Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Google's Gmail Phishing Warnings Give False Positives (vortex.com)

Posted by EditorDavid on from the green-alert dept.

Vortex.com is one of the oldest domains on the internet -- one of the first 40 ever registered, writes Slashdot reader Lauren Weinstein. So why does Google sometimes block the email he sends? Here's why. First, my message had the audacity to mention "Google Account" or "Google Accounts" in the subject and/or body of the message. And secondly, one of my mailing lists is "google-issues" -- so some (digest format) recipients received the email from "google-issues-request@vortex.com"... Apparently what we're dealing with here is a simplistic (and frankly, rather haphazard in this respect at least) string-matching algorithm that could have come right out of the early 1970s...! [A]t least in this case, it appears that Google is basically using the venerable old UNIX/Linux "grep" command or some equivalent, and in a rather slipshod way, too.
In addition, the article concludes, "I've never found a way to get Google to 'whitelist' well-behaved senders against these kinds of errors, so some users see these false phishing warnings repeatedly.

4 of 49 comments (clear)

  1. Probably an acceptable trade-off for Google by vadim_t · · Score: 4, Interesting

    With the huge volumes of data that Google handles, it's probably hard to do any better.

    AI style approaches can fail in quite unpredictable ways, and I think Google likely much prefers that too much is blocked than failing to find something obviously fishy but that gets through the algorithm for some obscure reason.

    Sometimes simple approaches are the way to go. You're going to have false positives and false negatives no matter what, the question is how much and in what circumstances. And this particularly scenario is unlikely to be all that common.

  2. Too whiny by Rick+Zeman · · Score: 5, Insightful

    C'mon, Lauren, with the 10's of millions of spams that google catches every day, some things are going to get caught by the filter that shouldn't be. Even if the filter is 99.99 effective that means there will be 1000 false positives in there...and yours is one of them. Shit happens. Adjust and move on.

    Apparently what we're dealing with here is a simplistic (and frankly, rather haphazard in this respect at least) string-matching algorithm that could have come right out of the early 1970s...! [A]t least in this case, it appears that Google is basically using the venerable old UNIX/Linux "grep" command or some equivalent, and in a rather slipshod way, too. is drawing a trend and a conclusion from one data point.

  3. Implement SPF and DKIM by Walking+The+Walk · · Score: 4, Informative

    GMail won't normally mark your email as spam/phishing if you've implemented basic mail server identification such as SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). This is well known, and I guarantee that if the author bothered to search for why their mail ends up flagged by GMail he would hit at least one of these two terms in the first few results.

    --
    A recursive sig
    Can impart wisdom and truth
    Call proc signature()
  4. 1970s by Known+Nutter · · Score: 5, Funny

    Apparently what we're dealing with here is a simplistic (and frankly, rather haphazard in this respect at least) string-matching algorithm that could have come right out of the early 1970s...!

    You mean like that vortex.com front page?

    --
    Beware of the Leopard.