I got a human being at Google to look into my problem and take action after sending a police report to Google‘s legal department certified mail return receipt along with a letter describing how someone was impersonating me and my business using a Gmail address in an attempt to commit fraud.
Yes, it was a pain to take all of these steps and it probably took about 3 hours but it was absolutely necessary considering there was no avenue for me to shut down this person otherwise.
show comments
jwr
I gave up on trying to report abuse to Google, Amazon or Microsoft. It seems reports simply get ignored and the big providers do nothing. I hope the FSF with its weight and media presence can finally do something.
Google, Microsoft, and Amazon are my major sources of spam. These days, this is where spam comes from.
At this point, they are also too big to block. We allowed this to happen, through neglect and laziness. Even in this discussion: how many people use Gmail as their primary email service?
show comments
urban_winter
Google suspend email accounts that get lots of spam reports. It happens a couple of times a year for salespeople in my company who use Gmass (a bulk email sending tool).
I mention it only as a useful data point, and in the absence of anyone else on the thread mentioning that Google have robust email abuse monitoring.
show comments
avian
Somewhat related to spam coming from Google servers, maybe someone can shed some light on what could be the motivation behind this activity:
In recent months I'm seeing instances where random personal mail accounts on a server I run would receive a barrage of mail in a short amount of time.
Mail seems to be bounced via Google Groups - they are sent from Google's IPs and have headers like X-Google-Group-Id, List-*, etc. all pointing to Google Groups. The actual group ID changes after each individual instance of this. However when I actually check e.g. the List-Archive URL, the group appears to be already been deleted.
The content of mail looks like it originates from various (legit-looking) random public web services, support requests, issue trackers, web contact forms etc. For example, a common reoccurring one is Virginia Department of Motor Vehicles (as in something like "thank you for filing a document #123 with us").
No apparent phishing links, no attached malware, no short advertisements snuck into a text field etc. Just automated replies from "noreply@"-type addresses.
It does not seem to be the case of trying to hide another attack (as discussed here for example: https://news.ycombinator.com/item?id=47609882) - over many instances I've not seen any other malicious activity. And this mail is filtered out easily enough based on Google's headers.
It all looks like there is some bot that a) creates a Google group and subscribes (one or more) random email addresses to a Google group and then b) enters the group's mail address into a bunch of random web forms that then send their automated responses to the group.
What could be the motivation for this? After the fact it's filtered pretty easily based on headers. It's not nearly enough volume to DoS the server. But why would someone go through the trouble of setting this up?
show comments
n3storm
I have been observing this for the last 2-3 years (4 postfix servers sysadmin)
Gmail cannot be whitelisted anymore: spam, phishing,...
On the other hand, if your users redirect twitter or linkedin notifications from their domain to a gmail account, Google claims you are sending too fast and is suspicious (and throttles or blocks ip).
Hilarious.
tag2103
Rhetorical question- but what is it going to take for the IT Community to start treating Gmail and the rest of the "too big to block" as adversarial entities and actually block them for their bad behavior. Pie in the sky I know.
show comments
danayfm
I was getting spam called constantly every 5 minutes (blocked by Google call screening) and the attackers made an error if sending a message with their AWS bucket url. I was able to submit an abuse report to Amazon and puff Amazon dismantled the entire spam group. No more spam since then.
Maybe try saying the spam has porn or inappropriate images?
cpncrunch
gmail, outlook and salesforce create about 90% of the spam that gets through blacklists. Salesforce is simple to fix: I just block anything from salesforce from our network, as it just seems to be 100% used by spammers. Gmail and outlook are the major problem, as there is no way of addressing their spam issue.
show comments
monegator
Unfortunately, the only thing that would work is to hire a bot service that would report the offending account en masse.
dev_l1x_be
Google took over email when they reject legitimate emails sent by small email vendors and at the same time sending this much spam.
talkingtab
Anyone interested in creating a CommunityEmailAlliance. Like dkim but with blocks on corporate email systems that allow spamming?
binaryturtle
I'm getting a lot, and I mean A LOT, spam recently from various "<IP in reverse notation>.bc.googleusercontent.com" domains. Not sure what can be done about that. But the uptick is very noticeable.
YesThatTom2
I’m old enough to remember when the FSF said that blocking spam was censorship. Good to see them wake up.
TheChaplain
It seems weird that Google wouldn't have some kind of observability alert on outgoing email. 10k emails per week is a lot.
show comments
vachina
someone hooked up their web app to Google Workspace email and the web app got pwned.
Google Workspace email is very generous with the kind of outgoing email you can send via their SMTP servers.
throwawaysoxjje
I wonder if this has to do with the massive number of google calendar invites I’ve been getting as payment/billing notifications lately.
I’ve not been reporting them because I already know they aren’t valid and do not google’s work for them
show comments
noobermin
It honestly is a bit dissapointing that most of the internet's "infrastructure" is tied up in large corporations that just get money for free by being the only provider and face little to no backlash (because of their monopoly) when they neglect things like basic customer service.
show comments
anonymousiam
Lately I've been using SpamCop.net to make spam reports. It seems to work, and it's free. You are encouraged to donate, and they don't ask for much.
It's not perfect though. For some reason, it doesn't find (or deliberately ignores) OVH hosts that are relaying spam.
show comments
tiku
I'm reporting every spamm mail that I get through Gmail from Gmail accounts but it doesn't seem to help!
Kim_Bruning
(I haven't run my own mail-server in a while. It's getting harder and harder.)
Are the real-time-blackhole lists still a thing?
If they're regularly allowing spam and not responding to reports in any sort of timely manner, possibly they should be reported to those.
Not going to work though, is it. Too big to fail shouldn't be a thing. It's not like you can't be flexible about it or give them some room to deal with it within corporate policy; but they do need to deal with it, right?
Realistically, I think some companies have outgrown the size where internet can still self-regulate them. You'd hurt yourself more than gmail.
This either needs laws or new game theory.
Or -you know- deprecate the current email system. I know that's a perennial proposal; but that's because every year it gets even more broken in even more interesting ways. It's patch-on-patch-on-patch at the moment. Just spinning up sendmail on a random box won't quite cut it anymore, if you want to participate.
Havoc
Crazy that you can even send that sort of volume from a gmail acc
dueltmp_yufsy
I wonder if they do not take this kind of thank that seriously so to encourage the paid tier for storage. I am teetering nearer my end to the free, mostly from all the emails over the years.
shevy-java
Google removed humans, so ... anyone able to contact real people at Google?
tjpnz
Spammer must be a whale spending untold amounts on other Google services.
TabTwo
Had Google trying to send me mails to non-existing mail-addresses over months. You would think their logs might catch something like that or they would react to my complaints ... they don't and they just dont care.
It sometimes stops for weeks, then it continiues.
from my logs as an example:
Nov 13 22:10:51 bert postfix/smtpd[2693931]: NOQUEUE: reject: RCPT from mail-oi1-x248.google.com[2607:f8b0:4864:20::248]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-oi1-x248.google.com>
Nov 13 22:12:07 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-ua1-x948.google.com[2607:f8b0:4864:20::948]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer1000@nerd-residenz.de> proto=ESMTP helo=<mail-ua1-x948.google.com>
Nov 13 22:12:18 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x346.google.com[2a00:1450:4864:20::346]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x346.google.com>
Nov 13 22:12:37 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lf1-x146.google.com[2a00:1450:4864:20::146]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer333@nerd-residenz.de> proto=ESMTP helo=<mail-lf1-x146.google.com>
Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com> to=<rmayer@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com>
Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x345.google.com[2a00:1450:4864:20::345]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayerrmayer@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x345.google.com>
Nov 13 22:14:03 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayera@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com>
As you can see, the to-address is generated and its different hosts at google trying to send mails.
Searching for zf.thesparklebar.com shows others having the same problem.
show comments
ModernMech
Ah yes, the tried and true method of getting into contact with someone at google: sending a blast to social media for an actual human, because Google literally makes it impossible to talk to anyone at all. Worst customer support in all of tech.
SilverElfin
Good luck. These big tech companies have no incentive to care about support or really anything that isn’t tied directly to making money. And unless you have a friend there, Google staff have no incentive either. Solving this won’t help with their promotions.
show comments
throwuxiytayq
Maybe they should try getting a paid Google Workspace subscription /s
show comments
nikanj
Contact a human person at Google, one who can actually do something about a ticket? I also have a good selection of bridges for sale!
PunchyHamster
Send DMCA takedown, that's only thing big companies seem to react. Without checking validity of it of course
I got a human being at Google to look into my problem and take action after sending a police report to Google‘s legal department certified mail return receipt along with a letter describing how someone was impersonating me and my business using a Gmail address in an attempt to commit fraud.
Yes, it was a pain to take all of these steps and it probably took about 3 hours but it was absolutely necessary considering there was no avenue for me to shut down this person otherwise.
I gave up on trying to report abuse to Google, Amazon or Microsoft. It seems reports simply get ignored and the big providers do nothing. I hope the FSF with its weight and media presence can finally do something.
Google, Microsoft, and Amazon are my major sources of spam. These days, this is where spam comes from.
At this point, they are also too big to block. We allowed this to happen, through neglect and laziness. Even in this discussion: how many people use Gmail as their primary email service?
Google suspend email accounts that get lots of spam reports. It happens a couple of times a year for salespeople in my company who use Gmass (a bulk email sending tool).
I mention it only as a useful data point, and in the absence of anyone else on the thread mentioning that Google have robust email abuse monitoring.
Somewhat related to spam coming from Google servers, maybe someone can shed some light on what could be the motivation behind this activity:
In recent months I'm seeing instances where random personal mail accounts on a server I run would receive a barrage of mail in a short amount of time.
Mail seems to be bounced via Google Groups - they are sent from Google's IPs and have headers like X-Google-Group-Id, List-*, etc. all pointing to Google Groups. The actual group ID changes after each individual instance of this. However when I actually check e.g. the List-Archive URL, the group appears to be already been deleted.
The content of mail looks like it originates from various (legit-looking) random public web services, support requests, issue trackers, web contact forms etc. For example, a common reoccurring one is Virginia Department of Motor Vehicles (as in something like "thank you for filing a document #123 with us").
No apparent phishing links, no attached malware, no short advertisements snuck into a text field etc. Just automated replies from "noreply@"-type addresses.
It does not seem to be the case of trying to hide another attack (as discussed here for example: https://news.ycombinator.com/item?id=47609882) - over many instances I've not seen any other malicious activity. And this mail is filtered out easily enough based on Google's headers.
It all looks like there is some bot that a) creates a Google group and subscribes (one or more) random email addresses to a Google group and then b) enters the group's mail address into a bunch of random web forms that then send their automated responses to the group.
What could be the motivation for this? After the fact it's filtered pretty easily based on headers. It's not nearly enough volume to DoS the server. But why would someone go through the trouble of setting this up?
I have been observing this for the last 2-3 years (4 postfix servers sysadmin)
Gmail cannot be whitelisted anymore: spam, phishing,... On the other hand, if your users redirect twitter or linkedin notifications from their domain to a gmail account, Google claims you are sending too fast and is suspicious (and throttles or blocks ip).
Hilarious.
Rhetorical question- but what is it going to take for the IT Community to start treating Gmail and the rest of the "too big to block" as adversarial entities and actually block them for their bad behavior. Pie in the sky I know.
I was getting spam called constantly every 5 minutes (blocked by Google call screening) and the attackers made an error if sending a message with their AWS bucket url. I was able to submit an abuse report to Amazon and puff Amazon dismantled the entire spam group. No more spam since then.
Maybe try saying the spam has porn or inappropriate images?
gmail, outlook and salesforce create about 90% of the spam that gets through blacklists. Salesforce is simple to fix: I just block anything from salesforce from our network, as it just seems to be 100% used by spammers. Gmail and outlook are the major problem, as there is no way of addressing their spam issue.
Unfortunately, the only thing that would work is to hire a bot service that would report the offending account en masse.
Google took over email when they reject legitimate emails sent by small email vendors and at the same time sending this much spam.
Anyone interested in creating a CommunityEmailAlliance. Like dkim but with blocks on corporate email systems that allow spamming?
I'm getting a lot, and I mean A LOT, spam recently from various "<IP in reverse notation>.bc.googleusercontent.com" domains. Not sure what can be done about that. But the uptick is very noticeable.
I’m old enough to remember when the FSF said that blocking spam was censorship. Good to see them wake up.
It seems weird that Google wouldn't have some kind of observability alert on outgoing email. 10k emails per week is a lot.
someone hooked up their web app to Google Workspace email and the web app got pwned.
Google Workspace email is very generous with the kind of outgoing email you can send via their SMTP servers.
I wonder if this has to do with the massive number of google calendar invites I’ve been getting as payment/billing notifications lately.
I’ve not been reporting them because I already know they aren’t valid and do not google’s work for them
It honestly is a bit dissapointing that most of the internet's "infrastructure" is tied up in large corporations that just get money for free by being the only provider and face little to no backlash (because of their monopoly) when they neglect things like basic customer service.
Lately I've been using SpamCop.net to make spam reports. It seems to work, and it's free. You are encouraged to donate, and they don't ask for much.
It's not perfect though. For some reason, it doesn't find (or deliberately ignores) OVH hosts that are relaying spam.
I'm reporting every spamm mail that I get through Gmail from Gmail accounts but it doesn't seem to help!
(I haven't run my own mail-server in a while. It's getting harder and harder.)
Are the real-time-blackhole lists still a thing?
If they're regularly allowing spam and not responding to reports in any sort of timely manner, possibly they should be reported to those.
Not going to work though, is it. Too big to fail shouldn't be a thing. It's not like you can't be flexible about it or give them some room to deal with it within corporate policy; but they do need to deal with it, right?
Realistically, I think some companies have outgrown the size where internet can still self-regulate them. You'd hurt yourself more than gmail.
This either needs laws or new game theory.
Or -you know- deprecate the current email system. I know that's a perennial proposal; but that's because every year it gets even more broken in even more interesting ways. It's patch-on-patch-on-patch at the moment. Just spinning up sendmail on a random box won't quite cut it anymore, if you want to participate.
Crazy that you can even send that sort of volume from a gmail acc
I wonder if they do not take this kind of thank that seriously so to encourage the paid tier for storage. I am teetering nearer my end to the free, mostly from all the emails over the years.
Google removed humans, so ... anyone able to contact real people at Google?
Spammer must be a whale spending untold amounts on other Google services.
Had Google trying to send me mails to non-existing mail-addresses over months. You would think their logs might catch something like that or they would react to my complaints ... they don't and they just dont care.
It sometimes stops for weeks, then it continiues.
from my logs as an example: Nov 13 22:10:51 bert postfix/smtpd[2693931]: NOQUEUE: reject: RCPT from mail-oi1-x248.google.com[2607:f8b0:4864:20::248]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-oi1-x248.google.com> Nov 13 22:12:07 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-ua1-x948.google.com[2607:f8b0:4864:20::948]: 450 4.1.8 <ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBD77RLFFQACRBZOX3DEAMGQEU5V3LXY@zf.thesparklebar.com> to=<rmayer1000@nerd-residenz.de> proto=ESMTP helo=<mail-ua1-x948.google.com> Nov 13 22:12:18 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x346.google.com[2a00:1450:4864:20::346]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer13@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x346.google.com> Nov 13 22:12:37 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lf1-x146.google.com[2a00:1450:4864:20::146]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayer333@nerd-residenz.de> proto=ESMTP helo=<mail-lf1-x146.google.com> Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<hc+bncBDO2ZDH5DIIOXB6ZZADBUBB2QEZ74@zf.thesparklebar.com> to=<rmayer@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com> Nov 13 22:13:08 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-wm1-x345.google.com[2a00:1450:4864:20::345]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayerrmayer@nerd-residenz.de> proto=ESMTP helo=<mail-wm1-x345.google.com> Nov 13 22:14:03 bert postfix/smtpd[2696594]: NOQUEUE: reject: RCPT from mail-lj1-x248.google.com[2a00:1450:4864:20::248]: 450 4.1.8 <ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com>: Sender address rejected: Domain not found; from=<ki+bncBDO2ZDH5DIIOXB6ZZADBUBFIYC6HQ@zf.thesparklebar.com> to=<rmayera@nerd-residenz.de> proto=ESMTP helo=<mail-lj1-x248.google.com>
As you can see, the to-address is generated and its different hosts at google trying to send mails.
Searching for zf.thesparklebar.com shows others having the same problem.
Ah yes, the tried and true method of getting into contact with someone at google: sending a blast to social media for an actual human, because Google literally makes it impossible to talk to anyone at all. Worst customer support in all of tech.
Good luck. These big tech companies have no incentive to care about support or really anything that isn’t tied directly to making money. And unless you have a friend there, Google staff have no incentive either. Solving this won’t help with their promotions.
Maybe they should try getting a paid Google Workspace subscription /s
Contact a human person at Google, one who can actually do something about a ticket? I also have a good selection of bridges for sale!
Send DMCA takedown, that's only thing big companies seem to react. Without checking validity of it of course