Seriously, the Gmail spam/phishing filter is horribly broken.

Delivered-To: MyEmailAddress@gmail.com
Return-Path: <client1@dockershippingagent.com>
Received-SPF: neutral (google.com: 173.201.193.62 is neither permitted nor
denied by best guess record for domain of client1@dockershippingagent.com)
client-ip=173.201.193.62;
Authentication-Results: mx.google.com; spf=neutral (google.com: 173.201.193.62
is neither permitted nor denied by best guess record for domain of
client1@dockershippingagent.com) smtp.mail=client1@dockershippingagent.com
Received: (qmail 18466 invoked from network); 29 Dec 2011 13:12:48 -0000
Received: from unknown (HELO localhost) (173.201.193.116)
by p3plwbeout16-05.prod.phx3.secureserver.net with SMTP; 29 Dec 2011 13:12:48 -0000
Received: (qmail 13713 invoked by uid 99); 29 Dec 2011 13:12:48 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 41.234.71.35
User-Agent: Web-Based Email 5.6.09
Message-Id: <20111229061247.78014317b47e9d0ab986e08a521d7d2b.9387052348.wbe
@email16.secureserver.net>
From: "=?UTF-8?Q?Google=E2=84=A2=20Error-Code=20Alert=20?="
<gmailupgradeteam@inbox.lv>
X-Sender: client1@dockershippingagent.com
To: g.team.upgrade.alert@gmail.com
Subject: Google error code alert ..
Date: Thu, 29 Dec 2011 06:12:47 -0700
Mime-Version: 1.0

<html><body><span style=3D"font-family:Verdana; color:#000000; font-size:10=
pt;"><div><br></div><div><br></div><div>Dear Account User's</div>
<div><br><=
/div><div>Over the next few days as we make Google Analytics for the end of=
the year default for all users, we are simultaneously rolling out the repo=
rt of error code & anonymous emails, confirm if you still want to conti=
nue with Google mail .<br><br>Reply Saying " ACTIVETE "<br><br>Happy Analy=
zing,<br><br>The Google Analytics Team </div></span></body></html>


I did some line wrapping, but that's about it. Perhaps Google should partner with IBM for a twenty year-old version of Watson (or attach Gmail to an iPhone and rewire Siri) to figure out that emails claiming to be from Gmail that they didn't send should probably be reviewed before they're released to the inboxes. Seriously, would holding suspicious emails for a few hours hurt anyone unduly?

I mean seriously -- Account User confirm "Google mail" -- with a sig that includes "Google" and "Team" should be enough for someone to figure out something phishy is going on. How about ANY From line with "gmail" in the pre-ampersand portion? This isn't even close to rocket science.

This should embarrass the Gmail team. It's hardly the first time phishing-as-Gmail has snuck through.

EDIT: I thought there was another recently. Two days ago.


Delivered-To: MyEmailAddress@gmail.com
Received: by 10.180.93.5 with SMTP id cq5cs335243wib;
Tue, 27 Dec 2011 06:44:25 -0800 (PST)
Received: by 10.68.74.167 with SMTP id u7mr64941924pbv.103.1324997063562;
Tue, 27 Dec 2011 06:44:23 -0800 (PST)
Return-Path: <users@anseude.com>
Received: from p3plwbeout15-06.prod.phx3.secureserver.net
(p3plsmtp15-06-2.prod.phx3.secureserver.net. [173.201.193.44])
by mx.google.com with SMTP id z4si32228704pbp.218.2011.12.27.06.44.22;
Tue, 27 Dec 2011 06:44:23 -0800 (PST)
Received-SPF: neutral (google.com: 173.201.193.44 is neither permitted nor
denied by best guess record for domain of users@anseude.com)
client-ip=173.201.193.44;
Authentication-Results: mx.google.com; spf=neutral (google.com: 173.201.193.44
is neither permitted nor denied by best guess record for domain of
users@anseude.com) smtp.mail=users@anseude.com
Received: (qmail 1725 invoked from network); 27 Dec 2011 14:44:22 -0000
Received: from unknown (HELO localhost) (173.201.193.115)
by p3plwbeout15-06.prod.phx3.secureserver.net with SMTP; 27 Dec 2011
14:44:12 -0000
Received: (qmail 9449 invoked by uid 99); 27 Dec 2011 14:44:12 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 41.151.168.164
User-Agent: Web-Based Email 5.6.09
Message-Id: <20111227074410.1a431ae06f0531ae35f54fefd79e03f2.bb414b03c5.wbe
@email15.secureserver.net>
From: "Gmail Team" <member.verification@gawab.com>
X-Sender: users@anseude.com
To: accounts-inc@gmail.com
Subject: Gmail Security Warning
Date: Tue, 27 Dec 2011 07:44:10 -0700
Mime-Version: 1.0

<html><body><span style=3D"font-family:Verdana; color:#000000; font-size:10=
pt;"><div><div style=3D""><div style=3D""></div><div class=3D"im" style=3D"=
"><div style=3D""><div style=3D""><div style=3D""><div style=3D""><div styl=
e=3D""><div style=3D"">Dear Valued Member,</div><div style=3D""><br style=
=3D""></div><div style=3D""><font size=3D"2" face=3D"verdana, geneva" style=
=3D"">We are currently upgrading our database security and We've noticed th=
at your account security is inactive.</font></div><div style=3D""><font siz=
e=3D"2" face=3D"verdana, geneva" style=3D""><br style=3D""></font></div><di=
v style=3D""><font size=3D"2" face=3D"verdana, geneva" style=3D"">To enable=
your account security: <a href=3D"http://gtrmn.com/GM/Gmailme/Gmail.h=
tm" target=3D"_blank" style=3D"">Click here</a>  </font></div><di=
v style=3D""><font size=3D"2" face=3D"verdana, geneva" style=3D""><br style=
=3D""></font></div><div style=3D""><font size=3D"2" face=3D"verdana, geneva=
" style=3D""><font size=3D"2" style=3D"">We are sorry for the </font>i=
nconvenience.</font></div><div style=3D""><font size=3D"2" face=3D"verdana,=
geneva" style=3D""><font size=3D"2" style=3D""><br style=3D""></font></fon=
t></div><div style=3D""><font size=3D"2" face=3D"verdana, geneva" style=3D"=
"><font size=3D"2" style=3D"">Sincerely, </font></font></div><div styl=
e=3D"">Google Mail =C2=AE </div></div></div></div></div></div></div><d=
iv style=3D""></div></div></div></span></body></html>


RLY? Have I started reporting not only as spam but as phishing scams? Yes. But if you're expecting human users to do the work of catching this stuff, you don't really understand 01s.



Fail.

Labels: