WingNews logo WingNews GitHub [2]
top | item 28635313

Ask HN: Are you also getting extremely obvious spam bypassing Gmail's filters?

575 points| kace91 | 4 years ago

For the past weeks I've been receiving emails that are pretty obviously spam. Here's one I just got:

sender: Динасий Колпаков <[email protected]> subject: Q7425 7235 F0 8741 (empty body)

They all have similar formats, with a .htm attached file with ridiculous names like "Elon secret invitation" or "how to get free bitcoin".

They are all look like 90's era spam. Yet not only aren't they caught in the spam filter, they arrive to my main inbox, they aren't even classified as promotions or anything.

I can also see a long CC list, since it's not hidden.

Are any of you also having a similar problem?

282 comments

order
[+] im_down_w_otp|4 years ago|reply
For the last year or so I've noticed an increasing amount of my legitimate professional interactions going into my "Promotions" tab in Gmail. The effect of which has been, after discovering a few mishaps of this sort, to now regularly and meticulously go through a massive pile of "Promotions" just to make sure I haven't missed something legitimately urgent or important. Prior to Google's classification errors producing this particular anxiety I used to basically treat the "Promotions" tab as spam to never look at. Now I'm going through all of it with prejudice which means I'm waaaaaaay more aware of marketing drivel than I used to be. As such, I'm pretty sure this "error" is intentional on Google's part to produce exactly this outcome of drawing eyeballs to inbox advertising.
[+] uclastudent1000|4 years ago|reply
Just made an account to let you know that this specific comment made me check my Promotions tab, which happened to contain… an invitation to schedule a software engineering interview. Would definitely have missed that if I didn’t get bored and read this HN thread midway through my lecture.
[+] nikau|4 years ago|reply
The only reliable low maintenance solution is to get your own domain with a catch all mail service.

Then for every email interaction with a 3rd party you make a unique address like [email protected].

You can then just add rules for each incoming mail domain to send them to a junk folder, especially if it was was a one time transaction and subsequent emails are just going to be marketing junk.

It also lets you know who has had their mailing lists compromised as there is virtually zero chance someone would guess the email address like the example above.

[+] labria|4 years ago|reply
I just disable this filtering. It’s more damage than good nowadays…
[+] ksaj|4 years ago|reply
This is an unusual problem that I also witness over and over again. The unusual part is that I'll get same-source emails (eg: mailing lists that I follow) scattered between two different tabs, so it is like Google only forgets where they go sometimes.

I drag them to the proper tab each time, but it doesn't seem to fix anything.

[+] zz865|4 years ago|reply
Its actually worth going through and unsubscribing to those promo emails just to make this easier.
[+] chj|4 years ago|reply
This also happened to me. A very important email was put under the promotions. Usually I just kept the gmail tab open and didn't check my phone. Fortunately for me, I noticed this mail on my phone when I was clearing the unread status.

At the same time, all sorts of ads fall into my inbox repeatedly, even I deliberately mark them as spam or junk.

( Being cautious, I just checked the promotions again. And there is another important email lying. WTF!)

[+] markogresak|4 years ago|reply
You can disable the grouping feature.

What I did to reduce the noise in my mailbox is to unsubscribe from all marketing emails, and I move the ones that still come through to spam folder. It was a bit tedious at first, but now gmail is doing a pretty good job at automatically filtering out senders that do not respect my request to unsubscribe.

[+] samstave|4 years ago|reply
There is no way to sort in gmail satisfactorily that I know? Like sort by subject, sender, etc... I can search, but I cant SORT.

Am I missing something obvious?

[+] kazinator|4 years ago|reply
This HN submission is getting spam from gmail accounts, not to your gmail account.
[+] atregir|4 years ago|reply
I could have written this. The exact same thing happens to me and now I am realizing you might be right and it might be on purpose so we scroll through all the unnecessary ads. Arrgh.
[+] znpy|4 years ago|reply
If you didn't realize it, Google has managed to get you to waster your time actually going through advertising (instead of putting that on the side for you).

I'm really surprised most people aren't realizing this.

[+] filleokus|4 years ago|reply
YES! I posted about this two weeks ago, one person agreed but the post never got any traction: https://news.ycombinator.com/item?id=28437472

I haven't heard anything about this when I asked colleagues / IRL friends... I wonder what is going on over at Google

[+] kace91|4 years ago|reply
Well that's good to hear, I can't find any mention about this problem anywhere and I was starting to think that I was being specifically targeted.

Except for the last one, all the calls to action seem to be crypto related, but I don't know if that's relevant to the origin of this attack. Perhaps it's just the most successful way of getting clicks nowadays (?).

It's baffling that google are letting these ones slip. Even marking some as spam does nothing to prevent new ones from coming.

[+] kazinator|4 years ago|reply
> I wonder what is going on over at Google

Probably a whole lot of dont-give-a-darn-about-e-mail, because it's not new and sexy, and likely doesn't drive revenue.

Also, the people who suffer from gmail spam are often non-users of gmail. I.e. neither customers of Google, nor targets of its advertising, nor sources of personal information.

Google doesn't care if <[email protected]> is getting Gmail spam, because that's an outside entity whose existence does not benefit Google.

Plus, Google knows that Gmail is so huge, that nobody can just block all of Gmail. Unlike some small-time mail domain, they do not feel any risk that, if they don't take action to combat spam, they will be blocked as a whole.

If a small-time domain's machine gets listed in some DNS black-hole lists or other dynamic anti-spam databases, they have to care, or they don't get to send mail. It's a dire situation to which they have to respond.

If a Google machine gets listed in these databases, Google doesn't have to care. Anyone actually blocking Gmail machines is essentially just cutting themselves off from a huge e-mail communication hub. It's almost as if that operator were blacklisting itself.

Small fry: OK, that does it, I shall not receive Gmail!

Google: Hahaha; say bye bye to more than half your contacts, then!

In other words, Google knows that e-mail operators who are using blacklists have to pretty much whitelist Gmail servers, and so it doesn't care about blacklists.

[+] samstave|4 years ago|reply
I've posted/commented about it as well.

Interestingly, they can change the font of the subject lines which no valid email I have ever received in gmail has a subject with a different font.

That would be an interesting filter: if subject is !Font, then spam.

[+] rigrassm|4 years ago|reply
I too have been seeing this the last couple weeks, sorry to see I'm not the only one!
[+] jmcphers|4 years ago|reply
I have exactly the opposite problem: tons of legitimate email is getting flagged as Spam by GMail.

It's now happening regularly with emails from people in my contacts with whom I regularly exchange messages.

Mind-boggling. I know spam filtering is a hard problem, but these are just obvious misses.

[+] moosedev|4 years ago|reply
Same. I'd gotten out of the habit of checking my Spam folder, having trusted Gmail to get it "correct enough" for years. But I looked recently and was amazed/horrified how much legitimate email was in there, including a friend's birthday event invitation that I would otherwise have missed.

20% of what is in my "Spam" folder today is what I'd call "spam" in the classical 90s/2000s-internet sense. Obvious trash/scam stuff, usually sex-related.

Most of the rest of my "Spam" looks like what Gmail usually just labels Promotions. It's mail from legitimate organizations that I did indeed give my email address to and have a reasonable expectation of getting semi-regular email from, even if it's just trying to sell me more stuff. The Promotions auto-labeling works (worked) just fine for managing that stuff.

I figured enough users are clicking the "Spam" button on enough "legit promotional" email from real organizations that they did agree to receive email from, that Gmail just started classifying it all as spam, and now doesn't/can't distinguish between "classic" spam and "annoying emails I can't be bothered to unsubscribe from". Sort of a tragedy of the commons of crowd-sourced spam filtering. But maybe there's a better explanation.

[+] skinkestek|4 years ago|reply
If this is company mail you might have a colleague who uses the spam button instead of delete.

I once caught my boss doing this (he was not a native English speaker, but absolutely used to communicating in English so it shocked me.)

[+] pbhjpbhj|4 years ago|reply
I've never understood why Gmail and Hotmail/Live/Outlook don't take a user's own indications as gospel. If I whitelist an email address I want those messages, I don't care if [you think, perhaps erroneously] they are spam.

Possibly the worst is not allowing replys. I mean if a customer sends me a message, and you block the reply as spam how is that serving that customer? Sure mark it, remove viruses, obfuscate links, but let me reply to someone!

[+] superasn|4 years ago|reply
Yes it's unbelievable that gmail would send an email to spam when it's from a person with whom i have had prior correspondence with.

Clearly shows they give more weight to things like scanning, IP reputation, etc vs common sense.

[+] rconti|4 years ago|reply
GMail's spam filter no longer seems to have any intelligence. It's just a slider. Mark the obvious "Car insurance- 15324" subject message spam, and you know for a fact that immediately a bunch of legitimate mail will start getting flagged as spam. Mark that stuff as "not spam" and now you're back to getting obvious spam in your inbox.
[+] thrower123|4 years ago|reply
I don't understand how to get Gmail to stop marking emails from my contacts as spam.

Funny enough, the mails it penalizes worst are GMail addresses for small businesses, like my vet or the pizza shop.

[+] lytefm|4 years ago|reply
Yes, GMail is absolutely terrible on that regard. I've been missing out on project mails from an UN organisation I have been working and exchanging emails with because of their aggressive and useless filters.

For me privately, switching to a better provider solved that.

But having >25% GMail customers and always landing in Spam is horrible. Pretty much any other provider likes our mail server, but GMail always says spam.

Then you're going double opt-ins but customers still mark mails as spam because unsubscribing is too hard. Thanks for nothing.

There is actually an industry in gaming GMails spam filter to somehow get into the inbox: some offer automated replies and unmarking spam, some manually run hundreds of mailboxes and don't do anything else all day than unmarking mails as spam.

[+] mattjaynes|4 years ago|reply
Yes. It's so bad that I find Google's own messages like Google Alerts ending up in my Spam folder. You'd think they'd whitelist their own emails.
[+] skellera|4 years ago|reply
I’m getting the worst of both. Important emails in spam and tons of spam emails in main inbox.

I feel like it used to be near perfect. Something must’ve broken the models.

[+] pmlnr|4 years ago|reply
Yet legitimate mail from my server with valid DKIM, DMARC, SPF, PTR record, decade old domain lands in spam. Good job, AI first Google/Gmail.
[+] lunatuna|4 years ago|reply
I have two accounts with google, one is personal and the other is through work.

My personal account is pretty clean and rarely does anything get through that shouldn't. Occasionally I find something in the spam filter that shouldn't be there, usually password resets.

My work account is seeing a big increase in "professional" spam. "Hey Guy, did you see my last email I sent . . .", "Hey Guy, we are the top network security consultants . . ." Many of them are getting tagged Important. Some of them are so left field it doesn't make any sense that they are listed as important. Here's a good one:

"You asked for it, and we made it. We are delighted to present a complete redesign of our Merge Rules in Duplicate Check." - coming from mta.exacttarget.com

How is that not spam and how did it get tagged important? I have no idea who this company is. I've never done business or corresponded with them.

As I write this I'm coming to the realization that I'm a mechanical turk working for Google to find and report.

What's interesting is that many of the emails are coming from clear email marketing sources like HubSpot and Exact Target. Why would those get bumped up? I also notice some coming from something like xxxx.outbound.protection.outlook.com - not sure what that is exactly, but it mostly comes from companies directly marketing using their spf and dkim domain, but seems to passing through outlook.com.

Email is dying but will never be dead.

[+] Ristovski|4 years ago|reply
Have gotten multiple such emails the last couple of weeks.

I think Googles spam detection is a bit too much lax when the sender itself is using gmail.

These might as well be hacked accounts which have already proven themselves to be valid and "human" at a previous point in time? I doubt gmails spam detection would let a brand new account spam CC'd emails without any sort of detection.

[+] gotrythis|4 years ago|reply
Lately, I've been noticing emails getting flagged as spam that are:

a) replies to emails I sent b) have anything to do with topics I'm actively involved with c) from senders who I have marked as not spam dozens of times

I never used to check the spam filter, now I do almost daily.

[+] tclancy|4 years ago|reply
Yes, I keep getting a bunch of “Your GEICO quote 1234” variations. My thought is spam is like weather fronts at this point: while it feels like that subject line should be obviously flagged up, there is probably some other storm of porn bot spam that is causing the machine learning or filters to bend in just such a way that the car insurance spam can seep through.
[+] stepanhruda|4 years ago|reply
I’m getting those too - and the content is an obvious low-res image, not sure how it’s getting through.
[+] santiagobasulto|4 years ago|reply
I’m also getting these insurance-like ones. Several passing for Statefarm. I might have received 50 in one day.
[+] MrMember|4 years ago|reply
I've been getting the same one. I mark each as spam but that doesn't seem to do anything.
[+] Saris|4 years ago|reply
Same here, I flag them as spam but gmail never puts them into the spam folder.
[+] flowerlad|4 years ago|reply
In my case, the spam that manages to evade Gmail's filters contain an image as the body instead of text.

Fun fact: Back in 2002 ycombinator founder Paul Graham wrote an article on spam filtering. (See http://www.paulgraham.com/spam.html ). I emailed him that his method can be defeated by sending an image of the text, as opposed to the text itself. PG replied and pointed me to this FAQ: http://www.paulgraham.com/spamfaq.html

In the FAQ there is an entry named "What if spammers sent their messages as images?" The answer indicates that is not going to be an issue, because there's still plenty of signals to go by.

Guess PG was wrong!

[+] luis8|4 years ago|reply
I just got one like this 5 minutes ago. They are getting clever i saw that they are embedding this.

onload="document.location.replace(window.atob('aHR0cHM6Ly9ibG9jay1jaGFpbi1ib3gudGsvbXpwaWwvP3RldHRoa3Yg'));"

Which if you decode you get a strange domain.

I assume gmail only looks for urls which in this case is not visible without decoding it

[+] gruez|4 years ago|reply
I thought you couldn't embed scripts/iframes into a html email?
[+] NavinF|4 years ago|reply
Yep, got one 3 days ago that matches your description perfectly. Russian sender name, HTML attachment about Elon/Bitcoin, etc.

Maybe these emails are coming from real users that got hacked? That's probably the easiest way to get past the filter.

[+] MrWiffles|4 years ago|reply
Just another reason to ditch Google all together. I've been using Fastmail (paid, happily so) with my own domain for about 4 years now, and have been gradually changing all my online accounts that were using my gmail.com address to my own domain. Reduces Google's surveillance abilities (to some extent) and I don't have this problem at all.

Also, I use a desktop email client (Spark on MacOS) with IMAP/SMTP. Massive improvement over any webmail client, especially GMail.

[+] sp332|4 years ago|reply
Yes, and don't forget to check your spam folder regularly because a bunch of legit email ends up in there too.
[+] hn_throwaway_99|4 years ago|reply
Glad to see this posted, I got the exact same email this morning: Russian name from a Gmail account, subject that looks just like that (i.e. "long license plate number") and a .htm file. Was very surprised to see it get through GMail's filters.
[+] awb|4 years ago|reply
Yes, it seemed to coincide with a notification I got that my Email was exposed on the dark web as a result of some hack. I forget which one but it was about 6-8 weeks ago I think.

I keep marking them as spam but more keep coming. About 1-2 per day and of varying content but similar visual layout. 90s era spam is a good description.

[+] Twirrim|4 years ago|reply
I've been having a batch of really obvious spam getting past Hotmail's filtering. After years of Hotmail being bad, Microsoft got really good at spam filtering there and I haven't really had issues with spam for close on a decade. It rarely hits my inbox.

This last month, maybe two, I've had extremely obvious spam hit my inbox repeatedly. Picking two cases from today, the subject is the same "FWD: FINAL CALL", from two different senders, "A P P L E" and "NET FLIX". The pattern is pretty much always the same, it's immediately obvious that it's spam. No idea why it's slipping past when they're still catching hundreds a day (I've had this hotmail account from the early days of the platform, used it a bunch all over the place)

[+] alister|4 years ago|reply
I don't have a direct answer to your question, but I want to suggest a possible solution. I've been getting almost no spam for the last 10+ years even though I don't use any spam filtering (neither in my email client nor with my email service provider).

What I did was to switch from Gmail to a paid email provider. Then I started giving every single business a unique email alias, though my friends all get the same email alias. Currently I have 370 active aliases. I've had to disable only 20 aliases in the whole decade which works out to only about 5% of my contacts.

As I said, I use no spam filtering whatsoever, so I find it amazing that Gmail users with spam filtering have such a different experience.

[+] giarc|4 years ago|reply
Yes - I commented about the same awhile ago. How are spam filters not grabbing these "Amazon gift card" offers like the one I received below.

https://imgur.com/4efNttg

[+] retox|4 years ago|reply
Yes, it started in the last 3-4 days. I was going to ask on here if there were any high-profile data breaches recently. I never used Epik.
[+] HighChaparral|4 years ago|reply
Yes. After literally years of never having to worry about gmail spam, really obvious stuff has been coming in for the last few months.