What's happening with Gmail spam filtering?

The spam is quite likely coming via Google itself.

Google's mail servers have been compromised for several weeks now. It's commonly being used for infected crypto spam (all those "new traderbot" emails with the attached infected PDF, for example). I'm not yet sure if these are just compromised GMail accounts, or if the mail servers themselves have been compromised. There seem to be some reports on AbuseIPDB of intrusion attempts coming directly from Google's mail servers.

I've tried reporting it to Google (eg via SpamCop), and Google declines to receive reports. I have been reporting it through AbuseIPDB as well. Here is one Google mail server that has had over 300 abuse reports:

https://www.abuseipdb.com/check/209.85.167.48

There are many more, and I linked to a few more when I posted about it here on HN over a month ago:

https://news.ycombinator.com/item?id=32434810

I get about 10 per day. They all seem to come from hacked O365/Gmail accounts. All 4 of my Gmail accounts are affected.

It's all the same crap that's obviously spam.

"Dear Friend, I hope this email finds you well. I need your assistance in a matter..."

"You've been chosen!"

"Home Depot/TruGreen/Dicks Sporting Goods/ADT-Security"

"Invoice enclosed"

"You've received a direct deposit..."

"Hot sex "

I would guess that Gmail is simply a legacy/commodity function at Google, so they have spam handled by lower-end employees or even contractors.

To offer a singular data point, contrary to other posters here, I am not seeing this at all, and I pretty actively use my two Gmail addresses which have been active since 2005. My spam inbox regularly gets correctly categorized spam, and important emails still correctly land in my inbox.

I'm having the opposite problem. I have a custom domain email address through a webhost, which gets forwarded to Gmail. I've been using Gmail as my client since day 1 (around whenever Gmail first came out). Some time in early summer I stopped getting emails from my wife, who uses a plain Gmail address. I was missing messages in threads if she was the sender. This has never happened before. So I checked the logs on the webhost, and it turns out Gmail was rejecting mail sent from her with an error that her address is spam. And I don't mean it went into the spam folder. It straight up rejected the messages and wouldn't go to the Gmail servers at all. I found this crazy, because it was rejecting a Gmail address that has been used for years. And in message threads that included others with Gmail addresses. And if she emailed me to my actual Gmail address, it was fine and not spam. But her address (and only hers) gets marked as spam if sent to my domain.

So my solution was to start using Thunderbird. Her messages were never being rejected by my domain and all the threads are there intact.

Edit: This was the SMTP error that Google was telling my domain: "Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail, this message has been blocked."

For me, it just goes in cycles. For a couple of weeks, I'll get these spam emails from "Dick's Sporting Goods" telling me I won a chance at a Yeti cooler or something like that. These emails will make it through gmail's filter for a while, then they catch them, then they figure out how to get through again. That particular set of emails seems to be the only spam that ever makes it through the filter, but the cycle has been happening for quite a while now.

The opposite is also happening: I'm increasingly classified as a "promotion" when I write to my friends. I wrote to my close friend Natalie and I was like "Did you see my email?" and she said "No" and went to search for it, and eventually found it in promotions. I'm now treated as marketing or as spam, for some of my friends. This has been going on for some weeks now.

I started experiencing this myself a couple months ago, and of course searching for any sort of solution with modern search engines is a path to insanity.

Because almost all of the spam that is getting through - to me, at least - follows a very simple template - something that spam blockers should be incredibly good at handling - I was able to concoct a reasonable solution.

Google has this Apps Script thing* where you can deposit JavaScript and then schedule that JavaScript to run every minute. They expose a Gmail API and once you've given your script access to your Gmail inbox, you can process the unread messages and look for telltale signs of spam (for me, inspecting the subject for a regex match of `/confirmation#/i` has been adequate[0]) and finally move the message to spam. Since it runs every minute instead of on an event of new mail, new messages may appear unread for a short period of time.

* though there are options to deploy your project it is not necessary to do so in order to run the script on a schedule

0. https://gist.github.com/cfeduke/1dfb7f650b9abbfce549eddffc96...

The crazy thing is that on the last year I found emails from Google, and Apple, in the spam folder. Apple's were invoices... of which I get a couple a month (iTunes purchases, subscriptions). Google's I think were announcements for services, etc. tied to a Workspaces work account.

I can't think of no actions I did (in terms of identifying email as spam) that could suggest I might consider emails from Google or Apple, or any emails with that content, as spam. I mark things regularly, but almost always actual spam / phishing, or commercial mass emails from companies I have no relation with (banks, etc.)

They announced that their spam filter got to good and that they will allow political spam to go around their spam filter.

https://www.androidpolice.com/gmail-political-spam-experimen...

Same, i was clear from spam for so many years, now I sometimes have ten spam/phishing per week, for a few months now

I've recently had the opposite problem. I had an external host receive email for a domain and then forward to gmail. The message envelope is changed, and SRS records are updated to be from the forwarding domain and DKIM is valid.

However, over the last 2-weeks or so, Gmail has been hard rejecting the majority of the mail at SMTP time, which has caused a big pain!

I really wish I could say "trust all mail from this mail server, but please also do Spam checking".

I've been getting 2-3 spam emails/day and for many years received 0/day.

Migrated to Fastmail a few weeks ago. It's going swimmingly. The private addresses feature is brilliant. I can tell what service sold my address or leaked it, or otherwise gave it out somewhere against my consent. If Gmail allowed for private aliases it would thwart spam, but they won't implement it because they're anti-privacy.

Right now, it's actually not that bad for me, but I (and others) experienced something similar a year ago: https://news.ycombinator.com/item?id=28635313

I'm having the opposite problem. The spam filter keeps marking things as spam, when they clearly are not, and I have no way of telling it that they aren't.

Now, I mostly don't mind it, but getting credit reports swept off my inbox is starting to get annoying.

I constantly receive the same kind of gmail spam: there's a package for me. Half a year already, 3-4 a day, from random addresses like rp.6sgzBKV9UH@mail.4t2d3uxkxo.com / over corpegg.com whatever that is.

I have similar issue, but with a different flavor:

About 10 times per day I receive a blank email from an obviously throwaway spam account (e.g. vishal382190130 at gmail dot com)

For the life of me I cannot understand the purpose or goal of these emails, from the spammers' point of view. I've heard the theory that spammers will send "test" emails to check if a destination account is active... But every day? All the time? Is it possible somehow to assure the spammers that my account is active, and to start sending me actual spam, instead of empty messages?

Actually noticed the same. Saw a spam email and was confused. Had that gmail address a decade or two, and don't remember the last time I saw one.

Yup same here. I just figure it'll get cleared up "at some point"

Might be less to do with whats happening with spam filtering and more to do with the evolution and constant arms race spammers are a part of.

I don’t use gmail but I have also seen a big uptick in spam getting into my actual inbox over the last few weeks. I use a filter that hasn’t been updated in years, combined with spamhaus blacklists. To me this means something like spammers have found a way to evade spamhaus blacklists since they were the most effect block to spam in my email chain.

For me, it was happening for most of August. Each day, around 10-20 emails. They were mostly the same 10 emails, verbatim. It has stopped around 2 weeks ago. I have no idea how the emails could have gotten through. It was the most obvious SPAM you could come up with; it didn't even have any weird characters or anything of the sort.

Looking at all the comments here, it looks like they could just check for if the title contains Dick's Sporting Goods and then it'll be spam. Oddly... that's what mine are too. Is this going to turn into some weird bug / edge case where only Dick's Sporting Goods emails can get through the spam filter?

I found gmail's spam filtering amazing from 2004 until this year, where it's massively gone downhill and I've been getting tons of obvious garbage hitting the inbox and things I want from known senders landing in junk. Moved my business email to fastmail, perhaps personal will soon follow.

Late to the party here but if you scroll through the source of these messages, there are a few domains they use to host the "image" inside the message. Additionally some of the spammers try and use the "coord" HTML element to put links on their images.

If you create a filter to immediately delete the messages with "coord" in the source and these image domains you should be decently covered: iili.io, caringbridge.org, mailingghost.store

If anyone is interested in working towards root cause on this please let me know.

Ironically, as email services are making creating new accounts even harder, by adding mobile phone verification and Google outright blocking "untrusted" clients - spam count keeps growing from gmail and outlook (hotmail) domains. And looks like gmail spam filter ain't very good either, as no matter how many spam letters you mark as spam, one definitely will get through in the future. Another problem, that one cannot ban gmail or outlook domains for incoming spam, as most business contacts are usually using those.

Had an account since beta. Don't recall receiving a single spam email until a few months ago at the very least, and have been receiving one roughly every couple of weeks. Very odd indeed.

Same, had my first (very obvious) spam mails reach my inbox in months.

In the last month what services/website did you sign up for online/offline? They maybe the source of the leak/spam. Alternatively, your ID got into the spammers list via a service you must have signed up for prior, which must have got hacked recently. Another scenario is your acquaintance/friend ID must be compromised and they spam everyone on their contact list.

The spammers must be keeping it under 500 emails per day / gmail outgoing account to not go over google's thresholds.

This has been happening to me too but for months now.

Fot me, the spam that makes it through all comes from Gmail addresses. Maybe the filter is more lenient with Gmail accounts.

I've been having the opposite problem. Things are going to my spam that are obviously not spam. The worst part is gmail automatically deletes after 30 days, with no way to configure that time period. I had to email some people recently to check whether they had reached out to me because I realized it probably went to spam (it did). Who knows how much other stuff I've missed.

Hah! I thought all the new spam was because we had recently moved because it was all dressed up as fake home warranty and insurance emails but a bunch of it has an old name from a breach over a decade ago. (Someone used my email with their name to open an account so a ton of my spam is addressed to some dude named Danny.) I was like, "Oh look, Danny is back." lol

Old news for me. A few months ago, four or five messages a day during a month and then it stopped.

It was always the same template written in several languages, English, French, Spanish, with clear signs they were trying to fool the filters with fake unsubscibe links, long generated ids and business keywords.

Most of them were classified as spam, but one in ten passed through the filter.

Tangent: I've always wondered if forwarding spam (I don't use Gmail at all) to abuse@google.com works at all. Does marking spam from Gmail as spam count as reporting it? Or is Google one of those companies that either completely ignores spam complaints and/or makes spam reporting only work if you fill out a pain in the ass web abuse form?

It’s been like this for a year. I don’t use Google services outside of work, but my mom has early Alzheimer’s disease, and emails about outstanding debts or free gift cards can confuse her sometimes.

I don’t understand what Google engineers do every day. Google apps are the worst products I interact with: from Gmail spam to daily freezes of the YouTube app on my Apple TV.

Thats rare, I have my GMail address publicly available on the internet and haven't gotten a single spam email in my life

Check the raw email body and see if it consists of multiple encoded MIME parts. I'm seeing some spammers sending the message body as one part of innocuous content but then a different part is displayed when you open the email. I'm guessing this confuses the spam filter enough to let it through.

Same thing for me, last couple of weeks I've seen a few emails appear, before that I've not seen inbox spam for ages. I also started getting Drive share notification spam around the same time, until I turned notifications off, but new random spam shares keep appearing if I check the app.

Same here, I get spam everday. Too bad they are not able to catch it :( Where is their AI???

Once every 3 or 4 months I go for a week or two getting 2 or 3 obvious spam messages a day on gmail… it is weird because they are all nearly identical so it seems like it would be trivial to round them up once I mark the second one as spam.

Was just discussing this with a collage today. I’m getting random emails that are basically PDFs claiming to be crypto invoices from PayPal form random gmail addressees sent to me and CC’d to paypal@noreply.billing

I have been having this problem for at least a few months, when obvious spams by human eyes can get into my inbox daily. For example, I have to use gmail filters to remove the car dealership spams.

Happening to me on Outlook.

Full image emails that are all too obviously spam.

Same here, but lots of mails are not spam. I was loosing some important emails.

I don’t know but to me looks something wrong from Google side. Maybe they’ve tightened some filters.

I'm guessing they are tweaking spam filters and you're in the test pool.

I've had very little spam on any of my Gmail addresses for the last 3+ years

It started happening fairly recently to me, and it's not a gmail account, but another popular option. I don't know what caused it.

The same thing happened to me with Hotmail. It was previously great at spotting spam, but recently has stopped sending it to junk.

Yes, several phishing emails got through to my gmail in the last couple of weeks, which never happened before

We all being a/b tested....

What is your primary spoken language? What language are your emails coming through in?

I noticed too. For years I had exactly zero spam but recently a few got through

Same here, got 3 spam emails yesterday. It's been months since I saw that.

Glad it's not just me. Noticed this issue myself.

Have been enjoying ProtonMail.

Is this going to lead to a paid, improved spam filter subscription?

I've also noticed the occasional spam in my gmail recently.

My educated guess is that Political campaigns dumped a ton of money into Google and Google is whitelisting their trash

I haven't had any issues.

Midterms are coming up in the USA, expect the people in the tech companies to steer the technology in a direction that helps the party of virtue