Emails going to spam folder in gmail

Peter Coghlan cctalk at beyondthepale.ie
Fri Jan 1 15:24:09 CST 2021 

> > My issue with Google and evil is that they provide no way that I can 
> > find to bring abuse of Google facilites (to send spam for example) 
> > to their attention so that the abuse can be stopped.  For example, 
> > someone has been testing my mail server to see if it can be used to 
> > relay spam by forging emails as coming from various email addresses in 
> > my domain name and addressed to check212014 at gmail.com and attempting 
> > to feed these emails into my mail server (which doesn't accept them) 
> > from compromised ip addresses.  This has happened nearly two hundred 
> > times over a period of five years now.  I have made numerous attempts 
> > to bring this to the attention of Google so that they could put a 
> > stop to this check212014 mailbox being used for this abusive purpose 
> > yet I have failed.  You seem to have the magic touch.  Can you let 
> > me know how to bring this to Google's attention?
> 
> What you describe is a well known spam tactic and is not Gmail -> Google 
> specific.  It is hoping to abuse a questionable setting of allowing 
> relay based on source domain, e.g. they are hoping that messages 
> purportedly from your domain will be allowed to relay through your 
> server(s).
>

You misunderstand.  What is Gmail / Google specific about it is that this is
going on for nearly 5 years using the same recipient mailbox because it is
so far impossible to let Google know about it so that Google can can delete the
mailbox being used to receive the results of the relay testing which would
force the spammer create a new receiving mailbox nearly every time they test.

Similar probing using receiving mailboxes on other major email providers
systems does not last last more than a day or two before the mailboxes get
deleted after mail admins reported them.

>
> Aside:  This is exactly why you should not allow relay based on the 
> purported source domain.
>

Anyone who tries to do that will rapidly find out that it does not work and
they certainly won't have to wait 5 years to find it out.

> 
> If the IPs perpetrating this attack are outside of Google's control, 
> then there really is nothing that Google can do.
>

There most certainly is something that Google can do.  They can cancel the
mailbox that is being used to receive the results of the relay testing,
provided it is possible to let Google know that the mailbox is being abused
that is.  I just don't have that difficulty with other major email providers.

Mike reports in another reply that he has unearthed a possible mechanism to
let Google know what is happening so maybe the problem has is becoming soluble
now.  It will be interesting to see if the mechanism he found works.

Regards,
Peter Coghlan.

>
> -- 
> Grant. . . .
> unix || die
>

More information about the cctalk mailing list