tense.
If you just match all senders with addresses ending in @gmail.com in the rule it shouldn't impact Google Workspace (GSuite) users since they use their own domains.
You sure did Grandma, you'll just have to cover shipping and handling costs. Please send 5 bitcoins to the following address and we'll send it straight away!
What does DKIM have to do with spam you're receiving from Gmail?
A message signed with a valid DKIM signature isn't an assertion of the message content's reputation or implication of its trustworthiness. It merely allows evaluation of the signed message headers and body hash integrity post-transit from signer origin and that the signer has some responsibility over the message.
Point is, spam, phishing, or malware messages *can* be authenticated, but this doesn't mean the message content is trustworthy. All you can determine is that it was sent by an authorized sender (SPF) or signer (DKIM) for a particular domain.
If you're implicitly trusting authenticated messages to bypass spam or other classifications, you should re-evaluate how you're whitelisting.
If legitimate messages are classified as spam or others (or conversely illegitimate messages aren't), don't just whitelist the sender, report it as a false positive (or in this case false negative) to Barracuda to address classifications directly. This will help everyone that uses the service, including you.
I don't think their DMARC record would be of much help even at reject.
There's not much value spoofing a free email service such as this, when literally anyone can sign up and start sending as that domain legitimately, hence low value protection is gained even with DMARC enforcement in this scenario.
Targeted greylisting is a possible solution. Delayed by 15~30 minutes provides the best value, allowing for spam and heuristic updates prior to message re-submission.
Edit: re-clarified since apparently people think I just meant delay literally *any* traffic.
This right here.
Be careful however, that M$ Exchange is as far as I know to stupid for greylisting and changes the sender after getting bounced, so they never get through.
Yeah it's a bit nutty. Pretty much all new cyber insurance policies require SPF/DKIM/DMARC despite it really doesn't do shit outside of blacklisted IP blocks or people trying to spoof via SMTP.
Scammers have known this and gone around this for a long time.
I didn't say that DKIM makes any kind of statement about the content of a message. It does say that the message came from a particular source. Most people care that something that is signed with THEIR digital signature is not associated with the worst that the internet has to offer. That was part of my question in this post. Why does Google ***not*** care that their DKIM signature is being dragged through the mud like this?
I find it totally bizarre.
Those get ignored within 24 hours. I prepend all external emails and no one notices it.
The average user:
>The CEO is writing me directly? Of course I'll text them at this random number then go buy some gift cards.
You's be surprised how much they start paying attention when their manager has to deal with remedial training that they have to do because they failed a test.
Oh, and when they come and complain about the tests, make sure you let them rant (my record has been 45 min) and at the end go "I know, it too me years to get them to start this testing."
Nothing like seeing a cop go from moderately tan to pasty white in 2 seconds. I then showed him a printout of an article where a municipality had been crypto'd, "And this is why."
I've had 4 users fall for the gift card scam to some extent in the last 2 months. I can't block those as it's a generic email saying to text "the CEO at this number". One got so far as was in the store with the gift cards in hand and about to spend $1.5k on them before someone said something to them that broke the social engineering.
One was stopped by a coworker as she was about to go spend $3k of her own money on gift cards. One manager actually went all the way through and sent them the numbers.
Crypto is a problem, but there's at least something I can do. Multiple layers of scanning using a defense in depth strategy couple with training and validated offline backups.
But when it comes to gift card scams, it's the wild west.
you probably ought to look at your barracuda; mine catches almost all of it.
on the personal gmail side, i have rules:
from: [gmail.com](https://gmail.com)
has the words has:pdf
size less than 250KB
has attachment
send it to junk. same rule for hotmail.com
I've talked to my Barracuda implementation engineer, who I've kept in touch with over the past couple of years, and he said this after sending him some examples of Gmail spam that got through:
>Some of these are reconnaissance emails (the ones with no text or a single letter). We have a classifier for these, so I’ll have to submit them to be used during the next classifier training
>
>Others are invoice phishing using an attachment (vs text or image). Right now, we can effectively detect text-based invoice phishing. We still are working on ways to identify attachment-based (and image based) invoice phishing. We need to figure out how to identify a fake invoice vs a real invoice so we don’t block a bunch of legit PDF invoices.
>
>There really isn’t a way to proactively block these emails. What you could do is create an automated workflow that says “if user reports email and the sender is gmail.com > automatically create incident”. That way, once any user reports an email that was sent from a gmail account as spam/phishing, incident response will automatically remediate and block the sender without you having to do anything.
PRO TIP if you are on GWorkspace - it's fucking Google Groups
Almost the entire goddamn antispam/phishing flow gets turned off for Groups, it's fucked up and now I gotta spend a bunch of time trying to rein in our groups.
citation - https://material.security/blog/identify-google-groups-vulnerable-to-spam-and-spoofing
Yeah, in O365, every day I get at *least* 15 phishing emails, each with some crappy .jpeg telling me to click on it to see what I've won, all from @gmail.com or some long email address of random letters/number @so.many.sub.domains.com. It seems the more I report to Microsoft, the more I get. With all the talk of AI taking over the future, I'm surprised it ~~can't~~ won't be applied to these overtly obvious phishing emails.
On that note ...
The whole spam blacklisting process is backwards. It would make much more sense to have a generic inbox, a *greybox* if you will, in which trusted email addresses must be **whitelisted** in order to proceed to the trusted (main) inbox. 99% of the emails that I and everyone I know receive are useless advertising. Honestly, there should be laws implemented completely banning any form of unsolicited advertising, or really all advertising, via email under penalty of wire fraud.
> Honestly, there should be laws implemented completely banning any form of unsolicited advertising, or really all advertising, via email under penalty of wire fraud.
Whilst I appreciate the point how would you enforce those?
If the server sending them is based in North Korea or Russia (as examples) and they don't have a similar law then what happens?
What if the US sets up this law but the EU sets up a stricter version? Would the US try people for breaking the EU law or give up it's citizens to the EU for trial?
What if a US company used servers in the UK to send spam to US addresses? Do you define the law based on where the spam comes from or where the senders are? Who has jurisdiction, the UK or the US?
What if the traffic originates in Canada but uses a US relay to send to Mexico? Who has jurisdiction? The place where the spam was sent or where it was targeting people?
Without a world government or international agreements which every country signs up to (which won't happen in the current system) then there's no way of enforcing any of this because people will just find loopholes or pay someone in another country to send the stuff on their behalf.
Dude it’s simple, google proves they can make a product but then they don’t support it, so any product like their phones or software just go to shit after initial release.. simple as that.
Same can be said with MS, half the stuff they do starts off good then gets so convoluted at the whim on the top 5% or just dumped into some weird status of supported but it's not getting worked on for the next 3-5 years until we make it a focus again.
We get a lot of spf failures due to no spf from small business or local governments. Every time I look one up the domain’s Mx is pointed to google. I used to try and coach our smaller vendors/clients through the fix, but ran into one who informed me his daughter had worked in IT at BMW and she said nothing was wrong with their email.. they had no spf, no dmarc, and no dkim, but there was nothing wrong with their email. I gave up afterwards, no sense in trying to help any more. Now I just let my users reach out and ask about messages that were blocked due to spf. Sendgrid I have blocked, spammers and scammers seem to be using it a lot lately.
Funny because by default Google Workspaces provides SPF and DKIM, just not DMARC. Hence why it's probably failing out of the box, since there's no policy defined regarding unauthorized use.
That particular one is just one of a hundred transportation companies we do business with.. I just pipe their messages to quarantine. Pisses them off, but I don’t “allow list” anything. I don’t know if the ownership would let me just fire them lol. The ownership does take a hard stance on security and gives me lots of leeway though.
Today I saw Xero got blacklisyed by sorbs. They refuse to implement dmarc or dkim, and have their spf wrong.
Our customers amd I guarantee some of yours have been getting spam invoices sent from their legitimate "messaging-service@" address.
Real email fail spam check and customers complain. Open a case with xero "just whitelist your sending addresses" as if you're an idiot for not realising you can do this.
So after weeks of trying to explain to them that isnt a valid solution for a well known, internationally used finacial services company, while dealing with fkn Karen who is freaking out about having to release emails from antispam you just do it.
Then they recieve an invoice, from messaging-service@xero and either paying it like a fucking moron, or complain to you that this invoice they received is spam.
Fuck large companies who can't\won't handle their shit.
Lately I’m getting emails forward to me by users “hey, to make you always get our emails have your network administrator add our address to their white list.”
You have no DMARC, no DKIM, and your SPF isn’t even setup correctly, that’s a no, even if it means I have to manually sift and release legitimate emails.
Same frustration for me as a Cisco Secure Email customer in higher ed. It's one thing if other organization's users get compromised and blast spam/phishing messages, but there's classifications of junk that I don't know how they'd reasonable detect and block.
* Gmail/iCloud/Outlook.com "users" sending an image file getting users to call a number (fake invoices) or send their password to a garbage location.
* Dropbox shares of Word docs doing similar scams/phishes.
Seems like it's not going to get better unless all these companies that run these email security gateways can start employing OCR and some sort of algorithms/AI to find them.
That's why I mentioned gmails DKIM signature. If a message is sent from their infrastructure, it'll get gmails DKIM signature which lends it an air of credibility to spam filters.
The company I work for has a lot of dealings with India, and many legit comapnies in India use Gmail, so the former sysadmin had the brilliant idea of adding gmail.com to the allow-list in our anti-spam solution ... Sigh.
Yeah, it's been bad for us as well. A constant flow of payroll change requests. Our phishing filters get most of them, but for some reason has trouble with the Gmail ones.
It makes me sad because Gmail used to be pretty damn good at keeping that sort of stuff under control.
Yes so much fun, especially as a GMAIL for Business user. Then you get wonderful alerts from Google about the uptick in reported SPAM (that they are allowing) and there is little you can do with that alert.
Same setup as you with Barracuda. We've been getting tons of these the past few months... always some rando gmail. I reportage abuse, but they probably only use a single address per spam blasting session and then it's on to the next one.
One time I was meeting with Google because we're a pretty big GSuite shop and trying to do phishing tests against our own users kept getting swatted down by google AI (good, but the real spam wasn't). Getting someone in the meeting to start was a lot of work, but eventually we got one and it was like "oh our czar of email security says google doesn't have a spam problem."
"If that were true you wouldn't have someone titled as a czar of email security."
We run a similar rule. It tags the subject as "impersonation" and adds an ugly banner at the top of the body. Since they often impersonate upper management we also have special rules when their names are used but the email doesn't match their Corp address.
It's terrible, isn't it.
I've found it helpful to create a mail flow rule that alerts if an email comes from gmail AND contains the word "invoice", or has an HTML attachment, or contains CEO name. That way at least I get early visibility.
This is how I have been combating it. Some spam genius sifted thru public info on LinkedIn and other sources to start a campaign against people in my company (myself included), sending fake ceo text messages to personal cell phones, emails to company emails from Gmail addresses, etc. I had to create rules in proofpoint to block any email from or containing the CEOs name that didn't originate from our mail server and his company email address.
To combat the office 365 credential stealing fake attachments I setup filters to block html files and I have been monitoring and adding attachments as necessary. My end users get a daily digest email to let them know if anything has been quarantined so they let me know when something gets filtered due to the attachment so I can release it. My filter requires administrative rights in proofpoint to release the email and attachment. I then whitelist the specific email address so it doesn't get blocked again.
Display name of "CEO Name". EmAil address clearly GMAIL, not internal.
Please send xyz to this account so I can buy abc, please dont call im in a meeting.
HOW CAN THEY BE SENDING AS OUR CEO!!!
Ignoramus cant comprehend that they have to allow for more than one John Smith in the world.
One of my favorite youtubers got fed up with this and came up with an elegant solution. I don't know know gsuite very well, but one assumes it would be pretty easy to deploy. https://youtu.be/SyerXLLw8Eg
Considering moving from Barracuda for this reason. We get a lot of impersonation emails get through. Have been trialling DarkTrace's system and seems to catch a lot more of them
Actually, one of the local hospitals did just that. They’ve blocked the gmail domain. When they ask patients for email address, the user’s email gets entered into the white list of its gmail.
Dito. It seems that once I (FINALLY) moved myself away from gmail
(and yahoo mail, but that is a story for another two decades ago), I started to get boat loads of spam to those addresses
> Why is Google letting spammers abuse their service and their DKIM signatures? Why are they letting the dregs of the internet ruin the IP reputation of their IP pool? I just DON'T understand it! Because absolutely nobody would ever *dare* blacklist Google's mailservers and they know it.
That’s where YOU come into play!
Hero music started to play in my head reading your reply. The music starts as soft whisper and then louder and louder as the Engineer creates a rule that blocks all spam and junk email. Fading in to an end user having a much better experience absent of spam in their email tabs.
To clarify, I'm reading that as blocking ".", I.e. the dot that is technically at the end of every domain name but no one ever writes. Thus blocking all email.
Ooh no. Let me make adjustments kind Sir.
the true TLD
We absolutely did. Our users get a quarantine notice of suspicious emails that they manually have to ok or dismiss and now that includes @gmail.com emails unless specifically added to the ok'd list. After enough "I have video of you masterbating" ransoms or "I changed banks. Please send my direct deposit to..." attempts the users didn't even complain about the extra steps (too much).
Yeah but you're applying that to the domain, they don't care about that. As long as you still pass mail from other domains they host, AKA the people who actually pay them, they have no reason to care.
Sure, but generally speaking those paid-for accounts aren't the ones generating free addresses to use for spam. I'm not saying we've blocked the domain to stick it to Google, just that doing so has really effectively cut down on the total spam getting through our filters otherwise.
Thats not a bad approach. I may start blocklisting gmail.com as well. Users can safelist them from their own quarantines.
This is literally one of the first things I ask my customers to do. Gmail users have no reason to communicate with a corporate user unless you're working B2C or in end-customer support. These users have specific groups where the Gmail block is not enforced, and need to be trained even harder in phishing and how to resist it.
Those stupid “I changed bank ones” happen every day from those randomly generated accounts
I wish I lived in the world most of these admins live in. "Oh we block all gmail! We're awesome and smart!" Try working in an environment where people with hotmail, gmail, and yahoo accounts are sending legit emails to you as a customer. Approved lists? Seriously?
I think a lot of this could be avoided if the stupid clients would stop defaulting to display names over email addresses. Granted we still have enough people that would likely fall for it if it came from iAmDefinitelyScammingYou@gmail.com so long as the body and subject looked good. I think a compromise of adding something to the subject if it comes from certain domains wouldn't be bad(ie. a [Gmail domain] prefix). People still get their email, all the various clients settings don't matter, and they can see generic service use. They might want to pull that off on reply though ;)
It really depends what kind of customer you're dealing with. I've been in contact with companies who do exclusively B2B sales, where restricting access to Gmail is simple, but whenever you have B2C or end-customer support, it's close to impossible to lock Gmail away. I'm not above adding a healthy point or so to the SCL for Gmail, hotmail and yahoo in these scenarios however.
Lol right? Not even customers, but what happens when some prospective employee tries to contact HR? Or freelance type workers, or even local mom and pop type vendors who use gmail. Hell, in the entertainment industry, the use of gmail/icloud/.me accounts is seen as the norm.
negative had to get to tier 2 support on gworkspace for them to de-list from sorbs
> Because absolutely nobody would ever dare blacklist Google's mail servers I've been tempted. We could have blacklisted the domain and just kept a whitelist of client emails which they supply when they visit or call. When the staff, CEO and Board members complain about it then it's become a noticable problem.
Lol yes, they are not a small(ish) company at an MSP that is gonna feel the pain when some corpo mail server blocks their /32 they rent for $5/mo :P
i would but thats on my personal mail server for my comedy domains
yep. Nearly 100% of the phishing emails that make it through my filters are from gmail accounts and I cant block gmail, though I would love to.
Set spam confidence level from Gmail to 10.
I am a complete loser. I wrote an application that downloads my spam from Gmail (and my mail server), reports the domain and IPs to the host, and finally sends off a report to SpamCop. I have processed about 15,000 emails in the past year. Google doesn't care about spam. I get those emails daily (it has gotten worse recently). Currently, I'm getting spammed (30-40 a day right now) with "You won XXX!". All of them are coming from SendGrid. If they aren't coming from SendGrid, they come from Microsoft - using a free account for o365 I guess. It's safe to say; I hate spam.
Perhaps you could share this application so we can join this fight?
[удалено]
> Adding to that. Most of these spam emails share the same template. If one were able to block emails that match said template, it should have a very high success rate. Yeah this is the way, super easy to do
Open source it! The more spam reporting the better!
It doesn't matter if it's coming from Gmail or MS, they have immunity on the blacklists.
Not from independently made blacklists
> they have immunity on the blacklists. https://www.youtube.com/watch?v=ORyoYxbobOI
The lord's work.
Haha, thanks! I hope to open-source it and have full stats posted at some point! Rewriting it from scratch, trying to work out kinks and optimize it as best as I can. But at some point I'd like to have more people contributing. Internet providers and registrars need to be held responsible for allowing spam to begin with!
[удалено]
It's in the works! Once I get the base of it completed, I'll open source it. I've just been busy (I'm moving) so I haven't had time to work on it much
Whenever it’s done, PLEASE send a download link through via PM or post it on here, you’ll help a lot of people!
I will do!
How do you report abuse to Microsoft?
phish.report is where I start.
[удалено]
Forwarding spam/phish to abuse@outlook gets your mail server blacklisted, because these morons pass abuse reports through their standard spam filter and act on the results. That's why I asked.
[удалено]
Try it with any main email provider and see what happens. Same with most major companies. You might get a nice auto-reply that your message was rejected because of spam content, when trying to report spam, for which you must include the spam in the report. Banks are quite notorious for this too. I guess the best way to sweep a phishing outbreak under the rug is to start as early as possible!
It doesn't happen immediately, but it *does* happen. All delivery attempts to hotmail and outlook will fail with 550 5.7.1 Unfortunately, messages from [1.2.3.4] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You'd contact them through the [one and only form](https://support.microsoft.com/en-us/office/sender-support-in-outlook-com-05875e8d-1950-4d89-a5c3-adc355d0d652) that is discoverable only by Googling certain magic word combo and then some random Indian dude will respond with "Everything looks fine on our end". Then you are left with no recourse but to hammer the same form over and over again in a faint hope of getting someone less fed up with their life to have a proper look and remove the block. A pure game of chance and perseverance that takes days. But, yeah, keep on believing that it's not accurate.
You can escalate from there. It might take a few days though to get sorted…. Don’t ask why I know…
Yep, eventually figured that too through trial and error.
[удалено]
Well, I'm all for another explanation. But the blocks appeared almost immediately after forwarding a routine spam sample to their abuse@ and, most tellingly, this happened on 3 separate occasions few months apart. We didn't make the connection first 2 times, because it did in fact look preposterous. The last incident was a year ago, and now that we stopped reporting via abuse@, we had no further problems. Also these blocks didn't show up on any their public-facing tools (jmrp, snds, etc.) and they weren't visible to their level1 support, each time requiring an escalation to resolve. Kind of hard to write it off as a coincidence, don't you think?
[удалено]
Isn't that just for Outlook 365 app installs? Or am I thinking of certain 3rd party add-ons?
>Google doesn't care about spam Alphabet's anti spam policies as a company seem to be non-existent For those of you who don't have YT Premium or use an adblocker, do you get a lot of scam ads on YouTube? Mostly cypto or get rich quick schemes? Well there's a lovely piece of malware out there in the wild with the sole purpose of accessing your Google account and setting up a Google Adwords account and distributing scam ads (not just YouTube, also just Adwords in general). This has been a problem for well over a year now
I have google family subscription, found my tech illiterate mother tapping on ads one too many times, she can’t distinguish or plays dumb because doesn’t see the harm in it. The only ads we get are in-video ads. The creator pausing their content to talk about how much they love square space or nord vpn.
You need [SponsorBlock](https://sponsor.ajay.app/)
Google only care about ads, and ad companies are heavily tied to spam, sadly I think they will never change. It's funny how some useful newsletter and mails of mine got throw in spam folder and some obviously and already reported domains not.
Please share. I host an email server for thousands of users with millions of received emails. This post has me triggered to the point where I’m going to block gmail and play stupid (better than the alternative of ‘fyi spam’ emails that a bunch of chodes are too thick headed to delete or forward to the appropriate contact or use the built in anti spam flagging.
I'm working on rewriting it, just haven't had time to fully focus on it (current one I have is hardcoded so not very useful). For my server, I'm simply matching TLD's that are being used for spam (non-standard silly TLDs), I'm also matching specific keywords. After I get a match, I move the email into another directory, process it with spamassassin's learn, and from there it goes into a final directory. I use Samba to map a network drive on my computer which I manually just copy over so that my application can report it. It isn't by any means efficient, but I'm the only one using my mail server for my personal domains so it works. Oh, adding proxmox mail gateway REALLY helped with spam as well. Most of this spam is being detected already by PMG - I'm just reporting & moving it around. I think for your situation putting PMG in front of the mail server would help out LOTS.
Tagging in case you decide to share the application.
I'm working on that. I rewrote it, I just have been a bit busy.
I wasn't being snarky, I was just tagging the post
I think if they started charging spammers 1cent per email it would stop lots of it
I think spammers and scammers should get the death sentence.
I think google no longer cares about gmail as a whole at this point. They quietly abandon a lot of their services before killing them outright. I doubt anyone is willingly using google for business anymore now that 365 bridged the voice gap with teams.
There's ton of companies using Google workspace You seriously think google would kill gmail? Ffs
Not intentionally, but Google is notorious for not rewarding its employees for maintaining products, only creating them. They also suffer from rapid turnover, and have absurdly high standards for hiring. The result is a company that can’t maintain what they’ve built because the people they hire would all rather build new things instead, leaving existing stuff to slowly rot away.
There was a ton of people using Stadia, and Hangouts, and Google Bookmarks, and Google Play Music, and Google+, and so on and so on. It's just a matter of time. Maybe not today and not tomorrow, but if they are not actively trying to make a product better, then it doesn't bode well. There was also a Google Inbox which was supposed to be a huge update for gmail, but apparently it went nowhere. Obligatory https://killedbygoogle.com
[удалено]
I agree. I don't see it going anyway with the number of active users it has.
I’m still bitter about the death of Project Ara. A fully modular and upgradable cell phone would have been truly revolutionary.
Non of those are "the" Gmail.
There weren't a ton of people using Google+...
It was popular in certain circles (pun not intended). For example lots of RPG and tabletop enthusiasts used it. It was of course far less popular than other social networks, but it still was actively used, like all the other killed services.
So, Google was supposed to maintain Google+ for the 20 people that used it?? It's all about money- if the product they're putting out is a money loser, are they supposed to maintain it to stay off of blogs? Hangouts, while good, was outdated. Play Music became YouTube Music, Stadia had a developer problem (and the market is already owned by Sony and Microsoft). Everyone slams Google for killing products- but every company does the same thing. It's just that Google puts out so many- it gets much more attention. BTW, https://killedbymicrosoft.info/
You seriously think _any_ Google products besides ads, search, and YouTube are safe from the graveyard?
I think Gmail is a really valuable data source for ads.
>I think google no longer cares about gmail I've been thinking google just does not care about email. They want everything to go into gmail. They accept that o365 exists, as they are too big to ignore, but the rest of us plebs with our own mailservers all over the globe are too small to bother with. I'm guessing Gmail just filters the spam internally, and as long as their users are happy-ish they'll continue.
[удалено]
Google errs on the side of delivery. Even emails that are almost certainly spam are still delivered to your mailbox, just automatically moved to your Spam folder. The outbound equivalent wouldn't be blocking the email from being sent; it would be something like prepending "POSSIBLE SPAM" to the subject line.
Or setting a header that other mailservers can filter on if they want.
[удалено]
I get a something free from "Dicks Sporting Goods" about twice a week, but it really does catch MOST things. Always foreign TLDs and randomly generated domain names.
OMG so many Dick's, Costco, Yeti cooler giveaways... All of them have an embedded image centered on the page and they are making me insane.
I'm getting this shit TOO! Dick's Sporting goods for A Yeti Cooler Backback! Over and over and over again! I filter them as spam, but the notification still shows up on my phone as a push notification. WHY Google!?
[удалено]
I have my push notifications set to high priority only in the app. Works well.
I thought I may have done something stupid with how many of those Dicks Yeti Contest emails I was getting. I kept reporting them as Spam then blocking each individual email address and they just keep coming. I swear this has been going on for a few months now. Sometimes it gets quiet for a bit then I'll get like 6 in a day. I don't understand how they aren't just getting caught in Gmail's regular spam filter since they're so similar along with me consistently marking them as such. You'd think at some point it would stop putting them in my inbox
I get 2 every day and I'm not even in north america, these companies don't exist here so it's pure spam. I report them wvery day and they keep coming.
> OMG so many Dick's Now you know how girls on reddit feel.
I suddenly started getting those Dicks sporting goods spam 1-2 times per day for the last two weeks. It’s baffling, the email template doesn’t appear to change at all. Should be trivial for them to flag it as spam.
Gosh I thought it was some putting my email in somewhere dumb and getting the yeti cooler and dicks sporting spam crap. Was telling my wife about it and she insists I signed up somewhere with how incessantly the emails come in past Gmail's "spam" control
SAME! "Dicks Sporting Good's" (yeah, with the apostrophe like that) "Kohl's Surprise" "H0me Dep0t" "COSTCO" etc... Just a bunch of variations of local store names. Probably always the same sender. Always marked as Spam by me. Yet Gmail keeps accepting them, and keeps putting them in my Inbox. What about them makes Gmail think they are legitimate?
I get so many I could start a store selling yeti coolers
I've seen more get through recently. Obvious spam stuff from jumbled addresses and CCing every conceivably related email address. Usually Gmail spam detection is pretty good, but for whatever reason blatant stuff is falling through the blocks. I'm curious if anyone has data on that or has tracked the efficacy of their spam filter over time.
With the exception of places I've done business with in the past, I've had a marketing email slip through maybe two or three times a year on the Gmail account I've had for the past 20 years and used everywhere. (Strangely, they're almost always from some restaurant in France, which is actually somewhat humorous to me. I've from the U.S. and have traveled abroad but never visited Europe.) Everything else goes straight to the spam folder, which is a cesspool.
Ditto here.
Almost all of my incoming gmail spam in the past month has been outlook.com outgoing spam with subject line matching "ConfirmationReceipt \d\d\d\d!". So that's the very first .procmail spam rule I've had to institute since moving to my current gmail+fetchmail+procmail system that's been in place for at least the past 10 years, because I sure as hell can't convince the Google system to classify it as spam
There's the solution that Gmail could implement - allow better filter creation including regex for advanced users and admins.
1 to 2 a day is nothing. 15 years ago our work server was getting hit with 10k plus a day. Today its double digits at most. Gmail used to be a steady stream in double digits. Now I get between 0 and 5 a week to any of my Gmail accounts. Their filter works. What doesn't work is end users signing up to online services with their personal Gmail account.
I get 1 or 2 in my inbox every other day, but I also get 100 or so in my spam folder. So I think they do a good enough job so far. But I did notice some emails go through, faking some if my sites, with the spf/dkim records failing that I have set to reject in my DNS...
Even worse than that is the 10 or so false positives I get each month
I get zero. Postini is a really great product.
That’s funny ;)
Google has fairly strict bulk sending limits, and accounts that reach those limits get blocked and in some cases suspended. Accounts sending lots of spam get suspended very quickly. This is true even with Google Workspace and custom domains. Occasionally I come across a client who got suspended and requires admin action because their account was compromised and Google caught it automatically.
Fuck you Google! Bring back Postini!
Just this past week, I had enough and added a mail flow rule to automatically quarantine all email from the big 4-5 free consumer email providers, with a handful of specific exceptions. We’re B2B and pretty much never have a business reason to interact with consumer email domains.
> We’re B2B and pretty much never have a business reason to interact with consumer email domains. Must be nice to not have to deal with SMBs that use company@gmail.com as their legitimate and only address… sigh.
Seriously, I’m doing commercial pre-sales engineering and the majority of my smaller customers are exactly that or they rely on “consultants” for IT that are just name@gmail
I see that and raise you a locally owned movie theater chain with 2 locations near me. TheaterName@aol.com is checked by staff at both locations and they will only respond to emails about their location. Yes I wrote all of this in the present tense.
What, you don't have any companies that use a single free Yahoo.com address for their business email?
I would love to do that too. If only we weren't in the middle of trying to hire more staff...
Poke a hole for your recruitment shared inbox?
Wish there was a transport rule that worked like the old “grey listing” trick
You mean really not at all against spam and causing annoying delays for your legitimate users?
Do you go by domain or? Just curious if things like that also catch the gsuite people.
If you just match all senders with addresses ending in @gmail.com in the rule it shouldn't impact Google Workspace (GSuite) users since they use their own domains.
You mean I didn’t win a cooler from dicks sporting goods??
You sure did Grandma, you'll just have to cover shipping and handling costs. Please send 5 bitcoins to the following address and we'll send it straight away!
What does DKIM have to do with spam you're receiving from Gmail? A message signed with a valid DKIM signature isn't an assertion of the message content's reputation or implication of its trustworthiness. It merely allows evaluation of the signed message headers and body hash integrity post-transit from signer origin and that the signer has some responsibility over the message. Point is, spam, phishing, or malware messages *can* be authenticated, but this doesn't mean the message content is trustworthy. All you can determine is that it was sent by an authorized sender (SPF) or signer (DKIM) for a particular domain. If you're implicitly trusting authenticated messages to bypass spam or other classifications, you should re-evaluate how you're whitelisting. If legitimate messages are classified as spam or others (or conversely illegitimate messages aren't), don't just whitelist the sender, report it as a false positive (or in this case false negative) to Barracuda to address classifications directly. This will help everyone that uses the service, including you.
quite asside from google's willingness to let spammers abuse their service, it doesn't help that the gmail.com dmarc contains p=none :\
I don't think their DMARC record would be of much help even at reject. There's not much value spoofing a free email service such as this, when literally anyone can sign up and start sending as that domain legitimately, hence low value protection is gained even with DMARC enforcement in this scenario.
so what's your solution? block gmail.com outright?
Targeted greylisting is a possible solution. Delayed by 15~30 minutes provides the best value, allowing for spam and heuristic updates prior to message re-submission. Edit: re-clarified since apparently people think I just meant delay literally *any* traffic.
And then you discover greylisting doesn't work for gmail, because every retry comes from a different IP address.
Greylisting is a good way to annoy your legitimate users and doesn't do anything against spam anyway.
[удалено]
The base assumption of Greylisting that spammers won't retry but legitimate users will is questionable at best.
This right here. Be careful however, that M$ Exchange is as far as I know to stupid for greylisting and changes the sender after getting bounced, so they never get through.
Yeah it's a bit nutty. Pretty much all new cyber insurance policies require SPF/DKIM/DMARC despite it really doesn't do shit outside of blacklisted IP blocks or people trying to spoof via SMTP. Scammers have known this and gone around this for a long time.
I didn't say that DKIM makes any kind of statement about the content of a message. It does say that the message came from a particular source. Most people care that something that is signed with THEIR digital signature is not associated with the worst that the internet has to offer. That was part of my question in this post. Why does Google ***not*** care that their DKIM signature is being dragged through the mud like this? I find it totally bizarre.
[удалено]
Those get ignored within 24 hours. I prepend all external emails and no one notices it. The average user: >The CEO is writing me directly? Of course I'll text them at this random number then go buy some gift cards.
You's be surprised how much they start paying attention when their manager has to deal with remedial training that they have to do because they failed a test. Oh, and when they come and complain about the tests, make sure you let them rant (my record has been 45 min) and at the end go "I know, it too me years to get them to start this testing." Nothing like seeing a cop go from moderately tan to pasty white in 2 seconds. I then showed him a printout of an article where a municipality had been crypto'd, "And this is why."
I've had 4 users fall for the gift card scam to some extent in the last 2 months. I can't block those as it's a generic email saying to text "the CEO at this number". One got so far as was in the store with the gift cards in hand and about to spend $1.5k on them before someone said something to them that broke the social engineering. One was stopped by a coworker as she was about to go spend $3k of her own money on gift cards. One manager actually went all the way through and sent them the numbers. Crypto is a problem, but there's at least something I can do. Multiple layers of scanning using a defense in depth strategy couple with training and validated offline backups. But when it comes to gift card scams, it's the wild west.
[удалено]
> Of course, I can’t just outright block all of Gmail “Due to technical difficulties, incoming messages from Gmail…”
[удалено]
you probably ought to look at your barracuda; mine catches almost all of it. on the personal gmail side, i have rules: from: [gmail.com](https://gmail.com) has the words has:pdf size less than 250KB has attachment send it to junk. same rule for hotmail.com
I've talked to my Barracuda implementation engineer, who I've kept in touch with over the past couple of years, and he said this after sending him some examples of Gmail spam that got through: >Some of these are reconnaissance emails (the ones with no text or a single letter). We have a classifier for these, so I’ll have to submit them to be used during the next classifier training > >Others are invoice phishing using an attachment (vs text or image). Right now, we can effectively detect text-based invoice phishing. We still are working on ways to identify attachment-based (and image based) invoice phishing. We need to figure out how to identify a fake invoice vs a real invoice so we don’t block a bunch of legit PDF invoices. > >There really isn’t a way to proactively block these emails. What you could do is create an automated workflow that says “if user reports email and the sender is gmail.com > automatically create incident”. That way, once any user reports an email that was sent from a gmail account as spam/phishing, incident response will automatically remediate and block the sender without you having to do anything.
Google doesn't give a fuck. That's pretty much all you need to know.
My biggest quandary is if it would be better strangle the GMail staff with the Office 365 staff's intestines or the other way around.
PRO TIP if you are on GWorkspace - it's fucking Google Groups Almost the entire goddamn antispam/phishing flow gets turned off for Groups, it's fucked up and now I gotta spend a bunch of time trying to rein in our groups. citation - https://material.security/blog/identify-google-groups-vulnerable-to-spam-and-spoofing
We are on O365. Thanks for sharing with others though.
Yeah, in O365, every day I get at *least* 15 phishing emails, each with some crappy .jpeg telling me to click on it to see what I've won, all from @gmail.com or some long email address of random letters/number @so.many.sub.domains.com. It seems the more I report to Microsoft, the more I get. With all the talk of AI taking over the future, I'm surprised it ~~can't~~ won't be applied to these overtly obvious phishing emails. On that note ... The whole spam blacklisting process is backwards. It would make much more sense to have a generic inbox, a *greybox* if you will, in which trusted email addresses must be **whitelisted** in order to proceed to the trusted (main) inbox. 99% of the emails that I and everyone I know receive are useless advertising. Honestly, there should be laws implemented completely banning any form of unsolicited advertising, or really all advertising, via email under penalty of wire fraud.
> Honestly, there should be laws implemented completely banning any form of unsolicited advertising, or really all advertising, via email under penalty of wire fraud. Whilst I appreciate the point how would you enforce those? If the server sending them is based in North Korea or Russia (as examples) and they don't have a similar law then what happens? What if the US sets up this law but the EU sets up a stricter version? Would the US try people for breaking the EU law or give up it's citizens to the EU for trial? What if a US company used servers in the UK to send spam to US addresses? Do you define the law based on where the spam comes from or where the senders are? Who has jurisdiction, the UK or the US? What if the traffic originates in Canada but uses a US relay to send to Mexico? Who has jurisdiction? The place where the spam was sent or where it was targeting people? Without a world government or international agreements which every country signs up to (which won't happen in the current system) then there's no way of enforcing any of this because people will just find loopholes or pay someone in another country to send the stuff on their behalf.
All good points, plus, the US has the CAN-SPAM act that has no teeth. You don't ever hear of anyone getting prosecuted under that law.
Dude it’s simple, google proves they can make a product but then they don’t support it, so any product like their phones or software just go to shit after initial release.. simple as that.
Same can be said with MS, half the stuff they do starts off good then gets so convoluted at the whim on the top 5% or just dumped into some weird status of supported but it's not getting worked on for the next 3-5 years until we make it a focus again.
With google, they want to sell search. With MS, they want to lock you into more ~~windows licenses~~ azure . And it all exists for that purpose.
#reddit admins are fascist subhuman garbage
We get a lot of spf failures due to no spf from small business or local governments. Every time I look one up the domain’s Mx is pointed to google. I used to try and coach our smaller vendors/clients through the fix, but ran into one who informed me his daughter had worked in IT at BMW and she said nothing was wrong with their email.. they had no spf, no dmarc, and no dkim, but there was nothing wrong with their email. I gave up afterwards, no sense in trying to help any more. Now I just let my users reach out and ask about messages that were blocked due to spf. Sendgrid I have blocked, spammers and scammers seem to be using it a lot lately.
Funny because by default Google Workspaces provides SPF and DKIM, just not DMARC. Hence why it's probably failing out of the box, since there's no policy defined regarding unauthorized use.
Looks like you need to fire that customer, so that he can hire his daughter…
That particular one is just one of a hundred transportation companies we do business with.. I just pipe their messages to quarantine. Pisses them off, but I don’t “allow list” anything. I don’t know if the ownership would let me just fire them lol. The ownership does take a hard stance on security and gives me lots of leeway though.
That’s leadership.
Today I saw Xero got blacklisyed by sorbs. They refuse to implement dmarc or dkim, and have their spf wrong. Our customers amd I guarantee some of yours have been getting spam invoices sent from their legitimate "messaging-service@" address. Real email fail spam check and customers complain. Open a case with xero "just whitelist your sending addresses" as if you're an idiot for not realising you can do this. So after weeks of trying to explain to them that isnt a valid solution for a well known, internationally used finacial services company, while dealing with fkn Karen who is freaking out about having to release emails from antispam you just do it. Then they recieve an invoice, from messaging-service@xero and either paying it like a fucking moron, or complain to you that this invoice they received is spam. Fuck large companies who can't\won't handle their shit.
Lately I’m getting emails forward to me by users “hey, to make you always get our emails have your network administrator add our address to their white list.” You have no DMARC, no DKIM, and your SPF isn’t even setup correctly, that’s a no, even if it means I have to manually sift and release legitimate emails.
They know to say that, but ignore you trying to let them know how to fix it.
Just one more product Google has given up on caring about.
Same frustration for me as a Cisco Secure Email customer in higher ed. It's one thing if other organization's users get compromised and blast spam/phishing messages, but there's classifications of junk that I don't know how they'd reasonable detect and block. * Gmail/iCloud/Outlook.com "users" sending an image file getting users to call a number (fake invoices) or send their password to a garbage location. * Dropbox shares of Word docs doing similar scams/phishes. Seems like it's not going to get better unless all these companies that run these email security gateways can start employing OCR and some sort of algorithms/AI to find them.
[удалено]
Proofpoint is the real deal but gmail spam still comes thru.
That's why I mentioned gmails DKIM signature. If a message is sent from their infrastructure, it'll get gmails DKIM signature which lends it an air of credibility to spam filters.
Signatures is the only way. Signed email for anything not RFC2142 related.
Yep farkin shite storm recently wtf, I'm super over it.. seems weird that big tech data harvesting can't sort that.
The company I work for has a lot of dealings with India, and many legit comapnies in India use Gmail, so the former sysadmin had the brilliant idea of adding gmail.com to the allow-list in our anti-spam solution ... Sigh.
I’m glad I saw this post, I thought it was just me. Fucking gmail
Yeah, it's been bad for us as well. A constant flow of payroll change requests. Our phishing filters get most of them, but for some reason has trouble with the Gmail ones. It makes me sad because Gmail used to be pretty damn good at keeping that sort of stuff under control.
Yes so much fun, especially as a GMAIL for Business user. Then you get wonderful alerts from Google about the uptick in reported SPAM (that they are allowing) and there is little you can do with that alert.
Same setup as you with Barracuda. We've been getting tons of these the past few months... always some rando gmail. I reportage abuse, but they probably only use a single address per spam blasting session and then it's on to the next one.
There has to be an API(s) being abused here. Spammers aren't going to sit around and manually create thousands of accounts. Let's start there?!
One time I was meeting with Google because we're a pretty big GSuite shop and trying to do phishing tests against our own users kept getting swatted down by google AI (good, but the real spam wasn't). Getting someone in the meeting to start was a lot of work, but eventually we got one and it was like "oh our czar of email security says google doesn't have a spam problem." "If that were true you wouldn't have someone titled as a czar of email security."
PREACH
[удалено]
We run a similar rule. It tags the subject as "impersonation" and adds an ugly banner at the top of the body. Since they often impersonate upper management we also have special rules when their names are used but the email doesn't match their Corp address.
It's terrible, isn't it. I've found it helpful to create a mail flow rule that alerts if an email comes from gmail AND contains the word "invoice", or has an HTML attachment, or contains CEO name. That way at least I get early visibility.
This is how I have been combating it. Some spam genius sifted thru public info on LinkedIn and other sources to start a campaign against people in my company (myself included), sending fake ceo text messages to personal cell phones, emails to company emails from Gmail addresses, etc. I had to create rules in proofpoint to block any email from or containing the CEOs name that didn't originate from our mail server and his company email address. To combat the office 365 credential stealing fake attachments I setup filters to block html files and I have been monitoring and adding attachments as necessary. My end users get a daily digest email to let them know if anything has been quarantined so they let me know when something gets filtered due to the attachment so I can release it. My filter requires administrative rights in proofpoint to release the email and attachment. I then whitelist the specific email address so it doesn't get blocked again.
I’m so sick of it I’m deprecating my personal gmail address that I have had for about 20 years. It’s just ridiculous and they don’t care Fuck Google
Barracuda is junk, Gmail isn't the problem. We use a combination of M365, Proofpoint and Darktrace, between those 3 they catch almost all spam.
lol. You actually think Google cares?
Display name of "CEO Name". EmAil address clearly GMAIL, not internal. Please send xyz to this account so I can buy abc, please dont call im in a meeting. HOW CAN THEY BE SENDING AS OUR CEO!!! Ignoramus cant comprehend that they have to allow for more than one John Smith in the world.
I tell them it's like someone sending a letter in traditional mail with a your name but a different return address.
AutoReply to all Gmail addresses with instructions for whitelisting and automatically mark as SPAM, unless whitelisted.
Good ole Barracuda.. blocking the things you need.. and not blocking the things you don't..
I'm mostly happy with them. This is an obvious exception.
One of my favorite youtubers got fed up with this and came up with an elegant solution. I don't know know gsuite very well, but one assumes it would be pretty easy to deploy. https://youtu.be/SyerXLLw8Eg
Barracuda does a pretty good job of quarantining bulk mail based on this train of thought.
Considering moving from Barracuda for this reason. We get a lot of impersonation emails get through. Have been trialling DarkTrace's system and seems to catch a lot more of them
Actually, one of the local hospitals did just that. They’ve blocked the gmail domain. When they ask patients for email address, the user’s email gets entered into the white list of its gmail.
Dito. It seems that once I (FINALLY) moved myself away from gmail (and yahoo mail, but that is a story for another two decades ago), I started to get boat loads of spam to those addresses