alt Hacker NewsAny Gmail person can tell me why Gmail is tolerating Gmail phishing emails that use Google's own services (e.g. https://storage.googleapis.com/savelinge/... ?
More info here: https://news.ycombinator.com/item?id=46665414
Replies
Google is fine with everything if it's their service. I've completely blocked *.bc.googleusercontent.com, because it's basically used as a spam farm for years now, but Google couldn't care less as they apparently can't be bothered to even slightly inconvenience their compute engine users.
The same reason spam filtering is hard. It's not possible to catch every misuse of the service without too many false positives.
Ah! I have no answer for it, but am happy, Virgil-like, to now have a theory why the same stupid, obvious "Costco" spam from an @gmail.com address keeps showing up in my inbox no matter how many I mark as spam.
They seem unable to prevent phishers from using their acquisition, AppSheet, to send relatively convincing, targeted (to nobodies like me) emails that make it to primary inbox.
So, pleas ignored, forward these recruitment scam emails to the legal/fraud/phishing teams of the impersonated brands. For a company without the appearance of caring (in my opinion), perhaps law firm letterhead can encourage necessary prioritization.
It follows the same logic as physical junk mail. We accept the fact that we will receive junk mailers in our physical mailbox and just toss them out.
That page looks phishing-related but doesn't appear to directly serving abusive content?
Does that XML get processed by a mailreader?
<ListBucketResult xmlns="http://doc.s3.amazonaws.com/2006-03-01"> <Name>savelinge</Name> <Prefix/> <Marker/> <IsTruncated>false</IsTruncated> <Contents> <Key>winbridge.html</Key> <Generation>1775478745793193</Generation> <MetaGeneration>2</MetaGeneration> <LastModified>2026-04-06T12:32:25.871Z</LastModified> <ETag>"3616712a8e68db66062a3f514b5fb7c8"</ETag> <Size>626</Size> </Contents> </ListBucketResult>
[dead]
Spam is getting horrible lately. I get all sorts of new techniques including:
- using legitimate sites to bypass filters, like sending you a bill through a legitimate bill-creation site
- pretending to be a tracking service for something you supposedly ordered, then over the course of days pretending the package got lost on the way and offering a discount code for the 'purchased' amount, expecting you to use it on their phising site.
Gmail not only fails at spam classification, they classify these messages as important and nag you with first priority notifications and summaries.