Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Are you also getting extremely obvious spam bypassing Gmail's filters?
575 points by kace91 on Sept 23, 2021 | hide | past | favorite | 282 comments
For the past weeks I've been receiving emails that are pretty obviously spam. Here's one I just got:

sender: Динасий Колпаков <kolpakovdinasij@gmail.com> subject: Q7425 7235 F0 8741 (empty body)

They all have similar formats, with a .htm attached file with ridiculous names like "Elon secret invitation" or "how to get free bitcoin".

They are all look like 90's era spam. Yet not only aren't they caught in the spam filter, they arrive to my main inbox, they aren't even classified as promotions or anything.

I can also see a long CC list, since it's not hidden.

Are any of you also having a similar problem?




For the last year or so I've noticed an increasing amount of my legitimate professional interactions going into my "Promotions" tab in Gmail. The effect of which has been, after discovering a few mishaps of this sort, to now regularly and meticulously go through a massive pile of "Promotions" just to make sure I haven't missed something legitimately urgent or important. Prior to Google's classification errors producing this particular anxiety I used to basically treat the "Promotions" tab as spam to never look at. Now I'm going through all of it with prejudice which means I'm waaaaaaay more aware of marketing drivel than I used to be. As such, I'm pretty sure this "error" is intentional on Google's part to produce exactly this outcome of drawing eyeballs to inbox advertising.


Just made an account to let you know that this specific comment made me check my Promotions tab, which happened to contain… an invitation to schedule a software engineering interview. Would definitely have missed that if I didn’t get bored and read this HN thread midway through my lecture.


Life pro tip: most recruiters can't write emails that look like they came from humans rather than spambots. If you're actively looking for a job, check all your spam folders daily. I can't tell you how many actual job leads have ended up in mine.


Also, recruiters sends large numbers of similar emails so they look like a spammer to the filters. Then if people who get them just mark them a spam rather than deleting or responding, the problem is compounded.


Depending on your definition of spam, the recruiters might actually be sending spam. I once had a recruiter try to hire me for the company I was already working at and had clearly indicated on my Linkedin...


People who get them might not have opted into them. That is spam, by definition. Elephant in the room of "foot-in-the-door marketing"? I guess.


I received recently one of the most bizarre emails via gmail: one email completely written in Chinese. I was curious precisely because it didn't go to the spam folder. After running it through Google translate it actually looked like a legit job offer. What a pity life is so short and I have so many responsibilities, it would have been cool to grab a laptop and just go.


Many recruiters are sending their emails from a system, not writing them by hand. They look they came from a template, because they did.

Add to that that when that recruitment system was implemented, the recruiter probably didn't bother updating/customizing the default templates, making their emails just the same as everyone else's.


The only reliable low maintenance solution is to get your own domain with a catch all mail service.

Then for every email interaction with a 3rd party you make a unique address like amazondotcom3823@yourdomain.com.

You can then just add rules for each incoming mail domain to send them to a junk folder, especially if it was was a one time transaction and subsequent emails are just going to be marketing junk.

It also lets you know who has had their mailing lists compromised as there is virtually zero chance someone would guess the email address like the example above.


> Then for every email interaction with a 3rd party you make a unique address

Does that work for you? Have you caught many companies sharing your address?

I’ve been making unique addresses for a decade, and it has been a complete failure. I haven’t caught any companies sharing them, and it hasn’t stopped spam in the slightest. I’m not sure where spammers get my mail email address from, but they do, and so far I’m not seeing them get the individualized addresses, like ever.


Yep I've noticed a few, most of the breaches were disclosed to the public which is good. I've stopped using those services so I've just send them straight to trash now as they get non stop spam.

Before setting up a catch all domain I had 3 distinct email addresses I used as high/medium/low priority which helped, but its much simpler with the catch all domain as it goes into the same inbox, just with different "To:" addresses that you can easily filter on - I just right click in outlook and select move all mail to recipient to junk.

To be fair most of the mail I get is marketing and I could probably unsubscribe, its just easier to make a rule to filter them to junk.


I actually have a rule in my work email that tosses everything that contains the word "unsubscribe" and where I am the sole recipient. Hasn't done me wrong for years, as far as I know.


> as far as I know

Literally everyone claiming they never miss emails in spam, never have delivery issues with their custom domains or mailservers, etc


You know you can have a reliable custom domain hosted by companies like fastmail right?


That's actually brilliant. Wish I'd thought of it!


Same observation here. My first two email addresses were ruined by what I presumed were data leaks (I was getting hundreds of spam emails a day in the hotmail era). Since using unique addresses, I've only had two compromised with spam. The original email addresses still are firehoses of spam though.


This would be illegal in Germany where you must take notice of every email accepted by your email server. The junk folder doesn’t help because you would need to read through it nonetheless.


I'm not sure what German law forces Germans to read emails to a personal account which is the context of this thread.

If you are a corporation using gmail then you will likely have emails going into a shared mailbox or public folder and have team members triage emails as sales lead, spam, upset customer, etc.


What do you mean? Why would it be harder to notice mails with a catch all in place?


lol either this is a dumb rule or a very dumb interpretation of a rule, please link a source if you can.


I just disable this filtering. It’s more damage than good nowadays…


Nowadays? Try day one. I always thought of this as a misfeature and disabled it from the start. I have no idea how this would be useful to me.


For me, it's been the single greatest boost to email productivity. It works great 99%+ of the time for me where I only keep any eye on Updates and Primary, and maybe once a week clear out the Promotions tab. Forums and Social I can usually clear out without even looking.

Interesting how people can have such different experiences.


I think it's the difference between people that unsubscribe from lists and those that don't.

If you're a regular unsubscriber, your email box is only ever filled with relevant important items.

I do the same thing with my phone notifications. If my phone ever gets a notification, it's something that directly concerns me.

I don't know how people live getting bombarded with stuff all day, but like you said, everyone's different.


Classical AI (i.e. manually-constructed email rules) is much better for this kind of thing, in my experience. You don't get spurious false positives; you can predict every false positive in your head before you even get the email, and if you want you can even add an extra rule to prevent it from happening in the first place!

“Unknown / trusted / spam senders” lists are a basic implementation of this concept.


This is why Inbox's Bundles feature was amazing. User-defined rules, emails either show up live or in digest form throughout the day, shown in your (one) inbox, not in some panel where secondary "labels" or "folders" are relegated to. Collapsed by default, but expandable.

Gmail thought that adding Snooze was enough to get feature parity and kill Inbox, but Bundles were by far the feature keeping me on Inbox.


I, for one, don't use that feature because I use two email addresses. People who know me personally only know one of them, and I use the other for registrations and subscriptions.


This has also had the greatest effect for me. If you don't share your main email with sketchy reselling parties, it remains surprising clean. And this on a 10 year old+ account.


sort of this: i treated the Promotions tab as a "unsubscribe from these mailing lists ASAP" tab as soon as the category feature came out

i get so few of them now i removed all those extra tabs and filters a year ago, but it was pretty useful to get my total inbox as clean as it is now :)


Right, exactly. I want my "promotions" to land square one in my inbox, because then I'm going to deal with them right then and there. Unsubscribe comes first. A filter comes next, if they keep sending.


Gmail has a “report spam and unsubscribe” button which I use liberally.


I feel guilty using it the first go. I figure I will click on their unsubscribe link first. And then I will click the report spam button if they continue to send me email

Unfortunately, all I'm probably doing is just confirming my email address to generate future "mailing list" subscriptions.


I get quite a bit of emails that are not completely spam, but by no means urgent to see. The filtering has been great to let me focus on things I need to see immediately, without having to scroll through 50 different promotional things


This is an unusual problem that I also witness over and over again. The unusual part is that I'll get same-source emails (eg: mailing lists that I follow) scattered between two different tabs, so it is like Google only forgets where they go sometimes.

I drag them to the proper tab each time, but it doesn't seem to fix anything.


Its actually worth going through and unsubscribing to those promo emails just to make this easier.


This also happened to me. A very important email was put under the promotions. Usually I just kept the gmail tab open and didn't check my phone. Fortunately for me, I noticed this mail on my phone when I was clearing the unread status.

At the same time, all sorts of ads fall into my inbox repeatedly, even I deliberately mark them as spam or junk.

( Being cautious, I just checked the promotions again. And there is another important email lying. WTF!)


You can disable the grouping feature.

What I did to reduce the noise in my mailbox is to unsubscribe from all marketing emails, and I move the ones that still come through to spam folder. It was a bit tedious at first, but now gmail is doing a pretty good job at automatically filtering out senders that do not respect my request to unsubscribe.


There is no way to sort in gmail satisfactorily that I know? Like sort by subject, sender, etc... I can search, but I cant SORT.

Am I missing something obvious?


This HN submission is getting spam from gmail accounts, not to your gmail account.


I could have written this. The exact same thing happens to me and now I am realizing you might be right and it might be on purpose so we scroll through all the unnecessary ads. Arrgh.


If you didn't realize it, Google has managed to get you to waster your time actually going through advertising (instead of putting that on the side for you).

I'm really surprised most people aren't realizing this.


Huh. I thought it had something to do with my subscription to oss-security (the plain-text email causing some confusion in the filters). But clearly it's not just me...


YES! I posted about this two weeks ago, one person agreed but the post never got any traction: https://news.ycombinator.com/item?id=28437472

I haven't heard anything about this when I asked colleagues / IRL friends... I wonder what is going on over at Google


Well that's good to hear, I can't find any mention about this problem anywhere and I was starting to think that I was being specifically targeted.

Except for the last one, all the calls to action seem to be crypto related, but I don't know if that's relevant to the origin of this attack. Perhaps it's just the most successful way of getting clicks nowadays (?).

It's baffling that google are letting these ones slip. Even marking some as spam does nothing to prevent new ones from coming.


I've also been getting the crypto spam in my inbox, usually as one of a ton of recipients. e.g:

Title: Rc 2 Xq 1677 Riyw 532

Sender: Чеслав Сальников <zeqiyic@gmail.com>

Body: 3688 867 8383 4 3 784

Attachment: Free Bitcoin - DELL .html


Same with me, been happening for a couple of weeks now. Sometimes multiple times a day. Just yesterday I had the following:

Title: V10 YU L2 RUO T778 ZRD

Sender: Тельман Кудряшов sefovuz@gmail.com

Body: 3484 2 0812 61 3

Attachment: Blockchain Prizes 3883 .htm


> It's baffling that google are letting these ones slip.

Why would it be baffling? Google’s spam filters have always been extremely low quality, even mistaking email generated by Google itself as spam. They simply don’t have the pride of craftsmanship to improve it.


You live in a different universe than I do. Fascinating.

In my world, spam was a true problem that was killing email. Truly killing it. You would have to create a new address every 6 months to stay ahead of the spam and have a functioning inbox. Very different world.

Gmail fixed that. And for me, there have been issues from time to time and in fact i am getting this very spam myself, but gmail permanently stopped the hordes for me in 2004.

Now, don’t get me started on their insane categorization choices.


>Gmail fixed that.

Hardly. They didn't invent the tech. And they didn't perfect it. They haven't even tried. The evidence is in my Spam folder. I mean they mark messages they themselves originate as dangerous spam. "Dangerous" being their word, not mine. Screenshot from within the last hour:

https://imgur.com/IjQUGaY

I was in that earlier world too. They papered the problem over, a little. But no, they didn't fix it.


Just curious if you would post a little more of the screenshot? I don't think there's enough in the image for me to tell if it's from a spam address or not.


It’s from Google.

The return address is:

Google Alerts - googlealerts-noreply (at) google.com


I really want an inbox where i never see what anyone wrote if they don’t pay me the current price of a first class letter.


Spam wasn't killing email for me, but Gmail was a noticeable step up for sure. I do wonder how much was innovation on their part and how much of it was simply executing the same filtering techniques really well.

Now, my impression is that all of the well-regarded email providers do a good job of handling spam—it's no longer a differentiator. (Although it might start to be again if Google has genuinely let their guard down.) Fastmail does a good job in my experience.


You are not the only one. Its been BAD for me for at least two months.


It is happening to me too, starting about a week ago.


> I wonder what is going on over at Google

Probably a whole lot of dont-give-a-darn-about-e-mail, because it's not new and sexy, and likely doesn't drive revenue.

Also, the people who suffer from gmail spam are often non-users of gmail. I.e. neither customers of Google, nor targets of its advertising, nor sources of personal information.

Google doesn't care if <you@filleocus.com> is getting Gmail spam, because that's an outside entity whose existence does not benefit Google.

Plus, Google knows that Gmail is so huge, that nobody can just block all of Gmail. Unlike some small-time mail domain, they do not feel any risk that, if they don't take action to combat spam, they will be blocked as a whole.

If a small-time domain's machine gets listed in some DNS black-hole lists or other dynamic anti-spam databases, they have to care, or they don't get to send mail. It's a dire situation to which they have to respond.

If a Google machine gets listed in these databases, Google doesn't have to care. Anyone actually blocking Gmail machines is essentially just cutting themselves off from a huge e-mail communication hub. It's almost as if that operator were blacklisting itself.

Small fry: OK, that does it, I shall not receive Gmail!

Google: Hahaha; say bye bye to more than half your contacts, then!

In other words, Google knows that e-mail operators who are using blacklists have to pretty much whitelist Gmail servers, and so it doesn't care about blacklists.


I've posted/commented about it as well.

Interestingly, they can change the font of the subject lines which no valid email I have ever received in gmail has a subject with a different font.

That would be an interesting filter: if subject is !Font, then spam.


I got a few of those myself. They use Unicode characters that look like ASCII letters and probably Google doesn't handle it well.


I too have been seeing this the last couple weeks, sorry to see I'm not the only one!


I have exactly the opposite problem: tons of legitimate email is getting flagged as Spam by GMail.

It's now happening regularly with emails from people in my contacts with whom I regularly exchange messages.

Mind-boggling. I know spam filtering is a hard problem, but these are just obvious misses.


Same. I'd gotten out of the habit of checking my Spam folder, having trusted Gmail to get it "correct enough" for years. But I looked recently and was amazed/horrified how much legitimate email was in there, including a friend's birthday event invitation that I would otherwise have missed.

20% of what is in my "Spam" folder today is what I'd call "spam" in the classical 90s/2000s-internet sense. Obvious trash/scam stuff, usually sex-related.

Most of the rest of my "Spam" looks like what Gmail usually just labels Promotions. It's mail from legitimate organizations that I did indeed give my email address to and have a reasonable expectation of getting semi-regular email from, even if it's just trying to sell me more stuff. The Promotions auto-labeling works (worked) just fine for managing that stuff.

I figured enough users are clicking the "Spam" button on enough "legit promotional" email from real organizations that they did agree to receive email from, that Gmail just started classifying it all as spam, and now doesn't/can't distinguish between "classic" spam and "annoying emails I can't be bothered to unsubscribe from". Sort of a tragedy of the commons of crowd-sourced spam filtering. But maybe there's a better explanation.


I carefully look for “subscribe to news” checkboxes and always untick them; if you send me campaign emails without me explicitly opting in you are getting a spam flag, whether or not I gave you an address for transactional mail.


Not sure if you meant political campaign emails specifically or marketing campaign emails in general. The former are some of the absolute worst offenders in that regard, for sure.

I try to use unsubscribe links when 1) they exist and 2) the email is from a legit organization that I reasonably believe is actually going to unsubscribe me from something (if not from every place they've copied my address to by now), but I can see the argument for just flagging as spam in the case where an organization oversteps previously agreed bounds. Especially with the political campaign emails, the unsubscribe game can feel like futile whack-a-mole.

For ordinary commercial campaigns, I'd worry that flagging as spam would cause legit transactional mail (i.e. mail that belongs in the Updates auto-label) from the same organization to get flagged as well, but based on the state of my Spam folder, that's already happening anyway...


I share your concerns, but marking spam as spam is the only way to incentivise good behaviour.


If the email is from an organization I have interacted with and it offers unsubscribe, I will use that the first time. If they don’t stop, then they get the spam tag.

If an unsolicited email contains no unsubscribe, that is bad behavior and they get spam tagged immediately.


Having opt-out instead of opt-in checkboxes is pretty much illegal in Europe and will get marketers banned from good emailing services.


So glad I stumbled down this rabbit hole and found your comment; a fulfillment email on a Kickstarter project I backed was flagged as spam! I haven’t checked my spam folder in years, but that unfortunately changes as of today.


I went from checking my spam folder, to creating a filter rule that moves all spam into the inbox. The filter is adding a label, so I can identify them, but still have them all visible for normal congestion.

Fun fact: from time to time I still have mails in my spamfolder... seems the filter does not always get applied.


I receive a fair amount of legit appearing promotional email from real organizations, but organizations that I have not dealt with. In most cases the recipient appears to be a real person. In one case, I was able to verify the person is real, lives and operates a small business within a couple of hundred kilometers of where I live, and regularly frequents my city. Yet I refuse to use unsubscribe links in those cases since, aside from that one person, I have no way to differentiate between sophisticated spam and companies who don't verify email addresses on file. So the spam button it is.


I have a first.last@gmail.com and get plenty of legitimate promotional emails, one weakly-passworded credit card statement from an Indian bank each month (whose only support is an Indian phone number which I won't call), and occasional photos of "relatives" from across the world. There are about 3 or 4 people around the world with my name in various professions. I could probably do some nice identity theft if I wanted.

For the promotional stuff it's the report spam and unsubscribe button every time. I've worked in a small business that bothered to do double opt-in signups, so don't waste my time because you can't be bothered due to some vague metrics. It's spam from my POV.

For the rest it depends on my mood. If you have a noreply and it's going to take effort to reach customer service (more than an email), spam. I'm of the opinion I should be able to reply to any email and it's rude to shout at someone and then block your ears, but maybe that's old fashioned.


I also have a first.last@gmail.com address and am continually amazed at the number of people with my name who don’t seem to know their own email address and submit mine for job applications and accounts that they surely wanted to keep.


If this is company mail you might have a colleague who uses the spam button instead of delete.

I once caught my boss doing this (he was not a native English speaker, but absolutely used to communicating in English so it shocked me.)


Hmm so this is indeed a thing. I operate some email servers and often get spam notifications from, say, Hotmail, and the emails are always legitimate. It's like some people don't bother unsubscribing from lists, they just start reporting it as spam hoping it will go away.


> It's like some people don't bother unsubscribing from lists, they just start reporting it as spam hoping it will go away.

I do that all the time. I consider every list I didn't explicitly and intentionally subscribe to as spam and treat them accordingly. I wish I wouldn't have to do that but I find subscribing someone to a list when they thought they were just buying or creating an account for a product so unnerving and disrespectful that I don't feel bad about it.


These are discussion lists that people intentionally subscribed to (which require double confirmation). I'm not that dense.


I get hundreds of different discussion list mails I have not signed up to.


If a button is hard to find or it doesn't directly unsubcribe me, I just report the email as spam.


I used to be naive and actually unsubscribe from things but it stopped working about 10 years ago so I haven't bothered since.


If the organization is legitimate, I find it usually works just fine. I usually only get such emails from organizations that I have recently started interacting with and that assume I want their newsletter. A simple unsubscribe fixes that. If I tagged it as spam, it would start to erode the ability of people who want this stuff to get it past the automated filters.


I've never understood why Gmail and Hotmail/Live/Outlook don't take a user's own indications as gospel. If I whitelist an email address I want those messages, I don't care if [you think, perhaps erroneously] they are spam.

Possibly the worst is not allowing replys. I mean if a customer sends me a message, and you block the reply as spam how is that serving that customer? Sure mark it, remove viruses, obfuscate links, but let me reply to someone!


Yes it's unbelievable that gmail would send an email to spam when it's from a person with whom i have had prior correspondence with.

Clearly shows they give more weight to things like scanning, IP reputation, etc vs common sense.


GMail's spam filter no longer seems to have any intelligence. It's just a slider. Mark the obvious "Car insurance- 15324" subject message spam, and you know for a fact that immediately a bunch of legitimate mail will start getting flagged as spam. Mark that stuff as "not spam" and now you're back to getting obvious spam in your inbox.


I don't understand how to get Gmail to stop marking emails from my contacts as spam.

Funny enough, the mails it penalizes worst are GMail addresses for small businesses, like my vet or the pizza shop.


Yes, GMail is absolutely terrible on that regard. I've been missing out on project mails from an UN organisation I have been working and exchanging emails with because of their aggressive and useless filters.

For me privately, switching to a better provider solved that.

But having >25% GMail customers and always landing in Spam is horrible. Pretty much any other provider likes our mail server, but GMail always says spam.

Then you're going double opt-ins but customers still mark mails as spam because unsubscribing is too hard. Thanks for nothing.

There is actually an industry in gaming GMails spam filter to somehow get into the inbox: some offer automated replies and unmarking spam, some manually run hundreds of mailboxes and don't do anything else all day than unmarking mails as spam.


Yes. It's so bad that I find Google's own messages like Google Alerts ending up in my Spam folder. You'd think they'd whitelist their own emails.


This ^ see my comment about our experience fighting this: https://news.ycombinator.com/item?id=28636281


I’m getting the worst of both. Important emails in spam and tons of spam emails in main inbox.

I feel like it used to be near perfect. Something must’ve broken the models.


Now I am wondering if Google hasa disgruntled employee/rogue-agent in its midst's!


me too, and even more mind-boggling is important emails send right to "Trash." I have caught actually important, personal emails that were sent directly to my Trash bin. It's infuriating.


Came to write this - same here


Yet legitimate mail from my server with valid DKIM, DMARC, SPF, PTR record, decade old domain lands in spam. Good job, AI first Google/Gmail.


Who is to say that it isn't working as intended in building a higher wall around their ad garden? There should be a way for them to accept mail from self hosted users, or even provide some sort of testing tools (perhaps validated by credit card some type of bar to increase accountability? At least an RBL or something) for those who do, but nope.


I am beginning to think that the simplest explanation is the most likely one. Google is just bad at stuff...

If this was all part of some clever conspiracy then it would be, well, more clever...


Or more simple still, it's a hard problem to solve and when there's billions of emails flowing through the pipeline every hour small mistakes can look big to individual users.


Same as with gaming search, it’s possible that spammers are catching up with the Google smarts, and from this point it’s unclear how to proceed.


"Never attribute to malice that which is adequately explained by stupidity", except for the "promotions tab", that was clear malice to increase their ads revenue.


I don't think they're bad, it feels more like they hit the 80/20 point and move on to something else. In the case of spam detection, whatever worked ten years ago set and forget without anyone quality assuring it as things evolve.


Also, they want more people to use Gmail or GSuite. If that's the way to reach an Inbox on GMail, people simply choose the path of least resistance.


I have two accounts with google, one is personal and the other is through work.

My personal account is pretty clean and rarely does anything get through that shouldn't. Occasionally I find something in the spam filter that shouldn't be there, usually password resets.

My work account is seeing a big increase in "professional" spam. "Hey Guy, did you see my last email I sent . . .", "Hey Guy, we are the top network security consultants . . ." Many of them are getting tagged Important. Some of them are so left field it doesn't make any sense that they are listed as important. Here's a good one:

"You asked for it, and we made it. We are delighted to present a complete redesign of our Merge Rules in Duplicate Check." - coming from mta.exacttarget.com

How is that not spam and how did it get tagged important? I have no idea who this company is. I've never done business or corresponded with them.

As I write this I'm coming to the realization that I'm a mechanical turk working for Google to find and report.

What's interesting is that many of the emails are coming from clear email marketing sources like HubSpot and Exact Target. Why would those get bumped up? I also notice some coming from something like xxxx.outbound.protection.outlook.com - not sure what that is exactly, but it mostly comes from companies directly marketing using their spf and dkim domain, but seems to passing through outlook.com.

Email is dying but will never be dead.


> clear email marketing sources like HubSpot and Exact Target. Why would those get bumped up?

Those servers send a very high volume of legitimate marketing email that is not spam. Those services do a lot of policing within their platform to prevent or discourage use of their servers for actual spam. So when someone does manage to get spam out through that service, it often gets past more filters downstream. Theoretically, Hubspot or Exact Target will get notifications and shut down those senders so Google trusts them, gives them some leeway and doesn't ban the servers outright.


I'm not sure if it should be trusted or not. It is fully unsolicited and I have zero relationship with them and never gave my info explicitly. Seems pretty spammy.

But what is much more interesting is Gmail is pushing the spam up by tagging it as important and it ends up at the top of my email list and not in the lower section of everything else. It should be in the spam folder with all the other junk, but out ranks internal JIRA tickets, daily sales report etc.

Could there be an implicit or explicit incentive? Am I the spam detection?


I’ve also been getting subtle professional spam consisting of very short emails, something like:

from: kate.random.but.reasonable.name38 @ gmail . com

Sorry for the delay, here is my email.

Best, Kate

Sometimes they are more obviously spam, but other times it seems nearly impossible for a spam filter to stop, like the example I provided.


I've gotten those, assume they are to try and train gmail to think they aren't spammers for future spam messages.


That is a good theory.

I was always assuming that if I reply, then they would send the spam links, but your theory is better.


Have gotten multiple such emails the last couple of weeks.

I think Googles spam detection is a bit too much lax when the sender itself is using gmail.

These might as well be hacked accounts which have already proven themselves to be valid and "human" at a previous point in time? I doubt gmails spam detection would let a brand new account spam CC'd emails without any sort of detection.


GMail has been making it harder to sign into old accounts, forcing me to verify my device and also add a phone number to my old email accounts, and then sometimes still refuses to let me sign in.


Lately, I've been noticing emails getting flagged as spam that are:

a) replies to emails I sent b) have anything to do with topics I'm actively involved with c) from senders who I have marked as not spam dozens of times

I never used to check the spam filter, now I do almost daily.


SAME. It's awful.


Yes, I keep getting a bunch of “Your GEICO quote 1234” variations. My thought is spam is like weather fronts at this point: while it feels like that subject line should be obviously flagged up, there is probably some other storm of porn bot spam that is causing the machine learning or filters to bend in just such a way that the car insurance spam can seep through.


I’m getting those too - and the content is an obvious low-res image, not sure how it’s getting through.


In the past week I got a bunch of obvious spam in my inbox. They all had a garbled subject line with numbers instead of letters, missing spaces and wrong capitalization, and the body was an image. It's crazy, how are they getting through? Maybe the filter gets thrown off by the unintelligible (to the machine, as a human can understand the meaning) subject line?


I’m also getting these insurance-like ones. Several passing for Statefarm. I might have received 50 in one day.


I've been getting the same one. I mark each as spam but that doesn't seem to do anything.


Same. I'm getting the ones as OP and the Geico ones...mark as spam, more show up within a day or two.


Same here, I flag them as spam but gmail never puts them into the spam folder.


In my case, the spam that manages to evade Gmail's filters contain an image as the body instead of text.

Fun fact: Back in 2002 ycombinator founder Paul Graham wrote an article on spam filtering. (See http://www.paulgraham.com/spam.html ). I emailed him that his method can be defeated by sending an image of the text, as opposed to the text itself. PG replied and pointed me to this FAQ: http://www.paulgraham.com/spamfaq.html

In the FAQ there is an entry named "What if spammers sent their messages as images?" The answer indicates that is not going to be an issue, because there's still plenty of signals to go by.

Guess PG was wrong!


>Guess PG was wrong!

I mean, he wasn't wrong. He was describing the state of spam at the time.

The way I see it, you were trying to corner him into giving the answer you wanted, and he was trying to corner you into asking the question that would force him to give the answer you wanted.

All machine learning models make intrinsic assumptions about their input distribution (no free lunch theorem and all that). If all your objection was that the model will fail to work if the assumptions it makes about the input distribution will fail to hold, that is a criticism for the entire field of machine learning, not this one spam-filtering product.


But I never see images in most emails. They are not loaded unless I decide I want to see them. Those emails are just empty space. If there is no unsubscribe link, they get spam tagged.


Exactly the same issue here.


I just got one like this 5 minutes ago. They are getting clever i saw that they are embedding this.

onload="document.location.replace(window.atob('aHR0cHM6Ly9ibG9jay1jaGFpbi1ib3gudGsvbXpwaWwvP3RldHRoa3Yg'));"

Which if you decode you get a strange domain.

I assume gmail only looks for urls which in this case is not visible without decoding it


I thought you couldn't embed scripts/iframes into a html email?


These emails often include an attachment with an HTML file. My guess is depending on your client, it might just open a new browser window with the file (after it’s downloaded)


It is in an attached file. In my case the file is named

"Profitability 28388 .htm"


That looks legit.


Yep, got one 3 days ago that matches your description perfectly. Russian sender name, HTML attachment about Elon/Bitcoin, etc.

Maybe these emails are coming from real users that got hacked? That's probably the easiest way to get past the filter.


I wonder if they could have their bots email one another a lot and continually mark their messages as "not spam" until the Google system learns to trust them.

I have also been getting several of these super obvious spam mail messages recently.


same here, russian text, many recipiants. Spam blocking does nothing.


Just another reason to ditch Google all together. I've been using Fastmail (paid, happily so) with my own domain for about 4 years now, and have been gradually changing all my online accounts that were using my gmail.com address to my own domain. Reduces Google's surveillance abilities (to some extent) and I don't have this problem at all.

Also, I use a desktop email client (Spark on MacOS) with IMAP/SMTP. Massive improvement over any webmail client, especially GMail.


Yes, and don't forget to check your spam folder regularly because a bunch of legit email ends up in there too.


Couldn't believe how many legit emails were in there. Missed a handful of important emails and who knows how many more, since they're deleted after 30 days.


>Couldn't believe how many legit emails were in there. Missed a handful of important emails and who knows how many more, since they're deleted after 30 days.

The administrator of my email servers has a vested interest in making sure I get all valid emails and in junking the garbage.

Gmail administrators are interested in pleasing their boss and getting paid -- the quality of their spam filters and especially your interests aren't even in their top ten important issues.

The only problem with my set up is that if my email administrator gets bored, I'm screwed. Fortunately, that's unlikely as I am my email administrator.

I expect that many folks will dismiss this email as just some rando who doesn't understand just how important it is to have gmail or some other provider's email service because reasons.

But the truth is that quality service is based on having the right incentives. And Google (and by extension, their employees and contractors) have zero incentive to consider the needs and interests of their product.

And why should they? If you're a car salesman, do you worry about how a particular car will feel if sold to a jerk? If you're a barista, do you care if the lattes you make are consumed or thrown away?

I could go on, but I expect I've made my point.


Thanks. Just found a bunch of legit emails. Perhaps HN needs a monthly banner that says: check your Spam folder for real email before it expires for this month!


Glad to see this posted, I got the exact same email this morning: Russian name from a Gmail account, subject that looks just like that (i.e. "long license plate number") and a .htm file. Was very surprised to see it get through GMail's filters.


Yes, it seemed to coincide with a notification I got that my Email was exposed on the dark web as a result of some hack. I forget which one but it was about 6-8 weeks ago I think.

I keep marking them as spam but more keep coming. About 1-2 per day and of varying content but similar visual layout. 90s era spam is a good description.


I've been having a batch of really obvious spam getting past Hotmail's filtering. After years of Hotmail being bad, Microsoft got really good at spam filtering there and I haven't really had issues with spam for close on a decade. It rarely hits my inbox.

This last month, maybe two, I've had extremely obvious spam hit my inbox repeatedly. Picking two cases from today, the subject is the same "FWD: FINAL CALL", from two different senders, "A P P L E" and "NET FLIX". The pattern is pretty much always the same, it's immediately obvious that it's spam. No idea why it's slipping past when they're still catching hundreds a day (I've had this hotmail account from the early days of the platform, used it a bunch all over the place)


Yeah, I have had tons get past the Fastmail filters too. And a huge uptick in sms/autodialler spam to my phone.

If all the bigger providers are having trouble too, perhaps there’s a new kind of spam? Or higher monetary incentives now?


I don't have a direct answer to your question, but I want to suggest a possible solution. I've been getting almost no spam for the last 10+ years even though I don't use any spam filtering (neither in my email client nor with my email service provider).

What I did was to switch from Gmail to a paid email provider. Then I started giving every single business a unique email alias, though my friends all get the same email alias. Currently I have 370 active aliases. I've had to disable only 20 aliases in the whole decade which works out to only about 5% of my contacts.

As I said, I use no spam filtering whatsoever, so I find it amazing that Gmail users with spam filtering have such a different experience.


Yes - I commented about the same awhile ago. How are spam filters not grabbing these "Amazon gift card" offers like the one I received below.

https://imgur.com/4efNttg


Yes, it started in the last 3-4 days. I was going to ask on here if there were any high-profile data breaches recently. I never used Epik.


Yes. After literally years of never having to worry about gmail spam, really obvious stuff has been coming in for the last few months.


I'm getting exactly those kind. Russian (I assume) name for the sender, gmail.com email address (From: "Арслан Минаев" <yerusaqe@gmail.com>), .htm attachment with spammy filename (Your Business 01836.htm). Random numbers for the content. Headers indicate DKIM and SPF passed, and it looks for all intents and purposes like a legit gmail email. But it's spam.


Yep. This has happened a few times over the years and always seems to resolve after a while. I guess in the eternal game of cat and mouse in the world of spammers, sometimes the mouse gets the cheese.


I had same problem in last few months, advertising t-shirt/pill emails.

Another kind of spam mail like this is they use google docs or sharepoint to add a huge CC list.

However, defending them is hard and I think I can share my knowledge on topic of spam filtering(given I run an email forwarding service (https://mailwip.com) and have to deal with spam a lot)

When an email come from gmail/hotmail(any popular free email service) itself, it's harder to detect spam, especially if the email is in a non English language.

It has a few way to flag spams:

- Look at the IP address: - Look at the structure of emails: follow best practice, such as html/text plain part, has right mime encoding etc - Look at header of emails: no weird header, no "bad" ip in received chains - Look at attachment file type, virus scan those attachment - Finally, tokenize content of the email to find similar email that are flagged as spam

When the email come from their own IP, send out by gmail themselves, email format looks good, DKIM/SPF all pass and this is the first kind of email then the only way to flag spam is by analyze content. And if the email is in non English language, it's harder to analyze. Especially if not enough people flagged it as spam to train the naieve bayes tokenizer then we're out of luck here. The long CC list looks like a legitimate indicator for spam, but librarian/scool has a tradition of sending out a huge CC of entire class/department, sometime even BCC which make the email looks very suspicious (undisclose recipient) yet they are legitimate email so the CC alone cannot easily be used for spam indicator.

Yet, at the same time, legitimate emails form your own server get flagged because low reputation or a history of previous owner send spam...


I'm very surprised to hear that I'm not the only one getting spams in my inbox and legitimate emails in the spam folder for more than a month.

I thought that Google had some sort of metrics and would spot this issue if it was widespread, but it seems they don't even bother.

Do they even care about Google search and GMail? They're getting worse and worse.


Not really a new issue. I have an old Gmail account that I don't use as my primary email anymore. However since it's still attached to some services that use Google SSO I have reason to check it occassionally. The amount of spam that makes its way pass the Gmail filter is on the order of hundreds of emails a week. Fastmail on the other hand seem to do a lot better, generally only 1-2 spam making its way to my inbox a day, and never any legitimate mail marked as spam in the several years I've used them. Even Outlook (which I use at work) seems to do a lot better although it sends legitimate emails to my spam folder more than I'd like. YMMV.


Yes, but also getting obvious non-spam going to spam, likewise with it being categorized as Promotions. It got to a point that I don't filter by Category now, I just have a standard 'Inbox' with Starred at the top.


Oops. I forgot to negate my if test.


I'm getting a lot more spam (and by that, I mean like 3-5 per week, but before recently in was 0), and they also have the same format, but a different one from yours.

A random IP is the first text in it, and a vast majority say they originate from .co.uk. It's generally trying to get me to participate in a survey, or I've won a card from Home Depot (a big DIY supply/hardward chain in the US).

(edit) I just got one of the Russian ones noted by the OP; first one I've gotten so far.


Yep, plenty of new spam that's passing Gmail's spam filters. I'm seeing variations on a common format:

From: seemingly.real.name@gmail.com To: several apparently real Gmail addresses Subject: (no subject) Blank body apparently, PDF attached which the web and mobile previews indicate is of a pretty young woman, possibly porn (I've not opened any).

Another variation, the same as above with random words as the subject, such as "shallop escape clause unfilled orders crockitude". This is an actual example from my inbox.

Another, same again, but with nonsense in the subject and body, e.g. "48046256 of hlbezmy". Actual example again. I noticed that the preview image of the PDF in this example has a yellow-green tinge, possibly an attempt to disguise flesh-tones?

And so on. And on, and on, and on. It smacks of a very deliberate, industrial scale approach either at training the filters, or at exploiting weak spots that have already been discovered.

As another commenter has pointed out, this spam really does feel like 90s spam all over again. This made me wonder, is it possible that 90s-flavour spam is a result of 90s-flavour filters falling out of favour and being dropped or becoming under-trained? Are we doomed to endless cycles of spam revivals?


Just putting out my experience with spam. I have a generic gmail email since 2008, & bought few dozen domains over these years for personal use, with varying tlds.

Since 2018 I am getting almost a spam rain, see statistics & logs of spam in this published google sheet https://docs.google.com/spreadsheets/d/e/2PACX-1vSdZyRvDd0ES...

Almost every email has no text, just an image, with a text footer with Unsubscribe. But clicking each unsubscribe tells spammer this email address is hot & live. I made this mistake of clicking Unsubscribe few times in 2018. Now about few weeks ago I loaded images on one of the email by mistake.

Domains these emails sent from are typo, subjects are stupid offers.

A filter adds a label to these emails & deletes them. A google apps script runs once every 24 hours, fetches data from these emails with label X in trash, adds that data to Log Sheet I linked above. Then script removes the tag.


Yup, getting a few of these each day and manually marking them as Spam (to no avail). Not sure how GMAIL's filter is missing them. A simple regex matcher would catch 99% of those. It seems like even the gmail registration process for the SPAM accounts has been automated?

Some other examples: Чарльз Некрасов <qxazagesuf@gmail.com> Фома Авдеев <tpewixicig@gmail.com> Порфирий Угримов <solodqez@g...


Yes, but fortunately on a secondary account. My main account still seems to be safe from it, but my secondary account has been getting spammed to hell the past week. CCs are the same username @ aol.com and other domains, which is amusing because those aren't domains I've ever used (with that username, and I haven't used AOL since 1995 or so).


I’ve honestly been wondering if IT has started testing my personal email account to make sure I don’t fall for fishing scams.


Multiple previous companies I've worked for have done phishing tests run by 3rd parties.

Fortunately they typically set a "X-phishing-testing" type header so you can make a rule to get rid of them automatically.


I've recently had the experience of getting a spam email that allowed the spammer to add an appointment to my Google Calendar without my permission - even though I never enabled such a feature, never communicated with the sender before, and didn't reply or star or have them in my contacts. Wtf.


Google will automatically add meeting invites to your calendar even if you don't accept them. You have to disable multiple options in both Gmail and Google calendar to stop this from happening. It is default behavior.


I've been getting email-to-sms texts at odd hours from gmail addresses for a while now.

We get tons and tons of gmail spam inbound to our non-gmail email server - every single day for years.

If I complain to Google we get more, its uncanny.

Seriously, fuck Gmail. Gmail can die in fire. Biggest spam service on the internet.


Yes, I get the exact same thing, Russian sender, some weird code in the subject line and some sort of attachment. I guess they found a way past the spam filter. I just report spam and I'm sure Google will update their algorithm to catch these things.


Yes, and other people I know don't have the same problem. Making me think that everyone who has this issue is part of some A/B testing [1] bucket for an internal Gmail spam filtering experiment.

These A/B tests are quite common for products like these to test new features, such as a new spam filtering algorithm. Or even test the efficiency of an existing spam filtering algorithm by degrading the experience of a subset of users.

[1] https://en.wikipedia.org/wiki/A/B_testing


I've been receiving spam for years in Gmail.

Some years ago a not so bright product manager decided that dots are not important.

My address used to be surname.name@gmail.com, and I've been receiving email for surnamename@gmail.com for years.


I get spam emails in my normal inbox titled "confirmation" with a body made out entirely of images, addressed to "<some name that's not mine>@aol.com" but also sent to me.


Me too. I wonder if having another email account "forwarding" to my address manages to sneak around the spam filter.


I get those but with my name.


I'm receiving some spam emails in the inbox folder since spring. They are clearly spam.

I analized 2 arrived this morning: both have 2 message-id header, one from gmail the other from sendgrid; both have a in-reply-to header (that is used for ARC and DKIM signature); both have 2 DKIM-Signature... both have the same CaMelCasE html... both are flagged as spam by a corporate antispam and my own spamassassin... one message has fake Received: headers with date in year 2019...

gmail has all the information to mark them as spam


Gmail's Chat now has a feature to forward an individual message to your inbox. I kept clicking on that feature and all the forwards from Google were in the Gmail Spam folder.

Gargh.


That just sounds like poor cooperation between teams.


Yes, and this has happened in the past, where Google emails ended up in the spam folder even for users who never marked them as spam. They should’ve learned from that already.


Different teams for the inbox and spam folder in a single app? Sounds like the sort of thing one person would manage.


Yes, I only mentioned it today to two coworkers who hadn't seen it on their mailboxes. I've been getting a few a week, some go to spam and some don't.


I've been getting these for a couple of months too. I don't speak Russian so I just picked a couple of common Cyrillic characters and created a filter that dumps any email with any such character in the spam folder.

What's more annoying than the emails is that I'm getting Google drive documents shared with me with in a similar format from Russian senders. There doesn't seem to be a way to block or spam sort Google drive docs.


Yes, recently I was getting notifications on my Android phone from Google Docs. Requests to approve doc edits or similar, but very obviously spammy. They seem to have stopped now.


I'm getting the exact same spam messages in my Inbox. Gmail has been working wonderfully for years, but lately something changed. I've also noticed marking messages from the same sender (confirmed by checking headers) as Spam doesn't move them to Spam, I keep receiving them to Inbox. It's intermittent, not sure what's going on but I can't rely on their filtering system like I used to.


I don’t use gmail, but I have also been getting some obvious spam through my filters as well - usually nothing makes it to my actual inbox, but lately there have been 5-6 per day.

I use a Bayesian filter trained on old spam (I haven’t retrained it in years) combined with Spamhaus blocklists. My guess is that spammers found a clever way to fool the Bayesian filter, or they found new hosts to send email from in order to bypass blacklists.


I've gotten one of these every few days for the last couple weeks. It's bizarre. I report all as spam and haven't gotten one since Friday.


I think the spammers (actually scammers) just got smarter since bitcoin scam and crypto locker are profitable. I think they create a “burner” gmail account and first train google spam filters to think that gmail account is valid (short email conversations, not links, etc. for about year). Then they burn the account in few days. And then next one…

I heard that one gang makes/burns 1000+ gmail addressed per day.


Yes. I mark everyone of them as spam and block. Yet I continually get these emails with html files attached to them. It's extremely frustrating


My wife is having huge problems launching her business because gmail keeps eating her incoming and outgoing emails at random. It is really tough finding reliable email w/ support since Yahoo and Google turned it into a loss leader. If you felt a blast of cold today it was because I suggested she look at Office 365 since so could get support, and I think that put out hell’s pilot light.


yes. I have been getting russian language spam in my main inbox for a week or so. I don't know russian.

However, even weirder is a series of emails I've been getting for nearly a month now. They are always from randomized emails and claim to be different people but they are always about someone named Becca and some guy. Sometimes they are accusing me of being this guy and harassing Becca. Sometimes they are saying someone stole Becca's phone and was impersonating her friends. The weird thing is that none of these have any links.

Here's one from yesterday: "Beverly hacked all your stuff made fake account of you on Facebook apparently you have a new house and going to hurt Becca if she doesn't stay away from you . Apparently according to the rude message Becca Lynn received y'all aren't friends anymore ... That made Becca cry " But there aren't any links or anything like I would expect if it was typical phishing emails. Maybe they are just sending things out hoping someone will respond?


I had trouble that for one of my addresses forwarding to my gmail account systematically all of them got sent to spam, even if it's literally a reply to a message that I sent from gmail and repeatedly set "not spam" at it. In the end the only thing that worked was to add an explicit filtering rule saying "never send to spam" for that address.


The specific email you've listed here the format of a well known scam. There's been a tonne of this for filters to train on.

https://www.bleepingcomputer.com/news/security/new-elon-musk...


I'll be the one to say no, I haven't had any spam in my inbox recently. No false positives either.

I find that every year or two there's a spammer that figures out a new technique and gets a couple of emails past the filter, but usually no more than a couple, and none recently. I don't see a trend toward less or more effectiveness of spam filtering overall.


For a number of years now, my Spam folder has become my secondary Inbox. Legitimate & important email gets flagged as spam which forces me to check my spam folder constantly.

And like you, obvious spam sits in my Inbox without being flagged as spam. It seems on a long enough timeline, spammers just get better at making email look legit.


Funny story: A week ago, I received an email from a website monitoring service saying that my site was up. I wondered for a second why I didn't get an email saying that my site had been down first. Eventually I realized that I probably did get it, but it went into my Gmail spam. Sure enough, I checked my spam folder, and there it was.


SPAM filters are useless anyway. I only filter the shit that don't even adhere to proper SMTP protocol and let everything in. I just mentally ignore SPAM in my inbox.

Simple filters in free software don't do much unless you spend your energy tweaking it, sophisticated filter like Gmail's has a hidden agenda against you.


After almost a decade of near zero spam with gmail, I'm getting these weirdly obvious spam emails for various kinds of insurance where the whole email is composed of photos containing the text. I'm frustrated that they keep coming in despite reporting all of them as spam. Surely this is obvious spam.


One of the most common bypassed by spammers I get, a bunch of gibberish with a cc email of my name @aol.com, then if I open the email I get an image to load as a promo or marketing poster. Marking them as spam does not work, they keep going to my inbox. Filters don’t have an option to auto Mark as spam either.


Yes, for me, gmail spam getting into my inbox increased from zero to one or two per day a few weeks ago.

It's very obvious; I'm sure the gmail team must know about it. I'd be curious to know whether they're planning on returning the spam detection back to the previous low false-negative rate.


>I'm sure the gmail team must know about it.

Of course they do. Its from all of the phone calls they've been receiving from their help lines and helpfully answering? Or maybe the bank of humans they have responding to emails sent to support.


Yes, big time. I've been getting one or two of these a week for the past month now. Glad it's not only me. I'm really curious who's behind it, if the sender addresses were purpose made or otherwise hacked, and where the destination addresses were sourced from.


Yes. I suddenly just started getting tons and tons of German spam.

I tried Googling for a way to block mail in a language or from a country, but apparently the technology just isn't there to do so(/s). Getting rid of Russian and German mail would completely fix my spam problem.


You could use a full fat client eg Thunderbird or Evolution, Outlook or whatever and use that to do some filtering through an IMAP connection. However that does rather negate the convenience.

You could also try another provider or DIY. Another option is something like Mimecast which you put in front of Gmail - https://www.mimecast.com/products/platform-selection/mimecas...

If you use a mass email provider, you get a rather generic experience. How on earth are Goog n co supposed to work out what you consider to be spam or UBE? I imagine that you get some basic filters (naughty words and a few IP deny lists) and a tokenizer n bayesian classifier that does the really hard work. Keep tagging the crap mail as spam and after a while it should learn, that for you: German - probably unwanted, Cyrillic - probably unwanted etc. Unfortunately you don't get to see under the hood/bonnet to understand what is actually going on.

I recommend that you stick with manually notifying spam for a while and see if that works - you need a lot of samples. If Goog allows you mark ham then use that too but I suspect they implicitly mark a mail as ham if you don't mark it as spam. When I say a lot of samples, I think you need at least 200 ham and 200 spam samples minimum, ideally 500 each and the more the better. Moving to another mass mail supplier will almost certainly not help.


Nah they'd have to develop a whole system that can automatically detect a text's language. For example, to recognize what language to translate to/from without having to be manually selected.

We're out of luck until then.


Almost certainly the majority of the anti spam system at any large mailbox flogger is a bayesian classifier. Tell your mailbox what you don't want (mark as spam) and it will gradually learn.

It does not care whether it is in German or Cyrillic, it will learn the characteristics gradually. It does require effort.

If you teach a bayesian classifier with around 500 ham and 500 spam, you will see very little spam and if you continue to teach it, it gets better and better. I am assuming that is what Google give you but if I was them, that's what I'd do. I'd also add a few lists and stuff but the gold standard is a trained bayesian filter. You get to do the training, there is no shortcut. I suspect that if you don't mark a mail as spam then it will be implicitly marked as ham.

Getting an efficient spammy feedback mechanism working in a mail system is surprisingly hard. Email changes at each hop as it gets from source MUA via MTAs to the destination MUA. Headers are added at a minimum at each hop. Anyway, that's my problem - not yours!

So, no they do not need to run up a language detector but given that Google have an online translation service, I doubt that would be tricky. That sort of thing may be added to an "enterprise" offering.

Try teaching your mailbox what you want and don't want and see if the clever buggers at Google have actually mastered the basics. They probably have but you need to do the work to provide the data that corresponds to showing what you want.


oh no, they have it. i know they do: i get a lot of spam in french because of my user name, and not much else on that account. i recently had legit email in english be flagged as spam and gmail had a "why is this message marked spam?" note on it that said it was not in my usual language.


I was being facetious ;) Google definitely has the tech. It's in Google Translate already. It will fill in the drop-down for what language to translate to/from when you start typing.


Yup, definitely. It's a relatively new thing, and the stuff that's getting through looks more and more obviously like spam

Very weird to see the spam filter be obviously and dramatically worse than it was 10 years ago. Are they about to move to a paid model for Gmail? Hehe


I very much have been. For maybe the past few years. I'm not sure if it's because I've been using mail less and less over time and their algos not keeping up cuz I never read anything, or spam blocking is just getting worse, period..


Yes! I get insurance quote email that is so blatantly obviously spam that it made me think that there is either a bug in the spam filter or it’s something more insidious. It’s been happening for a while and training Gmail to filter it isn’t working.


I was getting multiple emails like this per day a couple of weeks ago: https://i.imgur.com/m8nmpTr.png

But they seem to have stopped... for now. It was quite aggravating.


I got 2 of these today, yet I can’t even send myself email from my own domain through Twilio without google silently dropping it from transit. I would be happy to get into spam, at least that way I could add custom filters.


Meanwhile Google bots ban valid accounts for non existent spam, like mine: https://news.ycombinator.com/item?id=28628849


This is what decline looks like


Has always been a cat and mouse game with things shaking sometimes.


+1 I have the same issue, receiving similar emails every day with iOS notification


It's astounding to me that the default behavior on the gmail app is to actually push notify on every email, and that millions and millions of people leave this on.

Phones must be insufferable for most people.


It's not every email, it's just the ones in the main inbox (as opposed to notifications, promotions, social, etc). At least for me, it usually maps almost perfectly with human-sent emails, so it's a good feature because I very rarely check my email manually.

It's pretty rare for me to receive more than a couple notifications a week at most.


At least with iOS you get asked the first time you install an app whether you want notifications or not. Android allows them by default, and apps are not shy to spam you to get to open them.


Best thing you can do is just hit the spam report button and wait. Spammers do occassionally get their hands on clean IPs or networks, and someone has to get the messages in their inbox for the crowdsourcing to work.


Yes, exactly the same type of stuff. And the other day a legitimate email from a company I was interviewing with (from an email address I have had two way communication with) got marked as a promotion.

Something's up here.


I am not in the US. i am getting spam from prominent US senators ("Nancy Pelosi Headquarters <info@pactothefutur) to donate to them through some click.ngpvan.com* links . it's only happened this month


Are you telling me that all those tough screening , bar raiser hiring and jazz can not produce a descent employee to solve this problem at google? I thought best of best of this universe works for FAANG. Amused.


Yep! I receive one from ovoluvil@gmail , He has send to me this file: fastmoneyFVba.htm Wich is some kind of virus. I do not have any idea about the last time I have receive something like that before.


Yes, I noticed the same thing the past few weeks, and it seems increasingly bad. I'm really surprised because 10+ years before this I don't recall even a single spam getting past the filter.


No. Gmail spam filtering seems to work almost perfectly for me, with maybe one false negative a month. I just went into my spam folder to look for false positives, and couldn't find one.


+1. In my case, it's not that many, maybe a few a week but enough for me to notice it. Most of them are offering "Free Online Quote" for car insurance and such.


This was a big problem for me, until one day I sat down and cleaned my inbox. Basically moving the correct things to the correct place and now I don't face this issue.


Yes, all in the last month. I've been using my email address for almost 2 decades, got maybe 3 spam emails in that whole time. The last month - at least 3 got through.


I'm not using gmail, but am seeing the exact same thing in the last 3-4 weeks with my email provider (Hover). Mine are all loan-related. Marking as spam has no effect.


Yes. Tons of home loan and home warranty spams.


Yes have been for a few years… almost as if it was blessed… been interested in building a filter via the api that actually works as well as the original gmail spam filters


Yes, I am getting lots of those recently. It has some Russian roots, senders names are Cyrillic and sounds Russian. I think someone found a loophole in Gmail antispam.


I've seen a few more recently. Some seem to use a hack of using a List-Id: header, which may reduce the spam score.

I also have to rescue valid List mail from the spam folder though.


Yes, I had about 4 messages in Inbox with CC list and an .html attachment, but they were all complete random letters.

Subject: X 6673 B 11 KZPV 5 V 6 BO 720 XGWH 8

Body: EC 3753 YK 6321 UXNS 487


I have been getting them daily and just got one like you mentioned 13 minutes ago.

Most are German, but now a lot of non-english letter based ones in last few days.


Same, since about two month. The name of my country’s brands, separated with dots or spaces. Extremely easy to detect, so why does it pass…


Yes, and somehow they're also marked as important even though it's from an unknown contact with none of my contacts CC'd.


Yes! I thought it might just be me. I keep clicking the spam button, but there are so many. But I went years with no spam messages.


Yes, email has become useless. I get upset when I receive really important stuff via email because of how easy it is to miss it.


Yes! I don't know if it's related but some emails I've recently sent went to spam in other people's inboxes.


For the past couple of months at least, yeah, i get prob, realistically, at least 3 a day.

I'm guessing i'm part of the new test spam audience.

brutal.


Yep, for the past couple months, I get a few a week that slip in. They all have garbage formatting and are wildly obvious.


Yes, I got an email of this exact type today. Over the last few months my gmail spam in my inbox has doubled or tripled.


Yup. Marked one as spam today and I seem to be getting a few every month, whereas before it was maybe one per year.


Yes, very obvious bitcoin scams with html attachments that try to execute script to redirect you to another webpage


Yes. And i've noticed they have a new trick that allows "images" to be loaded without my accepting.


Yes, I am getting the same kind of emails.


I still have this problem, but I don't know who can help me. Google does not give clear answers to this


Not only am I having more spam in my inbox, in the past month I have had a significant increase in spam.


I have also gotten these in the past week or so, same Cyrillic text, same Elon bitcoin attachments.


I’ve gotten a ton of spam and marking it as spam doesn’t seem to help. Gmail getting less workable


Yes. Some reaching the Primary box.


Yes, very noticeable. For me, it is exclusively @gmail.com addresses that get through.


Yes, this week I received the same kind of emails which bypassed the filter as well.


Yes! Just in the last couple of weeks, just the most bizarre spam getting through.


They're just using plain text a lot & very watered down language.


To filter email with .html or .htm attachement use :

filename:html filename:htm


I am getting AustraIians are making miIIions from Bitcoin daily. Or so.


Yep, got them for a few days last month, then they got caught properly


A lot. Especially American political spam and I'm not from US.


Yes! Thank you!!

The most obvious 2000s era spam is coming straight to my inbox.


Even Gmail spam filtering is one of the best, it has its limit. The solution is to use different email addresses (aliases) to control who can send us emails: if we start to receive spams at one address, we can just disable it.


Yes, looks like Russian text with attachments... About daily.


I wish recruiter emails counted as spam. Honestly don't why they don't. Some can't be bothered to include my name.

No, No one wants to live in Arkansas doing contract to hire for $30/hour working on some windows mess.

This is just junk mail


Yes, I've been getting a bunch for the past week or so.


Yes I get these exact emails, also get added to Google docs


Yes I can like 20 of those per day all to my primary inbox


Google crumbling under its own weight in yet another area.


I have also gotten this emails this last couple of weeks.


Yup, been marking them as SPAM and reporting to SpamCop


Yes. Received one this afternoon, as a matter of fact.


Yes! This has just started in the last week or so..


Yes. I send them to abuse@ every time I get them.


yep. I am starting to get very annoyed with it .


Yep, last 2 weeks about 10-15 emails per day


Yes I get at least one of those every day!


Just got that exact email moments ago.


Yes, getting a lot of these lately


Yes, it's getting more common.


yea spam with content like fsdboijhgghwghQIUXXXQQEWR even in the subject line getting through.


Yes with an attached HTML file.


keep reporting it and maybe they'll catch on lol or they'll read this.


Yes, loads of this exact thing


Yes, I get the same emails


It's still better than Outlook which regularly sends legitimate emails into the spam folder.


Yep same issue here.


Yes loads of it


Yes


Yes


+1


Yes


Yes, and I think it's related to an issue from earlier in July where gmail spam got way too strict.

Here's a thread where I walk through our hassle trying to get Gsuite support to try to acknowledge they even consider this an issue, let alone do something about it: https://twitter.com/JustinMcCammon/status/141761476919279206...

tldr; remove all bit.ly links from your emails

Google has massively messed up spam filters and we got confirmation that they are aware of the issue from Gsuite support (although it seemed like Google did not consider it a problem and was just the absolute worst to try to work with via support. Absolutely terrible at every interaction except one rep who had to fight the system to help us investigate).

We use Gsuite at work and ran into issues where in the middle of an email thread, with contacts we'd exchanged dozens of messages over many weeks and even months, suddenly the emails were being sent to our spam folder or worse, rejected entirely (which ends up being a silent failure unless you are really on top of your email logs or you have clients that pick up the phone and say "why haven't you responded to my email?" we had the latter).

We reach out and spent weeks going back and forth daily with Google "support". I'd spend hours on the phone with them going through steps to recreate it and trying to find workarounds. Aside from one good rep who acknowledged many other people were writing in about it at the same time we were it really seemed like Google could not care less.

At one point I got so desperate I searched on twitter to find other people complaining about things. I found a person who was willing to help me - she was on the other side of things - someone NOT using gmail trying to send emails to gmail users and getting the rejection bouncebacks all of a sudden. She helped me figure out some of the root causes. Turns out Google decided that all bit.ly links were bad and if one appeared in your email it was either rejected or sent to spam (we couldn't figure out why one or the other). With her help we figured out clear steps to reproduce the issue and I did so on emails I controlled to send all the email headers and such to Google thinking they would realize the obvious issue.

Turns out we had bit.ly links in our own company email signature and so what was happening is when a client would reply to our email and it would include our own signature in it then google would flag that email as bad.

In addition there were some cases where links to google docs or youtube (the irony!) were also getting flagged.

The only thing we did that worked was to set up custom exception rules in gsuite to always allow emails through that contained bit.ly links or gdoc links as well as turn off ALL spam filtering. Naturally we all got lots more spam but we also could get regular emails again, which was much appreciated.

I had a phone convo with someone at bit.ly since I figured they might like to know and maybe could apply some pressure to google but after running it up the ladder there they ghosted me.


Seen it too.

It must be all the pesky Russian disinformation that's everywhere, right? Surely google wouldn't tweak an algorithm to further anyone's narrative?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: