50% of my spam are from a single Google Groups source - unsolicited job applications, all ending:
You received this message because you are subscribed to the Google Groups "jan-09" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to jan-09+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jan-09/0
14101da368d$0bdc8160$23958420$@gmail.com.
I cannot email that unsubscribe link because it says I am not subscribed. I cannot visit that page, I have not subscribed to that group. I've had to set up a special filter to look for that footer.
... Wait! You've indirectly helped solve the issue!
They are being sent to "info@" my domain, an alias that forwards to my real account. I set up a new outgoing account with that From address, sent from there, and managed to get Google to unsubscribe something I never agreed to in the first place.
It's been like this for a year, and with multiple attempts to fix it.
This reminds me, it would be nice if Google had an easy way to blacklist a sender and/or subject such that it wouldn't even go to spam. I have enough spam false positives that I needed to scan my spam folder periodically, and I'd love to have a way to permanently filter out regular crap in there. I've created explicit filters for some of the more prevalent ones, but a one click blacklist button on spam emails would be great. (Along with some way to edit the blacklist in case of mistakes.)
I had spam bounces coming from Microsoft. Someone had convinced MS that they owned my domain and was apparently sending spam via an MS SMTP server (failing SPF was apparently not a problem for them), and any that bounced were being sent to my server: the real mail server for that domain. I reported the malicious org and explained what I had found out, but they obviously denied that it could possibly actually come from themselves and misunderstood what was happening (took me a bit to puzzle that out as well, those mystery emails showing up in my inbox). MS sending out spam isn't my problem, but I figured I'd be nice. Alas.
Few months later, they started bouncing my server's new IP address and that, too, wasn't their fault of course: "we're not seeing a block for your IP address so there cannot be bounces". Denying reality is super effective. The punchline was that they had blocked the new ISP's whole range rather than just my IP, so they weren't getting any hits when searching for my IP address. I found this out through some back-and-forth with a friendly sysadmin at the ISP, who was also banging their head against MS' wall...
These people must be so underpaid they're probably giving MS money for the privilege to work for such a correct business
Plenty of dumps of stolen personal Gmail usernames+passwords, that anyone can feed into a bot that will use browser automation to sign into Gmail on those accounts and “hand write” some spam messages to send.
(If you haven’t realized, this is why Gmail has SMTP message origination disabled by default — these days requiring not only enabling it for your Gmail account, but also fiddling with app passwords to get it working. If it was enabled by default, the “spam from stolen credentials” problem would be so, so much worse. Whereas, at least with the webapp route, Google can block you if you look like a bot [i.e. if you’re doing an insufficiently good job at fooling them.])
I've seen mail from my work Google Workspace that I sent to my own personal Gmail get flagged as spam. It's me sending to me. Google to Google. Logged into both account on the same computer.
If anything I'm nervous to recommend Google because they flag too many legitimate emails as spam. After years of not checking, I'm checking spam again.
> mail from my work Google Workspace that I sent to my own personal Gmail
Does your company do outbound marketing/sales?
I've seen multiple companies spin up outbound email marketing campaigns where someone compiles a list of 5000 email addresses based on certain demographics, and then send automated emails (that look not automated) over the course of a month, rinse, repeat. Google Workspace will let you do this, but if you're too aggressive with email volume it can kill the reputation, and therefore deliverability of any email from that domain.
(Which is why most companies send outbound sales emails from a domain other than their primary domain to separate out the sending domain reputation)
I cannot email that unsubscribe link because it says I am not subscribed. I cannot visit that page, I have not subscribed to that group. I've had to set up a special filter to look for that footer.
I am not the only one with this issue. See https://support.google.com/groups/thread/68075070/i-get-goog... .
... Wait! You've indirectly helped solve the issue!
They are being sent to "info@" my domain, an alias that forwards to my real account. I set up a new outgoing account with that From address, sent from there, and managed to get Google to unsubscribe something I never agreed to in the first place.
It's been like this for a year, and with multiple attempts to fix it.
Thank you!