Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Google IT

Google Mandates Unsubscribe Button in Emails For Those Sending Over 5,000 Daily Messages (cnbc.com) 91

Google plans to make it harder for spammers to send messages to Gmail users. From a report: The company said it will require emailers who send more than 5,000 messages per day to Gmail users to offer a one-click unsubscribe button in their messages. It will also require them to authenticate their email address, configuring their systems so they prove they own their domain name and aren't spoofing IP addresses. Alphabet-owned Google says it may not deliver messages from senders whose emails are frequently marked as spam and fall under a "clear spam rate threshold" of 0.3% of messages sent, as measured by Google's Postmaster Tools.

Google says it has signed up Yahoo to make the same changes, and they'll come into effect in February 2024. The moves highlight the ongoing fight between big tech companies and spammers who use open systems such as email to send fraudulent messages and annoy users. For years, machine learning techniques have been used to fight spam, but it remains a back-and-forth battle as spammers discover new techniques to get past filters.

This discussion has been archived. No new comments can be posted.

Google Mandates Unsubscribe Button in Emails For Those Sending Over 5,000 Daily Messages

Comments Filter:
  • It's easy to add because it does nothing.
    • by PPH ( 736903 ) on Tuesday October 03, 2023 @02:33PM (#63897685)

      Oh no, it does. It tells the sender that he got a real live person.

      • My favorites are the ones with a compressed-to-shit pixellated .bmp of an "unsubscribe" button, where it's unclickable.

        • by Anonymous Coward

          Saw a complaint form with a text box and an animated "Submit" button that would keep running away from your mouse.

        • by mjwx ( 966435 ) on Wednesday October 04, 2023 @07:45AM (#63899067)

          My favorites are the ones with a compressed-to-shit pixellated .bmp of an "unsubscribe" button, where it's unclickable.

          Oh, I long for the joy of a merely unclickable "unsubscrube" button.

          The current trick is for that button to take you to a page where you enter your email address in (it doesn't tell you what you are doing it for) and then that signs you up to the mailing list again.

          What we need is real teeth to be added to laws like the GDPR for abusing our inboxes.

      • by Xenx ( 2211586 ) on Tuesday October 03, 2023 @02:47PM (#63897719)
        Not that I think this is the audience that likely needs the clarification, but you never know.

        If the email is coming from a known legitimate source, the unsubscribe link should usually work fine. If there is a decent chance the email is coming from a spammer, it's likely that clicking the link will encourage them to send you more spam as you took the time to interact with it.

        In the case of Google's one-click button, it's about having easier/better controls when working with legitimate senders and not about controlling the spammers. The threshold part, however, should have some impact. However, that impact will be tempered based upon how costly it is for the scammers to rotate out sending info.
        • by MBGMorden ( 803437 ) on Tuesday October 03, 2023 @03:22PM (#63897795)

          I know we love to complain (I do too, its fun), but honestly MOST of what makes it through to my actual inbox has a completely functional unsubscribe link. Its mostly things that I intentionally signed up for or at least made an actual action for (eg I made a purchase from a webstore and forgot to uncheck the box for their "Deals" newsletters).

          The spam filters are good enough that I very rarely get flat out spam like in the old days.

          • Most of the advertising that hits my inbox is spam by definition, sent by senders who do not verify email addresses when someone puts an email address into a form or when they buy a list before they begin spamming it.

            If the FTC were at all functional I could literally retire on the fines collected from these fucks.

            • Most of the advertising that hits my inbox is spam by definition, sent by senders who do not verify email addresses when someone puts an email address into a form or when they buy a list before they begin spamming it.

              Are you using Gmail? If yes, this experience don't mach the experience of most Gmail users. If not, is irrelevant in a discussion about Gmail.

              • I am using gmail, and I have been since early days.

                The spam filter catches most of the spam, but I still get spam in my inbox.

                There are also still false positives, only on new senders as a rule though.

          • by Xenx ( 2211586 )

            The spam filters are good enough that I very rarely get flat out spam like in the old days.

            I wish that was a universal truth. Large email providers have more tools, and a larger base to work with, that makes spam filtering a lot more reliable. Smaller providers are more limited in viable tools, whether it be cost or customer base, and as such tend to see a lot more spam. It may also be that the spammers know they'll have an easier time, and thus focus more attention there.

          • by kwalker ( 1383 )

            I wish this were the case for me.

            MOST of what makes it through my spam filter (But is spam) is bullshit McAffee, WebRoot, and even CoinBase invoices from hacked GMail accounts. I know it's from GMail because it passes their SPF and DKIM verification.

            Or hacked Yahoo accounts pretending to be a now-dead relative. It passes because their servers sign and send it to mine, making DKIM and SPF checks almost useless.

            • Gmail doesn't have a standard abuse reporting email address, and wouldn't monitor it even if they did. Google is the biggest sender of spam by far.
            • by Megane ( 129182 )

              This. After blocking most of the usual stupid sources, whether dodgy TLDs or IP blocks of dodgy hosting companies (usually in Europe or the 3rd world), guess where most of my spam comes from now? "Your order has been accepted" phishing spam from gmail. And clearly they don't fucking care.

              But if your SPF records are broken, too bad, automatic penalty box for you. A game I play is getting new user sign-up replies to gmail users blocked because apparently they had to change their outbound mail server and whoe

          • My mom was getting hundreds of spams a week, then I got her account and password (which has changed many times due to scammers and her gullibility). I started doing lots of marking of things as spam, a handful of unsubscribes, and now the inbox is actually usable again. The spam folder however has 50 spams just for today, 90% of them political click bait. It honestly reminds me of Jen's computer from The IT Crowd.
            https://www.youtube.com/watch?... [youtube.com]

            • You're wasting your time. Start over. That address is ruined.

              Make her a new email address at google, give it to family only.

              The $8/month I pay google to filter spam was totally worth the time and aggravation saved over the years.

          • by mjwx ( 966435 )

            I know we love to complain (I do too, its fun), but honestly MOST of what makes it through to my actual inbox has a completely functional unsubscribe link. Its mostly things that I intentionally signed up for or at least made an actual action for (eg I made a purchase from a webstore and forgot to uncheck the box for their "Deals" newsletters).

            The spam filters are good enough that I very rarely get flat out spam like in the old days.

            Much of it is still there in your Spam folder, in case you ever feel nostalgic.

      • by Anonymous Coward

        Google made this particularly worse recently.
        The Gmail block button used to offer a choice of "block" or "unsubscribe and block", where you could choose not to notify the spammer your address is valid.

        It recently changed to remove that option. The block button always attempts to unsubscribe so you always get future spam after the attacker changes domain names to avoid the block.

      • Yes, that's why I avoid the 'unsubscribe' unless it seems to be a reputable (rare) source.

      • by Krokus ( 88121 )

        This. Whether it works or not, clicking the "unsubscribe" button in an email tells the sender that they've got an active email account, which increases its value when they sell it to other companies.

        Don't click "unsubscribe" buttons.

  • by The-Ixian ( 168184 ) on Tuesday October 03, 2023 @02:31PM (#63897679)

    All legitimate e-mail in the US should already have this by law.

    The lack of the unsubscribe link is a pretty good first pass filter to differentiate spam and phishing messages from legitimate e-mail.

    • I don't know why but the democratic party has it in their head that I am even slightly interested in donating to any of their congresscritters, and worse, it's across multiple states, none of which I've ever lived in.

      Know what else? They have an unsubscribe button, and it doesn't work. Every. Single. One. I'd wager they all use the same mail platform, because they're all broken in exactly the same way.

      Worse, I even replied to a few of them asking to take me off of their list because I don't have anything to

      • by HBI ( 10338492 )

        Political spam is easy to deal with. Just donate to the opponent and make it clear you are doing so. Miraculously, political spam disappears.

        • This right there. Inform them that you actually are a supporter, but if they become enough of a nuisance, you'll go out of your way and support their opponent even though you don't agree with their position, just because they didn't go on your nerves.

      • I don't know why but the democratic party has it in their head that I am even slightly interested in donating to any of their congresscritters, and worse, it's across multiple states, none of which I've ever lived in.

        Know what else? They have an unsubscribe button, and it doesn't work. Every. Single. One. I'd wager they all use the same mail platform, because they're all broken in exactly the same way.

        Worse, I even replied to a few of them asking to take me off of their list because I don't have anything to do with them. The ones who have replied said they would remove me, except...the emails keep coming. I'm guessing they probably use the same mechanism to remove me internally, and it's similarly broken. They're possibly asking their tech bros to fix it, and they probably don't care.

        But it's ok, because politicians exempted themselves from the CAN-SPAM Act. So I've got tons of mail filters just for dealing with political spam.

        It's also entirely possible that they have a monthly update list that they scrape from some business associates like most spammy spammers do, and you've made the mistake of interacting with one of the businesses that "donate" *COUGH* their mailing lists to the spammy-spammer congresscritter's campaign. It happens more often than you'd think even in the political circles. There's always some weird justification hopping when they get called on it, but they're not that different from the big tech bros they cla

    • Re:Good for Google (Score:5, Insightful)

      by Xenx ( 2211586 ) on Tuesday October 03, 2023 @02:54PM (#63897729)

      The lack of the unsubscribe link is a pretty good first pass filter to differentiate spam and phishing messages from legitimate e-mail.

      It's ok as a first pass, but not really that great. A lot of spammers include an "unsubscribe" link and use it to flag you for more attention. In all honesty, the fact that Google is focusing on it actually concerns me. It's hard enough explaining to people to ignore the unsubscribe, but Google actively recommends unsubscribing when you mark something as spam. This is true even with obvious spam.

      • A lot hinges on what you define as an "unsubscribe link". Since this is Google's sand box, in theory they control that definition and its implementation. If they're serious, it's a snippet of code that must be in the e-mail, and when clicked it enters the recipient in to a database controlled by Google, not the sender.

      • After I set up my own domain with throwaway email addresses for everyone who asks for one, I started clicking the Unsubscribe links, because why not? I can just destroy the receiving address if they spam me. And then a strange thing happened...

        The Unsubscribe links actually worked.

        I had just assumed the common knowledge you shared to be true. Of the hundreds of Unsubscribe links I’ve now clicked over the years, however, not one has resulted in even more spam. Some companies may need me to click Unsubs

        • by Xenx ( 2211586 )

          I had just assumed the common knowledge you shared to be true.

          The common knowledge I said is true. I made another comment elsewhere that more specifically defined it. However, I said a lot of spammers use the unsubscribe nefariously. You're talking about legitimate emails you don't want to receive.

          • However, I said a lot of spammers use the unsubscribe nefariously. You're talking about legitimate emails you don't want to receive.

            Agreed, hence my own caveat paragraph. Apples-to-oranges, basically. Even so, the fact that Unsubscribe is as effective as it is was a shock and surprise to me once I started using it.

            • by Xenx ( 2211586 )
              As I noted, I went into detail elsewhere in the comments. To clarify: My stance is that if it's coming from an obviously legitimate source, it is safe to unsubscribe. If you're unsure, don't.

              Gmail does do a better job than most, but from my own first hand experience I've gotten proper spam through to the inbox that they've suggested I unsubscribe to. It's been happening more in the last few months. Maybe once a month or so recently.
        • by AmiMoJo ( 196126 )

          Since GDPR came in, most of these companies started using third party systems that are GDPR complaint. Maybe it's similar in the US with CAN SPAM.

          Under GDPR, it was probably illegal to spam you in the first place. Having a broken unsubscribe link is just asking for a fine.

      • It's hard enough explaining to people to ignore the unsubscribe

        Why would you ignore it? Spam filters these days catch virtually all spam. The overwhelming majority of things that hit an inbox are marketing materials from legitimate companies who have functioning unsubscribe links.

        There's no reason not to hit unsubscribe these days. Sending an email is virtually free. No one is optimising spam based on whether people click. You're already getting the spam if you can get as far as seeing the unsubscribe link.

        FWIW I used to subscribe to your view, and then one day I went

        • by Xenx ( 2211586 )

          Why would you ignore it? Spam filters these days catch virtually all spam. The overwhelming majority of things that hit an inbox are marketing materials from legitimate companies who have functioning unsubscribe links.

          Because that just isn't the case for a lot of people. I say this as someone that does internet/email support for a living. Further, I explicitly said spammers. You're talking about legitimate emails. That is not the same thing.

      • by AmiMoJo ( 196126 )

        You are looking at it from the perspective of an individual user. Google handles vast quantities of email for vast numbers of people, and they have actually been doing something like this for a while.

        If Gmail noticed that people who use the unsubscribe link keep getting spamming, they can block that spammer for everyone. It doesn't matter if using the link causes them to send you more spam, because Google will be sending everything from their mail server, every message linking to their website, directly to

        • by Xenx ( 2211586 )
          There is a difference between Gmail and all the other smaller providers. Given their belief that all email providers should have this, I can't base my opinion on how well Gmail does.
    • For distinguishing between "legitimate advertisers" and "shady, definitely con artists", sure.

      For distinguishing between e-mail I actually care about and e-mail I'd like to insta-delete and not see any more, not so sure. On my work account, I get email from supervisors, coworkers, colleagues, external business partners, external salesmen. For the most part, only the generic sales pitches from external vendors have "unsubscribe" links. And on my personal account, I get email from family, friends, open-sour

    • I am sorry but what should be in the law is that it should be absolutely illegal to subscribe any client to any newsletter. Simple

      It would also be nice to have significant fines for companies which subscribe anybody automatically.

      I am sick and tired of receiving emails for stuff like: "last change to take advantage of our discount!"

      The European GDPR already forbids these things but without significant fines... companies do not care. Period

    • by tlhIngan ( 30335 )

      Ironically, Google is currently the biggest source of spam for me. It seems that spammers set up a Google Groups with a random name, then add a bunch of email addresses to it. Sure Google sends you an email saying you got added, but their unsubscribe doesn't work - sending it to the unsubscribe link does nothing, and clicking the link wants you to log in and when you do, it just gives you invalid email address.

      Perhaps Google should verify that people who add emails to a google groups email list actually wan

    • Transactional emails (invoices, order acknowledgments, tracking info, etc) do not require an unsubscribe. Human to human direct emails also do not.

      So, I would not consider the lack of an unsubscribe link as any kind of indicator.

  • I already 450 gmail from google from senders I don't specifically allow. The general pattern is some_random_name_4-6digits.
  • Both Google and M$ are pushing things like DMARC and DKIM hard by rejecting emails which are unsigned or domains without SPF records. They are also both overtly forcing their proprietary 2FA schemes. While they can totally claim this is all to create "secure email" what it's also doing is breaking email for folks who have been operating small mail servers for decades. Once they provide the critical mass for user's to complain that they cannot send email to Google or M$ served domains, I'm seeing a lot of si
    • by HBI ( 10338492 )

      I dunno, i've been examining the more recent spam that gets through the filters, and it appears most of it is routed through Google from domains without valid DKIM but with SPF records of sorts. Since Google is delivering it, it isn't immediately flagged as spam, so we're back to Bayesian filtering.

      It doesn't feel like it's all bunk.

    • Both Google and M$ are pushing things like DMARC and DKIM hard by rejecting emails which are unsigned or domains without SPF records. [...] While they can totally claim this is all to create "secure email" what it's also doing is breaking email for folks who have been operating small mail servers for decades.

      What prevents these small email providers from implementing both SPF and DKIM?

      • by Wolfling1 ( 1808594 ) on Tuesday October 03, 2023 @03:39PM (#63897847) Journal
        Its less about the little guys being unable to implement them. Its more about Google continuing to slander everyone else (eg calling every non Gmail client a 'less secure client' even though Gmail is not the most secure) and now positioning themselves as the policeman. You can't be both the referee and a competitor, and when you're this corrupt, you shouldn't be either.
      • What prevents these small email providers from implementing both SPF and DKIM?

        A few things. One is just simple lack of know-how. They don't want to learn about it and understand what the record does and why it's a decent idea. Another reason is that once an SMTP server is setup, there are often filters, scripts, and config-file special features that are enabled. To reproduce all that in a newer SMTP server which supports creating the DKIM signatures isn't always possible for the unsophisticated person who has to hire a consultant to do the work for them.

        • Is there really much of an overlap between people nerdy enough to run their own mail server but not nerdy enough to be able to implement DKIM/DMARC?
          • Those are disjoint sets.

            They have no business running a mail server they setup on their own somehow if they couldn't figure out how to configure the mail server to properly talk to other mail servers including proving it is who it says it is.

            No excuses.

            • Yeah, so again, you just empower Google to stomp out the little guy "No excuses" still has impact, tough guy.
              • Google owns their servers and has a right to determine what standards are required of remote servers to se d mail to theirs.

                Th e little guy can figure it out or pay someone for an hour of time but if he can't figure it out himself why does he needs his own servers anyway?

                I've run email for as many as 12k people. It sucked. It also sucked running it for small companies of only 10-200. And it sucked to run it at home for 2 people. Email just sucks.

                • We have comparable experience. I do not find it difficult with or without DKIM/DMARC measures. However, I'm not talking about people like me or like you. I'm saying this is a calculated move by Google and M$ to capture more market share at the expense of the little guys, especially the non-techies. That's what I'm still saying and you haven't really said jack shit to put any dents in that. Giving me your resume didn't help.
                  • And I'm saying running an email server sucks even when you know what you're doing.

                    Why does a little guy need to spend time and money on his own e ail server when he can buy the services of Google, MS, or whomever for less effort and money, get less spam, not need to learn how to be a syadmin and mail admin and do what he's supposed to be doing: running his business.

                    The smart business person will outsource any non-critical function. I've never been at a company that hires their own in-house janitorial staff

                    • The smart business person will outsource any non-critical function.

                      I would agree with that only to the extent that it doesn't conflict with another old adage: "Never rent something you can own much cheaper." That's also a rule of a smart businessperson. One has to adjudicate the difference and in this case, I believe Google and M$ aren't just white knights crusading against spam. I think they may have intentionally polluted the email landscape to force a change in calculus, making something that was fairly straightforward just incrementally that much harder. I believe our

          • I'd like to introduce you to the vast world of small businesses. I'd wager a conservative estimate here and say that "literally every single" auto shop, florist, hole-in-the-wall toy train store, and so on with @companyname.tld email addresses had their email set up twenty years ago by someone's brother's stepson's classmate. Even to this day, there's a certain prestige in having a @companyname.tld email, and plenty of owners who "learned" Outlook or Thunderbird or Eudora or whatever email client was the pe

    • Erm - we use Microsoft for our mail system but maintain an on-site SMTP server for outgoing messages from various systems. Setting up DMARC and DKIM was not that hard at all. Anybody who who is running anything commercial, no matter how small the scale, should be able to accomplish that or they have no business operating in that space.

    • I agree but not because DKIM. There are plenty of landmines already -- especially for infrequent business newsletters. Google requires you to send frequently, consistently, and carefully review open rates and prune out non-engaged users (this is why there's so many 'do you still want to receive our newsletter' messages). They convert legitimate addresses to spamtrap addresses, punishing legitimate senders. And they just add more and more requirements to make it harder and harder for small business to mee
      • What's your solution to allow legit newsletters but still block spam?

        • Whitelists? Bayesian filtering? Shit that's already worked for the last twenty years? Do you even e-mail, bro?
          • Sure that's fine if you're your only user and your time has no value. Manually maintaining other people's mail sucks.

            Do you have any users, bro?

            • Manually maintaining other people's mail sucks.

              Bayesian filtering isn't manual and it protects against spammers with legitimately setup domains. It's better than DKIM if one had to choose the most effective method. So much for your "it takes too much time" argument.

              • Setting up the filters for the little guy requires a) knowing such a thing exists and b) knowing you should have them and c) knowing how to set them up.

                When I gave up running my own server at home, I had Bayesian and DKIM and every other acronym and mail filter technology and custom scripts I wrote to block certain IP addresses based on log activity and all sorts of shit. And spam still got through at a way higher rate than my gmail account. Fuck that, google is evil as all fuck but they do email pretty d

                • The hundreds of dollars it's cost me to have them manage my email has more than been made up for in my time saved dealing with this bullshit.

                  That's a value judgement and a reasonable option. I'm not hating on you for it. I'm just saying I suspect Google and M$ of more than just wanting less spam in the world.

                  • Google and MS and other smaller providers are in the business of making money. No dispute. But do you think dkim has no anti-spam value? Because that's what it comes down to. If dkim makes it harder to successfully spam or raises their costs then G/MS profit is a secondary effect.

                    Here's Google support's description which I think is fair,
                    "DKIM is a standard email authentication method that adds a digital signature to outgoing messages. Receiving mail servers that get messages signed with DKIM can verify

                    • It helps to know if the email comes from the actual domain and that it isn't spoofed. The real question is if that's valuable enough to go breaking mail systems that folks rely on but might not have an easy way to upgrade. I personally use DKIM on my vanity domains and for my mail server at work. So, I'd be a total hypocrite to say it was worthless. I'm just saying Google and M$ are pushing hard on this and I believe it's more for the squeeze they can put on small providers than any real concern they have f
                    • Any small ISP or business that can't figure out how to implement DKIM shouldn't be running their own mail. They're probably an open relay, not up to date on patches, etc, etc. It really isn't that hard to implement for someone who is technical enough to get setup email, DNS mx records, etc. in the first place. Especially an ISP has no excuse.

                      For everyone else just goofing off with their own mail server, I'm sorry, but either figure it out or go offline. DKIM is much more valuable to the internet as a wh

                    • Oh, sorry, I forgot to reply to your technical point. Yes, they can send from a DKIM valid domain but they'll have to make new domains all the time as old ones get black listed and they can no long spoof my bank or employer.

                      Not being able to spoof a major site is really important as that is the first step to scamming people out of their identity and money.

                    • Not being able to spoof a major site is really important as that is the first step to scamming people out of their identity and money.

                      I'm more sympathetic to this than any other argument I've heard yet, but I wish it were implemented differently. I also think you trust too much in MS and Google to have simple fair-profit for fair-service values. I do not. This is the company who intentionally ditched "Don't be evil." as a motto for a reason. I think you greatly underestimate the number of small operators for whom this is just a wasted cost and zero value. I work with a lot of small companies and many still find value in running their own

                    • I joined the net in 1987.

                      Anyway, if all these smaller shops find value in running their own servers, that's fine. They can keep up with modern standards. If they can't manage to implement dkim, what else are they not doing? Are they patching? Are they an open relay? Are they still bouncing emails like it's the 90s to let spammers know if there's an existing email account under a particular name, are they exposing the rest of the net to yet another hacked server being jumped off to attack others with ha

  • SPAM that Google specifically DKIM signed and is coming from their SPF confirmed server?

    Google and MS properties are the only SPAM senders that still send SPAM to me on a regular basis.

  • say what (Score:4, Informative)

    by renegade600 ( 204461 ) on Tuesday October 03, 2023 @04:25PM (#63897965)

    sorry, but I do not click on links in spam, even if it says unsubscribe. who knows what is really on the other side of the click.

    • by vbdasc ( 146051 )

      Unfortunately, for every one who doesn't click, there are a thousand average Joes who do.

    • On the other side of that link is someone who already knows your email address and is already spamming you.

      • No duh. Let's elaborate: By a user clicking anything, the user confirms they're a real person reading spam they received. A malevolent spammer, (and aren't they all?), could subsequently score the quality of this user's email address higher for future spam campaigns while ignoring the user's request to unsubscribe. After all, coding a functional unsubscribe function is just more undesirable work for a bulk email programmer living off the darknet.

  • I have a primary email account with a provider other than google. All emails received at that account are automatically forwarded to a gmail account where I usually read my mail (although I respond to emails via the primary email account).

    I hope this change won't result in my ~50 daily emails not being successfully forwarded to gmail because my primary email provider almost certainly forwards well over 5000 messages a day to gmail on behalf of their many clients and many, many won't have an 'unsubscribe' bu

  • by serafean ( 4896143 ) on Tuesday October 03, 2023 @05:07PM (#63898079)

    Same policy, but for a "List-Unsubscribe: " header, and gmail itself adds the button.

    Security issues: None
    Privacy: No way for spammer to know whether its an automated reply based on the header's presence.
    Bonus: works in other clients. (thinking of non-html capable clients)

    • My first thought as well. Why reinvent the wheel? List-Unsubscribe has been a thing for 25 years now. See RFC 2369.

      Well, okay, that was my second thought. My first thought was, "Fuck Google for trying to kill email again."

  • by Sandman1971 ( 516283 ) on Tuesday October 03, 2023 @05:56PM (#63898147) Homepage Journal

    Google should clean up its own house first. The amount of phishing and spam that comes out of Google mail servers is ludicrous (same with Microsoft). But I guess it's easier to block others that to fix your own problems first.

    • Are they actually coming from Google, or just pretending to?

      • Just checked one of these. SPF: Pass. Mailed by gmail.com

        I noticed if the spam utilizes a properly authenticated Gmail account, the mail reaches my inbox. Everything else Google seems to be pretty good at putting in the spam folder, but they give a free pass if you authenticate via Gmail it appears.
      • From google, either @gmail.com or gmail hosted domains. I'm speaking as a sysadmin who manages a pretty sizeable mail system. Google and MSN are responsible for a good percentage of the spam and phishing attacks out there.

  • We get an enormous volume of spam from Gmail accounts lately but the worst are week-long bursts from icloud and outlook.com. The spammers are just going to move there.
  • Try to report spam or outright fraud coming from Google lately? This is an e-mail that is clearly fraudulent, according to the e-mail transaction headers, it really did come from Google's servers. No matter what I tried I couldn't complain about it. Links don't go anywhere anymore, e-mail addresses bounce. Nothing works. They don't seem to care. Too many complaints I guess.

  • IMO, the solution to spam is very straighforward: large providers need to bounce all suspected spam automatically, instead of sending it to a "spam" mailbox (or worse, to the inbox). And the spam bounce should take precedence over "mailbox doesn't exist" bounce, so bounces can't be used for user enumeration.

  • Unsubscribe buttons don't work as people would expect them to. Okay, perhaps they do with reputable businesses who actually have a reputation to lose or potential fines to pay. But they don't work with general spam. All it does when you click an "unsubscribe" button is it tells whoever sent you the spam email that your address is active which means that instead of unsubscribing you'll end up receiving more junk.

After all is said and done, a hell of a lot more is said than done.

Working...