[NikhilVerma]

I am seeing Google constantly fail to catch obvious spam emails. At this point I suspect there is some institutional error on their part, where bad actors inside the org are allowing certain domains to simply not be spam filtered.

[chaoz_]

I've done some experiments with Gmail/Outlook/other spam detection clients on different types of spam/phishing etc. There's always someone who claims simple naive bayes algo would do better than Google.

I'm not able to share the research data, but Gmail filter is a lot better than everything else you see on the market, especially when it's not a newsletter-like advertisement spam, but an actual phishing attack on Org.

Some people say Outlook has better filtering func, but usually tests are not representative and Outlook simply has stricter rule for unwarmed-ip. Which is not that great of a feature in real world scenario.

[Beltalowda]

Anecdotally, I have to say I rarely have issues with FastMail's spam filtering, which uses SpamAssassin (not sure what their setup is exactly of course). I rarely get spam in my inbox (maybe an email or two a month), and it almost never marks things as false positives (last one was years ago).

[chaoz_]

SpamAssasin does ok only on subset of spam emails.. The problem is that underlying model is not capable to differentiate fake email from your boss (unless it's really simple) VS many other external emails you get.

I guess you would still want that 2nd level of protection for your ORG with sensitive data even if some "please buy X" - spam emails are still getting in.

Ofc Google is also not ideal :)

[Beltalowda]

> The problem is that underlying model is not capable to differentiate fake email from your boss (unless it's really simple) VS many other external emails you get.

But that's not really "spam", right? That's targetted phishing, which is quite a different thing.

[chaoz_]

If "spam == mail that user did not expect/want to receive", then phishing emails are also unwanted :)

It's all up to definitions, but yeah the two categories are different in nature.

[TheNewsIsHere]

My experience mirrors yours. Fastmail’s filtering is at least as good as Google’s for my inboxes, but Google and the other big players don’t seem to have spam filtering better than Fastmail’s on balance. Casually controlling for things like inbox age, I still get a bit more spam in my Google inboxes than in my Fastmail inboxes.

Once you’ve warmed up/activated the personal mail filter in Fastmail, it seems to work better than anyone else’s.

[2Gkashmiri]

how do mail delivery services work with this in protecting users from spam because their aim is to reach the inbox for their customers, spammers included

[r1ch]

I've been seeing some cleverly encoded emails with multiple MIME parts that bypass the spam filter. Gmail decodes one representation but displays another. Luckily the content they show to the spam filter is mostly static so a regular filter can catch it.

[prawn]

I mark email from someone spam over and over, and it can still get past Gmail. It's infuriating.

[2143]

Create a custom filter in Gmail to delete it; let it bypass the inbox and go straight to trash.

(There's a "Filter messages like these" option somewhere)

[krageon]

Your fix is essentially "roll your own spam filter"

[rsstack]

What's the other fix? Complain on Hacker News?

Yes, if something is bothering you enough - fix it on your own.

[2143]

No. I'm just saying if there's an address you simply don't want to read mails from (for any reason), there's a way (among many ways) to do that.

[prawn]

I'm aware, but I would've thought that marking something as spam would stop more almost-identical messages from the exact same email address. Having to create a custom filter for all the individual spammers that make it through is frustrating.

[fuckcensorship]

“Never attribute to malice that which is adequately explained by stupidity.”

[SoftTalker]

Sorry, a "your account has been locked, please reset your password" email to an .edu address from a gmail.com address is 100% always fraudulent, a 5th grader could tell you that, yet google lets it go through.

[rdpintqogeogsaa]

Could be a study to see how much response such an obviously fraudulent e-mail gets, sent from that same university conducting the study.

I admit that it's a fringe case, but it could be a thing.