[EwanToo]

I can believe it, I just don't know why it's not been customised to react to links to docs.google.com if it's such a high volume issue.

It's not a trivial problem by any means, but from the network security team's blog it doesn't seem like they've taken many of the steps that I'd expect prior to cutting off a very high traffic website.

[jacques_chester]

Time.

There's the nice clever intelligent solution which could be developed over a few weeks, or there's the fact that the phishers have decided -- for whatever reason -- to go apeshit today.

[EwanToo]

True, but in this case it seems like it's not a particularly new problem, just something that they've finally reacted to?

They actually mention sinkholing spreadsheets.google.com in this post from August 2011 [1], they actually say "There are also some forms which are more difficult to block ( I don’t think we’d be too popular if we sink-holed spreadsheets.google.com for example)".

So they've had the issue for years.

1 - https://blogs.oucs.ox.ac.uk/oxcert/2011/08/12/the-price-of-p...