Gmail Takes A Sledgehammer To The Techdirt Daily Newsletter When Not Even A Scalpel Is Needed
from the all-the-links! dept
As several subscribers to our Techdirt Daily Newsletter have pointed out to us, Thursday morning's edition was flagged by Gmail with the following warning:
"Be careful with this message. It contains links to websites hosting malware."
Of course, being a collection of the previous day's Techdirt posts, the Techdirt Daily email contains many, many links. Also, as it is something of a Techdirt policy to not spread malware to our readers, our writers are generally careful about the sites they link to in their posts. So, trying to track down which link might be to a site Google deems suspicious seemed daunting. But it turns out we didn't have to look any further than the third post to figure out what happened, the title of which conveniently contains the word "malware." Within that post, Tim Cushing included the domain name of a site that has been known in the past to distribute malware (in addition to squatting on a domain using the Electronic Frontier Foundation's name). It appears Google took that unlinked mention of the domain name as Techdirt carelessly endangering the digital lives of our newsletter subscribers, and stepped in to protect those subscribed via Gmail by throwing up the scary red warning banner and squashing every link in the email (even the unsubscribe link!).
While it's nice that Google tries to look out for its users by preventing them from inadvertently downloading malware, their approach is a bit over the top. First, if Google can detect which links in an email may be hazardous, why not just unlink or censor those particular links? And, in this case, the "link" in question didn't even exist. Google should be able to detect that and realize that no, we're not sending our readers to their doom. It seems obvious that Google should be able to handle this type of thing in a much more sophisticated way -- and you'd think that it would want to do so. People trust Google and many people use its products, and when it makes mistakes like this, it can cause real reputational harm.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
people still use gmail??
Stop supporting the beast.
[ link to this | view in chronology ]
Re: people still use gmail??
thanks! I am one of those dumbfucks still using gmail.
But I have been wanting to move off for a while just lack the 'motivation' to do so.
[ link to this | view in chronology ]
Re: Re: people still use gmail??
the only dumbfuck is you lol, most use it. grow a brain retard
[ link to this | view in chronology ]
Re: Re: Re: people still use gmail??
(But using gmail doesn't make you a dumbfuck.)
[ link to this | view in chronology ]
Re: people still use gmail??
I signed up for YouTube; a GMail account came with it. I did NOT get an option to decline. (A G+ account also came with it but that's another story.)
I have an employer provided smart phone. In order to use Google Play I have to have a GMail account or I can't download even the freebies. And it's still prompting me for credit card information which I haven't (and still don't intend to) provide.
Now I'm thinking of subscribing to the email newsletter and sending it to one of the GMail accounts just to spite them.
[ link to this | view in chronology ]
Re: Re: people still use gmail??
[ link to this | view in chronology ]
Re: people still use gmail??
I use Google Apps for my biz. Not perfect, but it works.
[ link to this | view in chronology ]
Re: people still use gmail??
[ link to this | view in chronology ]
Re: people still use gmail??
No, a dynamic one won't work properly. If your IP changes, you will lose messages until the nameserver updates (depending on the retry). Why risk it?
I ran my own server for years, I'm glad to use gmail. I just link my domains mx records to gmail, and it works great. What's wrong with it?
It does 99% of what I want.
[ link to this | view in chronology ]
Re: Re: people still use gmail??
It's easier with a static IP, certainly, but you can make it work reliably with a dynamic one.
[ link to this | view in chronology ]
Re: Re: people still use gmail??
I've not used this, but I've run mailservers for years on a dynamic IP. You point it at your ISP's mailserver ("Smarthost") or contract with another server out there. Sendmail, exim, and postfix (and I expect iRedMail) can all handle this easily. It's very nice to have the power to configure it to your specific taste.
[ link to this | view in chronology ]
Re: people still use gmail??
[ link to this | view in chronology ]
Gmail is a third-rate mail service, at best
[citation: a guy who has been running email servers of all shapes, sizes, and purposes for 35 years]
Oh, and: you can bet everything you have that it (along with the others I mentioned) have long since been completely backdoored, via legal compulsion or other means. Every government on this planet wants that data, and they will get it even if they have to kill for it.
[ link to this | view in chronology ]
Gmail has been great as my domain email provider
[ link to this | view in chronology ]
Re: Gmail has been great as my domain email provider
I suggest that you peruse the archives of the "mailop" list for starters, for a glimpse at the tip of the iceberg of those. Then consider that the view you'll gain from that is only a tiny fraction of the whole and extrapolate how big the problems really are.
Don't get me wrong, I'm glad it works for you. That's happy. But it really IS a third-rate service.
[ link to this | view in chronology ]
Better safe than sorry...
I'm all for gmail warning me about malware. TechDirt should be glad gmail just labeled the email an allowed it through rather allowed the email through rather than routing it to a spam folder.
[ link to this | view in chronology ]
Re: An email looking to bypass malware filtering could (and some do) say to cut and paste the link.
[ link to this | view in chronology ]
Re: Better safe than sorry...
OTOH, if a false positive sends the email into a triage bin which you have to access in a particular direct way, that's not at all good.
Example: My thunderbird client downloads from a server ultimately run by (I think) microsoft. Items in the "junk" bin were not getting downloaded, so I could not see them to unflag them. Had to use the web client to access the account "directly", to unflag them. Also discovered a flag controlling that behavior. ... which also required the web interface to set.
[ link to this | view in chronology ]
Re: Better safe than sorry...
[ link to this | view in chronology ]
Come on, you already know the answer to this: because they have no way of magically detecting "this link is harmful" with perfect accuracy. But if they find a link that does match a known-harmful site, it's very reasonable to assume as a heuristic, even if said heuristic is not always correct, that other links in the email may well point to sites that are harmful even if Google does not know that they are harmful.
Having said that,
...yeah, that's kind of silly.
[ link to this | view in chronology ]
Hello? You're seriously suggesting gmail modify the recipient's email to say what they think it ought to say?? Modifying the sender's copyrighted content? Hello? Hello? Censoring? Unlinking? What if their automated editing is w-r-o-n-g about some sites? What is some sites find a problem and fix it but gmail presents the email recipient with a removed link? Hello? Anybody in?
Isn't this site up in arms about ISPs fiddling with delivered content (eg inserting Javascript for ads/warnings/whatever). And now you're suggesting the same trick (modifying content) in email?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Personally, I appreciate their method. Nothing was censored (the original email came through as intended), but a warning header was added.
The email contained a link to a site known to host malware and phishing documents. I'd rather their heuristic catch this and warn me than not catch it the next time someone sends out a modified daily email where the links go to phishing sites instead of the legitimate sites.
The fact that it wasn't an active link doesn't really matter either; real phishing mails often handle things in a similar way.
The only real fail here was that they didn't remove the malicious classification when the site got taken down. Yes, Google SafeBrowsing still has the site listed as malicious -- as a result, a number of other domain blacklists have also been (temporarily) blocking the domain. As of this post, it appears only Google is still doing so; everyone else can see that there's nothing bad there now.
[ link to this | view in chronology ]
Re: Re: Re:
Yes, they did. They unlinked links. That's modification.
They added context to it, which in the circumstances wasn't warranted.
They did that too. And, at the very least, they could have been more direct in that as well -- letting users know WHICH URLs were the concerning ones, which would have cleared up some of the confusion.
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
1) trying to get in touch
2) trying to speak to someone
it thinks it is the dogs danglies and can do whatever it wants while at the same time ignoring things when it gets them wrong, which basically happens on a daily basis. if it were a bit less interested in money and a bit more interested in giving a good service, this sort of problem wouldn't arise!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Never build something bigger than you can run. If you can't handle it: turn it off and step aside, make way for those who are superior to you.
[ link to this | view in chronology ]
Re: Re: Re:
How many thousand million users do Google have?
How much are you prepared to pay for customer service?
How good is your ISP's customer service? They have a smaller user base to look after than Google and you pay them for service.
Google offer free services, (actually financed by advertising) on a take it or leave it basis.
You do not get the scale Google's user base, Gmail has 900 million users, so 500 people is not even a start on the size of a customer service team needed to provide a human response to problems.
[ link to this | view in chronology ]
Re: Re: Re:
Mandatory, but often ignored. There's plenty of mailservers out there that roundfile all mail sent to postmaster. Thank the spammers for deluging them, filling them full of crap.
[ link to this | view in chronology ]
So you want everyone to build there own email server?
99.5 of the people that use the internet these days are clueless F#@&s. I do NOT want them building email servers. The servers will become spambots, or worse.
[ link to this | view in chronology ]
Re: So you want everyone to build there own email server?
Sure, yet a lot of the spam I get comes from gmail users. How 'bout that? You'd think something as big as Google could police their spammer problem, yes? It's not that simple. Spammers are the Internet's cancer, explosive destructive growth any time you close your eyes for a couple of winks.
I don't blame Google for this. I blame the assholes who sell spamming services to clueless users ("get rich quick!").
[ link to this | view in chronology ]
Re: So you want everyone to build there own email server?
People seem to have forgotten that, that's how we used to do it before HotMail and browser based email clients.
Linking to a local email client, via POP or IMAP is trivial, and certainly no more difficult than setting up a Gmail or Hot mail or Yahoo account.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
DUH!
[ link to this | view in chronology ]
Re: DUH!
[ link to this | view in chronology ]
Actually, they kind of did
So the email contained a post that included the hostname.com of a malware site. It was not encoded as a *clickable* hypertext link, but a domain name is, essentially, a plaintext link. And spam emails do sometimes include plain text URLs, telling people to cut and paste the URL into a browser. Thus Google was entirely in the right to warn people about a malware link in an email, though specificity would be nice, too.
If I have to choose between Google warning me about malware URLs in my email and not warning me, I'm gonna choose warning me. And TechDirt *admits* that the domain *was hosting malware*, so the warning was accurate.
[ link to this | view in chronology ]
Re: Actually, they kind of did
The site was no longer hosting malware -- as the story noted. The story was about how the domain was taken away from the malware distributor.
[ link to this | view in chronology ]
Re: Re: Actually, they kind of did
If an email contains a reference to a blacklisted url, that's a valid metric to use in marking the email as potentially dangerous.
False positives happen. It's not the end of the world.
[ link to this | view in chronology ]
Re: DUH!
Let me re-word that for you:
They found one bad link, so they disabled every link. All it would've taken was a "ping -c 1 $IP_ADDRESS"
Maybe that's in the next version.
[ link to this | view in chronology ]
Welcome to nanny-net
"Be careful when using this website, it may display links to sites that host malware"
[ link to this | view in chronology ]
Re: Welcome to nanny-net
Nanny-net would be if they "made everything safe" for you, and you never saw the stuff they thought might be bad for you.
[ link to this | view in chronology ]
Re: Welcome to nanny-net
This is a good thing.
[ link to this | view in chronology ]
Re: Re: Welcome to nanny-net
Well yeah, if you're foolish enough to still be running Microsoft software. Maybe Apple too; I don't know since I've been running Linux & *BSD since ca. '93.
I've never felt the need to use Chrome. YMMV.
[ link to this | view in chronology ]
for an AI this is a very intelligent approach.
[ link to this | view in chronology ]
Google are doing the proper approach. They're warning users that you refer to malware in your post without modifying the content without the sender's knowledge, but simply adding a warning for the non-tech-savvy. And while you may argue they modified "the email", they did not modify the actual "content", but merely added a warning.
All your proposed options would open much worse can of worms.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Google are doing the proper approach.
Uh, the point is they were ALREADY unlinking, but unlinking much more than necessary.
All your proposed options would open much worse can of worms.
By asking for less modification? How so?
[ link to this | view in chronology ]
I didn't see that message
[ link to this | view in chronology ]
Re: I didn't see that message
Just rhetorical. Something you might like to consider. :-)
[ link to this | view in chronology ]
Re: Re: I didn't see that message
[ link to this | view in chronology ]
Don't do that.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
my email
[ link to this | view in chronology ]
Re: my email
Or... Are you having some sort of trouble accessing your personal gmail account and having trouble doing that? Because there is no way any of us could know the state of your account.
(And no, the article does not imply in any way that anything happened to gmail servers or the google login servers.)
Or is this something else entirely?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This is a worst practice in mail system engineering
Thus the problem here isn't that they did it and got it wrong, the problem is that they did it.
Of course, as everyone should know, the idiots running Gmail not only do quite a very things very poorly, but they are too arrogant to pay any attention to those of us with vastly superior knowledge. They continue to insist on their way despite the fact that we see it fail -- all day, every day.
Not that the ignorant and inferior people using Gmail will admit this, of course: they'll just blunder along and bleat like the little sheep they are about how spiffy it is, never stopping to consider that when the Internet's senior email experts all concur...they're probably not wrong.
[ link to this | view in chronology ]
Re: This is a worst practice in mail system engineering
[ link to this | view in chronology ]
Re: Re: This is a worst practice in mail system engineering
Yeah, my guess is they've never run an email server. Even for a single person box on a dynamic IP, there's a lot of stuff to come up to speed on. For something like thousands, or tens of thousands, of users it gets real complicated fast when you've multiple versions of Microsoft and Apple and Linux/*BSD coming in using anything from beige box '386 through 64 bit or Android/iBauble.
Add in POPn, IMAP, clamav, procmail, personal taste, TLS, your ISP's Smarthost wants you to connect using port $blah, and where do you stick your ISP password in what file to enable transmission, and which email server are you running (they all do it differently in frustrating, very educational ways)?
Life.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
In conclusion...
Techdirt posted the URL - in text form - of a site that used to deliver malware, but which no longer delivers malware, and Google altered the entire posting by adding a text header warning receivers of that posting that the content contained links to known malware delivery sites, and disabled all other links in the posting by deleting all the code from the posting that made those links active.
a. the link to the X-malware site was in text form, meaning nobody could inadvertently click on it and go to a malware delivery site. They would have to actively copy and paste the text into the browser address field and hit enter.
b. the site no longer delivers malware - the actual content of the article explains exactly that fact - so the header was 100% incorrect, warning receivers of the posting about something no longer in existence, and the text link was in no way a danger to anyone, whether it was an active link or not.
c. rather than delete/alter the offending text string that represented the X-malware site's internet address, Google deleted the code that made all the other URLs in the post active links and left the offending text URL unchanged.
d. because they did not bother to identify the offending link to receivers of the posting, and did not alter that offending text in any way, receivers of the post were just as threatened by the inactive text link, as they would have been had Google done absolutely nothing.
I think that just about sums it all up.
I would have simply turned the inactive text address into an active link that took idiots who clicked on it, directly to Google's "Learn More" application. Of course, that's assuming that I was clueless about the fact that the site was no longer a threat.
---
[ link to this | view in chronology ]
This is quite strange
My email address hasn't changed, so WTF?
[ link to this | view in chronology ]
Re: This is quite strange
Testing it by posting sequential snippets (repost the whole thing in sequential posts with just one sentence per post) tells me its a specific WORD, or PHRASE, which a spambot reacts to.
Everything gets published except the one snippet that contains either the word or phrase that the spambot is coded to react to.
Instead of being published, the offending snippet is "held for moderation".
Simple logic should then tell you which part of the sentence is the "nasty bit".
Reposting with the offending bits rephrased, or removed, will avoid the spambot.
The techdirt folks do not respond to inquiries about this, so the post testing was necessary to appease my own curiosity.
---
[ link to this | view in chronology ]
Re: Re: This is quite strange
[ link to this | view in chronology ]
Re: Re: This is quite strange
The post in question was a response to:
Anonymous BOFH, Nov 20th, 2015 @ 12:44pm
So you want everyone to build there own email server?
[ link to this | view in chronology ]
automated take-downs R Us
As I said, the techies at techdirt will not respond to inquiries about this process - probably because it is censorship and techdirt prides itself on its openness.
However, because it is a "bot", it could actually be something as silly as the fact that your handle contains the letters "c y a n" and the word "cyanide" might be listed in the bot - for whatever reason - as offending.
If this post is held for moderation, that will be a clue. :)
---
[ link to this | view in chronology ]
Re: automated take-downs R Us
But it wasn't.
---
[ link to this | view in chronology ]
Re: Re: automated take-downs R Us
Since they do not discuss this aspect of the site, it is unlikely we will ever know.
Good luck.
----
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Well, no, actually... not really.
Because eventually the imprisoned text is published - usually the following monday - in my case anyways.
Its more of a "naughty, naughty, slap your fingers" kinda thing as far as I can fathom.
Or, its just a silly bot that nobody can be bothered to remove, that was long ago used to prevent foul language, religious slurs, or sexual innuendoes from reaching the eyes of the unwashed masses. A ghost in the machine.
As I said, because the rulers of techdirt are struck dumb and type-less by any mention of this anomaly, we are unlikely to ever know the actual cause, or learn how to avoid it.
---
[ link to this | view in chronology ]
Gmail Customer service Number
Sometimes I face issue in my Gmail account.If you want to recover issue then you can vist here for clear your all issue that's you are facing in your Gmail account.
[ link to this | view in chronology ]