Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
dvh 2 hours ago

Any Gmail person can tell me why Gmail is tolerating Gmail phishing emails that use Google's own services (e.g. https://storage.googleapis.com/savelinge/... ?

More info here: https://news.ycombinator.com/item?id=46665414

torben-friis an hour ago | parent | next [-]

Spam is getting horrible lately. I get all sorts of new techniques including:

- using legitimate sites to bypass filters, like sending you a bill through a legitimate bill-creation site

- pretending to be a tracking service for something you supposedly ordered, then over the course of days pretending the package got lost on the way and offering a discount code for the 'purchased' amount, expecting you to use it on their phising site.

Gmail not only fails at spam classification, they classify these messages as important and nag you with first priority notifications and summaries.

dewey 2 hours ago | parent | prev [-]

The same reason spam filtering is hard. It's not possible to catch every misuse of the service without too many false positives.

dvh 2 hours ago | parent | next [-]

The same 5 urls has been used for 3 months

dewey an hour ago | parent [-]

That doesn't really change the fact that it's hard. Do you know how many full movies are on YouTube that infringe on copyright? How many pirated streams are hosted on S3? How many piracy sites are behind Cloudflare. It's just very hard to police at scale and if something is flying below the radar it will be there for a while. They probably spread out their assets over many accounts, or even use misconfigured buckets with write permissions to drop some files in there.

spaqin 22 minutes ago | parent | next [-]

I kinda lost the plot here - what does piracy have to do with spam and phishing?

em-bee 15 minutes ago | parent [-]

both deal with distinguishing legitimate vs illegitimate content.

unholiness an hour ago | parent | prev [-]

https://xkcd.com/277/

hydrogen7800 37 minutes ago | parent [-]

"It's so easy when you don't know how". I'm not sure if this phrase is in common use at all, or if I just misheard it once and attributed it to mean that when the details of a problem aren't obvious, its easy to conclude the solution is simple. "Why don't they just do ___?"

cyanydeez an hour ago | parent | prev [-]

Ok, it's even harder when you do not care because they people are either freeloaders or locked into your solution because it's a customized mess.