On Mon, Sep 12, 2022 at 3:11 PM Jay Hennigan via mailop <[email protected]> wrote:
> On 9/12/22 14:39, Brandon Long via mailop wrote: > > > I think if that were true, the amount of spam coming out of them would > > be much > > higher. Unfortunately, even a 1% false-negative rate would still result > > in a large > > volume. > > > > I think there may also be a material difference in the types of spammers > > and spam that > > are sent from Gmail to small providers, much less to individual server > > owners. There's > > a lot of specialization among spammers, since what's needed to get > > passed specific > > filters at scale varies greatly, and is a constant battle, so different > > targets look very > > different in the methods... even if the peddled products or scams are > > often the same. > > Why has Google recently made so painfully difficult for the rest of the > Internet to make them aware of gmail-originated spam? > Why do you think this is recent? AFAIK Google has never used abuse@ or postmaster@ addresses for useful spam reporting. Certainly the majority of reports there have never been particularly useful. > A working abuse address that can parse ARF makes sense. > > A web form with multiple fields requiring several cut/paste operations > sure seems like a means to deliberately make it very difficult to alert > Google to a spammer on their network. > > Even Spamcop has given up. > > By making it very time-consuming and difficult to alert Google to their > spam problem, it allows them to claim that complaints are way down, > therefore spam must be way down. Hint: it isn't. > > There should be enough AI expertise within the organization to come up > with a scheme to parse reports to abuse@ . The fact that a business > decision was made to make spam reporting very difficult speaks volumes. > Spam reports are only as useful as the reporter, and the reporting is generally very suspect. The signal in the noise for those addresses is small. I mean, some of these are easy to ignore, but do you have hundreds of users who go through every message in their spam label and forward them to every possible abuse@ address for domains in the message, and add the fbi and other three letter agencies as well? Repeat, this is for messages we already marked as spam. Now, maybe if more effort had been put into parsing that signal, there would be more signal to be had... but we already have to fight over abusive signups and attempted manipulation of web/imap/api spam reporting, A web form has the benefits of inheriting the usual spectrum of abuse signals that web logged in users generate, and requiring customers to provide the information that's actually needed. If one were to use ARF reports, one might start by validating that the reported message was actually sent by gmail, say by dkim verifying it... which runs afoul of the attempts by places like spamcop to prevent list washing by eliminating PII from reported messages. Barring that, you'd need to keep an internal datastore for all sent messages... which of course, is done by default (user's mailboxes), but those can be deleted. At this volume, you aren't doing any manual validation, you want them to be equivalent to "report spam" buttons, and then you have to build reputations for reporters, and feedback on spam rules and such, and feed the whole thing back into the pipeline... it can be done. But ARF reporting is never going to be a common tool for volume reports like this. Most of the major mailbox providers do have other feedback loops, many based on ARF, that can be used for this... but that has the benefit of being negotiated between providers, and less prone to manipulation... and much higher volume. Brandon
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
