from Hacker News

Ask HN: Is Gmail “Report as Phishing” Useless?

by andreynering on 6/22/22, 1:04 PM with 20 comments

I always received very few SPAM emails per month, but some months ago I suddenly started receiving from dozens to hundreds of SPAM emails everyday, and it never stopped.

Good thing they are detected as SPAM, but I'm still frustrated. These emails are surely phishing and they all follow about 5 templates, mostly about money or mature content. See one example: https://imgur.com/a/ySIdrWD

I have that setting to not show images by default, never clicked anything, etc.

I probably reported hundreds or thousands of these emails as phishing but it seems completely useless. These emails keep coming, and very very few of them are detected as phishing by Gmail.

Saw other people complaining about SPAM recently here on HN. Seems that Google is losing the battle against spammers...

  • by blakesterz on 6/22/22, 1:36 PM

    "Good thing they are detected as SPAM"

    and

    "Seems that Google is losing the battle against spammers."

    These seem like contradictory statements to me. I think what you're saying is that these emails end up in the SPAM folder? Doesn't that mean the spam/phishing filters are working? Or am I reading that wrong?

    Google's spam filters are one of the BIG reasons I stick with Google for my email. For my stuff, they work REALLY well. Very few false positives, and very few spam/phishing messages get through. Though looking at my spam folder looks very different than yours.

  • by jfoster on 6/22/22, 3:23 PM

    I don't think they're losing the battle. Many of the spam emails that Gmail misses don't require a fancy AI to detect. What I've noticed is that even simple heuristics could automatically catch them. As best I can tell, Google are simply insistent on trying to use fancy AI to catch what a simple heuristic won't miss.

  • by heretogetout on 6/22/22, 1:27 PM

    As a GSuite admin when someone submits a phishing report I get an email about it. No idea if Google does anything, though.

  • by winternett on 6/22/22, 2:04 PM

    Gmail is actively working to frustrate users into either paying or leaving the once free service in my opinion. The functionality of GMail has turned hostile towards free accounts in the past few years with constant notices of low storage (when there is still 20-15% remaining) to unnecessarily shrinking screen size of the email reading pane and insertion of ads into the UI. The configuration options are way too overcomplex for email, which has been around (without much functional advancement) for ages now.

    If a service starts out promising users it will be free, it should be held to that standard. To this day I don't understand why gmail and msft don't show originating email addresses (without needing to click on anything to see them) in order to reduce phishing and other mail scams, but in 2020 apparently frustrating users is much better for company profit than making and maintaining a highly useful and functional product...

    There are people who will say it's their product and it's free, but yes, that's what they promised to get us all to sign up to it years ago. Now that so many people use it unknowingly for IDAM, quitting it may not even be a good option, meaning that if charges are levied, it's borderline extortion by Google.

    I pay and sponsor Google in many other ways for using their services and product. They should have not lied if they wanted to convert Gmail from a free service into a paid service.

  • by ggeorgovassilis on 6/22/22, 1:13 PM

    I'm getting the same emails though far less and not on all my gmail accounts. If I ignore them for an hour or so, gmail eventually auto-flags them and they disappear. It looks like spammers found a way to adapt to gmail's spam filters dynamically.

    Edit: Also, I think gmail "crowdsources" spam detection to users - if enough recipients flag those emails as spam, gmail classifies them (retroactively) for everyone.

  • by aviranzerioniac on 6/22/22, 2:32 PM

    Nothing happens even after repeated reports. I've even had some from a *@university.edu and I don't think even reporting that to the University got any action from their part. I've been using Zoho for better part of a decade as a backup and it does better job than Gmail in my case.

  • by thenerdhead on 6/22/22, 2:41 PM

    I think it’s effective. I have an email list where I somehow got random contacts through a form of a popular content hosting platform where they didn’t combat against spam emails nor verifying them.

    When I send newsletters, those email addresses will mark my emails as spam although they aren’t. That makes my email provider lock my account if there is enough reports of spam to the point where I had to remove many emails from my list that I had no clue otherwise.

    Majority of those emails were gmail accounts. Thus I think about my experience every time I mark an email as spam.

    I assume the spam you’re talking about however will just cycle through reputable email providers to get into your primary inbox since the filters are hit and miss.

  • by yrgulation on 6/22/22, 1:18 PM

    Oddly enough, a password reset email from aws to my google hosted private domain email address was marked as phishing just yesterday. Sender’s email is no-reply@signin.aws.

  • by ThePowerOfFuet on 6/22/22, 6:20 PM

    > I suddenly started receiving from dozens to hundreds of SPAM emails everyday, and it never stopped.

    > Good thing they are detected as SPAM

    > I probably reported hundreds or thousands of these emails as phishing

    Spam and phishing are not the same thing. Reporting spam as phishing is not helpful, and might be harmful.

  • by spamuel on 6/22/22, 7:31 PM

    Related question - why is wiping out spam by catching spammers and scam callers not a high priority in the federal cyber mission? These things are so obnoxious and damaging to commerce.