Wondering where that upcoming meeting with 'Cheap Viagra' came from? Spammers beat Gmail filters by abusing Google Calendar, Forms, Photos, Analytics... Spammers are abusing the preferential treatment Google affords its own apps to score free passes through Gmail's spam filters, it was claimed this week. The ad giant greases the wheels so that incoming messages involving Google Calendar and other Big-G appsvslide through the filters and appear in Gmail inboxes, to ensure stuff …
Your account has been locked due to a potential security vulnerability. If you wish to post a comment to this article please send an email containing your full name, postal address, date of birth and credit card number to account-unlock@theregister.security-team.x5f22s.bofh-phish.ng
You verify authentic of message by confirm address bar green padlock like genuine website do.
I don't use any of the Google services except Gmail, so when I had a calendar item in my inbox I knew right off the bat it was spam.
Then I tried to get my screen reader to read the "email" only to have it shit itself because the "message" was a fekkin' picture with no alt text.
Get a sighted person to describe it to me & learn the pic is "a swirly blob of colors on a white background. There's text in it obfuscated by the blobs. It wants you to click a link & visit a dating site."
Enough said. Deleted. Next email...
Fekkin' spammers need to die.
From outside of Google, Google services look like 99.999% spam. Essentially, Google filters their users from their abusers but doesn't care what happens to non-Google accounts.
I'm glad that Google's abusive customer base has grown enough to make Google suffer from its own policy of never giving a crap.
Somebody tried that gmail "confidential message" feature on me a couple weeks back. And what do you know, it ticks all the boxes for phishing scams: HTML mail along the lines of "X sent you a message. Click here and log in with your google credentials for yourmail@otherdomain, but be quick, this mail will self-destruct in X hours."
I'm totally using that template next time I do awareness training.
But more OnT: didn't the same exact effing thing happen to iWhatnots about five years ago, where calendar invitations would be automatically added to calendar etc., even from the spambucket?
About 5 years ago I wss working with a group of people who used Google calendar for everything, the set me up a gmail account so that I could be in the loop.
After a week I noticed advertising spam related to the calendar content coming to my inbox, I assume everything on their calendar is transparent to Google and used to improve your experience ™. Needless to say I declined syncing with my other emails.
So, does anyone know a reliable and cheap email only hosting company?
I wouldn't recommend ISP's email because you lose your address when you change ISP to get a better deal.
As far as I know, to get a good and reliable host for your own domain is a significant cost and unles you pay a professional to sort it for you requires tech savvy well above most. And it might be trouble free at the start, but four hosting companies I have used in the last 25 years started well but their service became dreadful after they were swallowed by bigger companies.
Not sure what I would recommend actually, especially to someone hard up for whom the cost of a domain means going without something else they want.
"So, does anyone know a reliable and cheap email only hosting company?"
Depends what you mean by "cheap". A few quid a month gets you Proton Mail, and I assume there are plenty of others at a similar price point. If you want to use your own domain there's a certain minimum of tech-savvyness required, but connecting said domain to an email host doesn't really add anything on top of that. If you're genuinely too poor to afford £50 or so per year, Gmail spam filters are probably not one of your major concerns, but if you're not so badly off it doesn't seem unreasonably expensive. Would everyone suddenly jump ship from the likes of Gmail if the cost was only £30 instead? I doubt it; cost really doesn't seem to be the primary issue, other than in a binary "is it free or not?" sense.
Edit: As a disclaimer, while I do have a ProtonMail account, I don't actually use it for my domain since they're very restrictive on how you can use aliases. They seem decent if you just want basic email services, but might not be much good if you have specific needs.
Many (most?) registrar's provide free email hosting with a domain name, which is suitable for personal use.
Example: I use gandi.net for my domain registrations. £6/year for a .uk domain with up to 5 email inboxes.
However most people are scared of a management interface with lots of options even if all they need to do is select the mail tab and add an address... so, they spend £300 writing bobtheplumber69@aol.com on the side of their van instead.
Ah, the eternal battle between the sword and the shield. Except, in this case, it looks more the damn holding back the lake has sprung a leak. Or it would be, if the damn hadn't been built with a hole in it in the first place.
In any case, the good thing that is going to come out of this is that Google is now going to have to find a way to vet legitimate messages from its own applications instead of just letting them through.
The fight against spam continues.
As I read it, these messages are coming from Google. The spammer sets up a Google Calendar account in the name of V.I.Agra and then sends meeting invitations to 1 millfon of V.I.Agra's friends.
I would feel sorry for a user whose name actually is V.I.Agra. Even without this.
Including spammers with gmail addresses. I'm one of their users and sometimes try to browse old articles in the archive of Usenet messages in Google Groups. This becomes impossible in some groups which have become choked with spam. The spam is invariably from a google account but any complaint via their feedback mechanism is completely ignored. I don't know how they handle their own non-usenet groups.
I correspond with a number of people whose addresses are gmail. Including two family members, and three with whom I've corresponded over organising music.
For the past few months, every message I've sent any of them gets diverted to their spam folders. This problem is unique to gmail: it hasn't happened to anyone with an ISP address, an own domain or work address, or other big providers like yahoo or microsoft.
Come to think of it, my brother probably never saw the email I sent as followup to our last exchange of text messages.
I have an Excite.com account that seems to close doors in several places. A Google user can "white list" you by setting a "filter" which directs your messages somewhere other than the spam box. I found some instructions which look intelligible although still quite complicated:
https://www.lifewire.com/how-to-whitelist-a-sender-or-domain-in-gmail-1172106
Happens elsewhere also. Which is why this responds is bollocks
"In addition, we offer security protections for users by warning them of known malicious URLs via Google Chrome's Safe Browsing filters."
Because the other day when checking the quarantined emails (I like to collect samples) one was allowed through because it was linked to Microsoft forms. So that part looked legit. They'd just exploited the fact Microsoft forms is free and shows as https. Stuck their malware crap and links on that.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
