Jump to content

Gmail doesn't get it?


rconner

Recommended Posts

While trying to report a job scam that contained a Gmail address, I tried (in vain) to find someplace on the Gmail website to report the abuse. I finally resorted to an e-mail to gmail-abuse[at]google.com. I immediately got a pro-forma response referring me to an abuse reporting web page.

When I went to this site, i was sent through a catechism and finally ended up at this page, which says in part:

Does the Message-ID field from the headers read [at]mail.gmail.com? Are there DomainKey or DKIM signatures included in the message headers? For more information on reading message headers, please click here.
  • Yes, the Message-ID from the headers reads [at]mail.gmail.com and/or there are DomainKey or DKIM signatures in the headers.
  • No, the Message-ID from the headers doesn't read [at]mail.gmail.com and there are no DomainKey or DKIM signatures.

If you pick "no" you get a lecture about spoofing and an inviation to send your report to spam[at]uce.gov.

Evidently, it is OK by Google for Gmail subscribers to use their addresses to steal from people, so long as they don't send the mail through Gmail itself.

-- rick

Link to comment
Share on other sites

Evidently, it is OK by Google for Gmail subscribers to use their addresses to steal from people, so long as they don't send the mail through Gmail itself.

Well that's not exactly the situation.

Anyone can pretend to be a Gmail user - and spammers often 'steal' an innocent users address.

So spam reporting is always reliably about the actual source of the junk and not about a forged Email address. Indeed, that's what a spamcop report will do - ignore the sending address and tackle the outgoing server. So, I'm sure that the Gmail advice is about tackling spam in general rather than the specifics of the situation you refer to which I understand to be the inclusion of a Gmail address in the message content.

Andrew

Link to comment
Share on other sites

So spam reporting is always reliably about the actual source of the junk and not about a forged Email address.

But this isn't about the source...it's about a "response address" included in the spam, which indeed should be actionable information when reported to an ISP, just as are spamvertised URLs, which are also reported to the responsible ISPs by SpamCop's reporting system. The SpamCop system isn't designed to report "contact addresses" found in spam, however, which is what Rick is needing in this case, IIUC.

Normally, you would send a report to "abuse[at]domain.name" (gmail.com in this case), but Rick has already tried that, and been presented with a bit of a "Catch22" form, in that their system seems only ready to accept spam that actually originates from the GMail system. I'm not sure if this is still the case, but some years ago, when the standard spammer MO was to use a temporary Hotmail or Yahoo account to receive responses, both of those providers would accept reports about "response addresses" contained in spam and do something about it. That's what Rick is needing, and it *should* be available, but when you're dealing with an entity as monolithic as Google, when there's probably no telephone support to call for assistance with this kind of issue, it's next to impossible to get their attention.

I'd suggest that you try a user-to-user forum, such as the Google Community:

http://www.googlecommunity.com/forum-14.html

or this one at EmailDiscussions.com, to post your issue:

http://www.emaildiscussions.com/forumdisplay.php?forumid=30

Perhaps someone in one of those venues will have some useful information about how to get Google's attention on such abuse?

DT

Link to comment
Share on other sites

But this isn't about the source...it's about a "response address" included in the spam, which indeed should be actionable information when reported to an ISP, just as are spamvertised URLs, which are also reported to the responsible ISPs by SpamCop's reporting system.

Correct. The perp publishes his gmail address in the spam, which is sent from some other location. Since the mail is a scam pitch (i.e., work for me and let me steal from you), we can assume that the e-mail address is supposed to be genuine, and in fact is vital to the operation.

I do find that Hotmail and Yahoo take action against such addresses. I sent the e-mail to Google, we shall wait and see what they do in this case. As of now, my fingering program indicates that mail is still being accepted by Google for this addy.

I'm also getting spam that calls out websites at googlesites.com (which are, of course, redirects to spam sites). Google does provide a web-based reporting facility for these.

-- rick

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...