Gmail Takes A Sledgehammer To The Techdirt Daily Newsletter When Not Even A Scalpel Is Needed
from the all-the-links! dept
As several subscribers to our Techdirt Daily Newsletter have pointed out to us, Thursday morning’s edition was flagged by Gmail with the following warning:
“Be careful with this message. It contains links to websites hosting malware.”
Of course, being a collection of the previous day’s Techdirt posts, the Techdirt Daily email contains many, many links. Also, as it is something of a Techdirt policy to not spread malware to our readers, our writers are generally careful about the sites they link to in their posts. So, trying to track down which link might be to a site Google deems suspicious seemed daunting. But it turns out we didn’t have to look any further than the third post to figure out what happened, the title of which conveniently contains the word “malware.” Within that post, Tim Cushing included the domain name of a site that has been known in the past to distribute malware (in addition to squatting on a domain using the Electronic Frontier Foundation’s name). It appears Google took that unlinked mention of the domain name as Techdirt carelessly endangering the digital lives of our newsletter subscribers, and stepped in to protect those subscribed via Gmail by throwing up the scary red warning banner and squashing every link in the email (even the unsubscribe link!).
While it’s nice that Google tries to look out for its users by preventing them from inadvertently downloading malware, their approach is a bit over the top. First, if Google can detect which links in an email may be hazardous, why not just unlink or censor those particular links? And, in this case, the “link” in question didn’t even exist. Google should be able to detect that and realize that no, we’re not sending our readers to their doom. It seems obvious that Google should be able to handle this type of thing in a much more sophisticated way — and you’d think that it would want to do so. People trust Google and many people use its products, and when it makes mistakes like this, it can cause real reputational harm.
Comments on “Gmail Takes A Sledgehammer To The Techdirt Daily Newsletter When Not Even A Scalpel Is Needed”
people still use gmail??
Set up your own email server: http://www.iredmail.com
Stop supporting the beast.
Re: people still use gmail??
sweet..
thanks! I am one of those dumbfucks still using gmail.
But I have been wanting to move off for a while just lack the ‘motivation’ to do so.
Re: Re: people still use gmail??
“still using gmail”?
the only dumbfuck is you lol, most use it. grow a brain retard
Re: Re: Re: people still use gmail??
Most? Of the several dozen people I exchange email with regularly, only one uses gmail.
(But using gmail doesn’t make you a dumbfuck.)
Re: people still use gmail??
Like I have a choice?
I signed up for YouTube; a GMail account came with it. I did NOT get an option to decline. (A G+ account also came with it but that’s another story.)
I have an employer provided smart phone. In order to use Google Play I have to have a GMail account or I can’t download even the freebies. And it’s still prompting me for credit card information which I haven’t (and still don’t intend to) provide.
Now I’m thinking of subscribing to the email newsletter and sending it to one of the GMail accounts just to spite them.
Re: Re: people still use gmail??
Google account =/= Gmail account. Last I checked you can use all of Google’s services without opening a Gmail account, although you do have to link it to another e-mail account (and I don’t know if it works with all e-mail providers or only some).
Re: people still use gmail??
You do realize the skills required in signing up for a Gmail account and setting up your own email server are radically different?
I use Google Apps for my biz. Not perfect, but it works.
Re: people still use gmail??
NSA already hacked that free one years ago so gmail is no worse or better than your own mail server
Re: people still use gmail??
This needs you to set up your own email server, which requires a static IP.
No, a dynamic one won’t work properly. If your IP changes, you will lose messages until the nameserver updates (depending on the retry). Why risk it?
I ran my own server for years, I’m glad to use gmail. I just link my domains mx records to gmail, and it works great. What’s wrong with it?
It does 99% of what I want.
Re: Re: people still use gmail??
“This needs you to set up your own email server, which requires a static IP.”
It’s easier with a static IP, certainly, but you can make it work reliably with a dynamic one.
Re: Re: people still use gmail??
I’ve not used this, but I’ve run mailservers for years on a dynamic IP. You point it at your ISP’s mailserver (“Smarthost”) or contract with another server out there. Sendmail, exim, and postfix (and I expect iRedMail) can all handle this easily. It’s very nice to have the power to configure it to your specific taste.
Re: people still use gmail??
that page is full off ads, pain in the ass.
Gmail is a third-rate mail service, at best
Google does many things quite well. Gmail is not one of them. (Google Groups is worse. Much worse.) It has not yet descended to the depths of Yahoo and AOL and Hotmail (or whatever Microsoft is calling it this week) but it should not be used by people who are serious about their email.
[citation: a guy who has been running email servers of all shapes, sizes, and purposes for 35 years]
Oh, and: you can bet everything you have that it (along with the others I mentioned) have long since been completely backdoored, via legal compulsion or other means. Every government on this planet wants that data, and they will get it even if they have to kill for it.
Re: Gmail has been great as my domain email provider
I have a short domain, and the amount of spam it got (probably from people using it as a random spam address, and from dictionary attacks) made my email unusable. Thousands of spams per day. My ISPs anti-spam services were crap. I switched to gmail as my provider (back when it was a free service, essentially Gmail, but at my domain) and Poof!, massive, massive improvements. My domain is now functional for email rather than a liability. I’ve been damn happy with Google’s email processing.
Re: Re: Gmail has been great as my domain email provider
I’m sure you are (happy). But then again you’re an email user, not at email operator. Those of us who actually run mail services — and are good at it — see all kinds of problems with Gmail that are invisible to you. Oh, they still affect you — you’re just not aware of them.
I suggest that you peruse the archives of the “mailop” list for starters, for a glimpse at the tip of the iceberg of those. Then consider that the view you’ll gain from that is only a tiny fraction of the whole and extrapolate how big the problems really are.
Don’t get me wrong, I’m glad it works for you. That’s happy. But it really IS a third-rate service.
Better safe than sorry...
I don’t have a problem with this. An email looking to bypass malware filtering could (and some do) say to cut and paste the link. You don’t need a “http://www.” header for a “hostname.com” address to work when you cut and pasted into a browser.
I’m all for gmail warning me about malware. TechDirt should be glad gmail just labeled the email an allowed it through rather allowed the email through rather than routing it to a spam folder.
Re: An email looking to bypass malware filtering could (and some do) say to cut and paste the link.
Only this one didn’t.
Re: Better safe than sorry...
On the one hand… for malware, false positives are better than false negatives … if you are also given the option/method “I know what I’m doing, do this anyway”.
OTOH, if a false positive sends the email into a triage bin which you have to access in a particular direct way, that’s not at all good.
Example: My thunderbird client downloads from a server ultimately run by (I think) microsoft. Items in the “junk” bin were not getting downloaded, so I could not see them to unflag them. Had to use the web client to access the account “directly”, to unflag them. Also discovered a flag controlling that behavior. … which also required the web interface to set.
Re: Better safe than sorry...
Although its an error on Gmail’s part, its the value that matters more it was looking out in my best interest. Its just a matter of time, before Gmail will magically learn this problem and fix it. It learns everyday. 😉
Come on, you already know the answer to this: because they have no way of magically detecting “this link is harmful” with perfect accuracy. But if they find a link that does match a known-harmful site, it’s very reasonable to assume as a heuristic, even if said heuristic is not always correct, that other links in the email may well point to sites that are harmful even if Google does not know that they are harmful.
Having said that,
…yeah, that’s kind of silly.
” if Google can detect which links in an email may be hazardous, why not just unlink or censor those particular links?”
Hello? You’re seriously suggesting gmail modify the recipient’s email to say what they think it ought to say?? Modifying the sender’s copyrighted content? Hello? Hello? Censoring? Unlinking? What if their automated editing is w-r-o-n-g about some sites? What is some sites find a problem and fix it but gmail presents the email recipient with a removed link? Hello? Anybody in?
Isn’t this site up in arms about ISPs fiddling with delivered content (eg inserting Javascript for ads/warnings/whatever). And now you’re suggesting the same trick (modifying content) in email?
Re: Re:
They did modify the email. We would have appreciated it if they modified it (much) less.
Re: Re: Re:
No, they really didn’t modify the email. They added context to it, which in the circumstances wasn’t warranted.
Personally, I appreciate their method. Nothing was censored (the original email came through as intended), but a warning header was added.
The email contained a link to a site known to host malware and phishing documents. I’d rather their heuristic catch this and warn me than not catch it the next time someone sends out a modified daily email where the links go to phishing sites instead of the legitimate sites.
The fact that it wasn’t an active link doesn’t really matter either; real phishing mails often handle things in a similar way.
The only real fail here was that they didn’t remove the malicious classification when the site got taken down. Yes, Google SafeBrowsing still has the site listed as malicious — as a result, a number of other domain blacklists have also been (temporarily) blocking the domain. As of this post, it appears only Google is still doing so; everyone else can see that there’s nothing bad there now.
Re: Re: Re: Re:
No, they really didn’t modify the email.
Yes, they did. They unlinked links. That’s modification.
They added context to it, which in the circumstances wasn’t warranted.
They did that too. And, at the very least, they could have been more direct in that as well — letting users know WHICH URLs were the concerning ones, which would have cleared up some of the confusion.
Re: Re: Re:2 Re:
Yeah, but keep in mind that they have to protect the dumb users, not the ones with half a brain.
two main issues with Google
1) trying to get in touch
2) trying to speak to someone
it thinks it is the dogs danglies and can do whatever it wants while at the same time ignoring things when it gets them wrong, which basically happens on a daily basis. if it were a bit less interested in money and a bit more interested in giving a good service, this sort of problem wouldn’t arise!
Re: Re:
You obviously do not understand the scale of Google services, and the number of people who use those services. The only way Google can deal with things is by software. Further Google uses the amount of noise raised on social media, and some blogs as a filter to select problems that they should look at. They cannot afford to do anything else.
Re: Re: Re:
Bullshit. Scale is irrelevant. It’s been a mandatory requirement for DECADES that, for example, postmaster@ traffic be received and replied to. Every competent, diligent operation on this planet does that. Google should too: if necessary, they should hire 500 people and organize them into rotating 7×24 multilingual teams. That’s what professionals/b> would do — but what Google has done is to throw up its hands and whine about how oh so hard and terribly difficult it is. Which is, as I said, bullshit.
Never build something bigger than you can run. If you can’t handle it: turn it off and step aside, make way for those who are superior to you.
Re: Re: Re: Re:
How many thousand million users do Google have?
How much are you prepared to pay for customer service?
How good is your ISP’s customer service? They have a smaller user base to look after than Google and you pay them for service.
Google offer free services, (actually financed by advertising) on a take it or leave it basis.
You do not get the scale Google’s user base, Gmail has 900 million users, so 500 people is not even a start on the size of a customer service team needed to provide a human response to problems.
Re: Re: Re: Re:
Mandatory, but often ignored. There’s plenty of mailservers out there that roundfile all mail sent to postmaster. Thank the spammers for deluging them, filling them full of crap.
So you want everyone to build there own email server?
Having dealt with spam from mail servers run by clueless people for 25 years, let me just say NO !!! DON’T BUILD YOUR OWN EMAIL SERVER UNLESS YOU KNOW WHAT YOUR DOING!!!
99.5 of the people that use the internet these days are clueless F#@&s. I do NOT want them building email servers. The servers will become spambots, or worse.
Re: So you want everyone to build there own email server?
Sure, yet a lot of the spam I get comes from gmail users. How ’bout that? You’d think something as big as Google could police their spammer problem, yes? It’s not that simple. Spammers are the Internet’s cancer, explosive destructive growth any time you close your eyes for a couple of winks.
I don’t blame Google for this. I blame the assholes who sell spamming services to clueless users (“get rich quick!”).
Re: So you want everyone to build there own email server?
No one has to build an email server. There are plenty of service providers one can rent a server from. I use one, it’s not expensive. All one needs is a domain name, and the service provider sets up the email server for you, and looks after the security.
People seem to have forgotten that, that’s how we used to do it before HotMail and browser based email clients.
Linking to a local email client, via POP or IMAP is trivial, and certainly no more difficult than setting up a Gmail or Hot mail or Yahoo account.
Obviously this is payback from Google now that Masnick has abandoned his role as GOOGLE SHILL!!!1!1!
I don’t use gmail. Hillary runs my server.
Re: Re:
I considered it until I found out she doesn’t know how to ensure deleted emails stay deleted.
Re: Re: Re:
Hey, her server was more secure than the State Dept.’s own server. Weird, yes, and I despise the bitch, but you’ve gotta give her that.
DUH!
If you send out an email with a link to a malware site, and you did, and google warns people that your email contains links to malware sites . . . . what exactly is your beef?
Re: DUH!
Umm, they didn’t and hence their complaint.
Re: Re: Actually, they kind of did
“Within that post, Tim Cushing included the domain name of a site that has been known in the past to distribute malware”
So the email contained a post that included the hostname.com of a malware site. It was not encoded as a clickable hypertext link, but a domain name is, essentially, a plaintext link. And spam emails do sometimes include plain text URLs, telling people to cut and paste the URL into a browser. Thus Google was entirely in the right to warn people about a malware link in an email, though specificity would be nice, too.
If I have to choose between Google warning me about malware URLs in my email and not warning me, I’m gonna choose warning me. And TechDirt admits that the domain was hosting malware, so the warning was accurate.
Re: Re: Re: Actually, they kind of did
If I have to choose between Google warning me about malware URLs in my email and not warning me, I’m gonna choose warning me. And TechDirt admits that the domain was hosting malware, so the warning was accurate.
The site was no longer hosting malware — as the story noted. The story was about how the domain was taken away from the malware distributor.
Re: Re: Re:2 Actually, they kind of did
True, but for a time it was. I’m sure now that the EFF actually own it they can go ahead and remove it from their blacklist, but expecting that to happen automatically is a bit much, don’t you think?
If an email contains a reference to a blacklisted url, that’s a valid metric to use in marking the email as potentially dangerous.
False positives happen. It’s not the end of the world.
Re: DUH!
Let me re-word that for you:
They found one bad link, so they disabled every link. All it would’ve taken was a “ping -c 1 $IP_ADDRESS”
Maybe that’s in the next version.
Welcome to nanny-net
Why is a similar banner not displayed on every Google Search page???
“Be careful when using this website, it may display links to sites that host malware”
Re: Welcome to nanny-net
Because they display warnings in-line beside the links themselves, or sometimes just filter them out. After all, the results page is Google-generated content; they can do what they want with it. Email, on the other hand, they wrap a warning around but don’t touch, because it’s not theirs to touch.
Nanny-net would be if they “made everything safe” for you, and you never saw the stuff they thought might be bad for you.
Re: Welcome to nanny-net
If you use Chrome, you’ll get that warning if you attempt to visit a site that has been flagged as a malware distributor.
This is a good thing.
Re: Re: Welcome to nanny-net
Well yeah, if you’re foolish enough to still be running Microsoft software. Maybe Apple too; I don’t know since I’ve been running Linux & *BSD since ca. ’93.
I’ve never felt the need to use Chrome. YMMV.
skynet hates techdirt?
for an AI this is a very intelligent approach.
Censoring and/or unlinking? Then people would complain about Google modifying their emails… which is a far more serious breach of trust.
Google are doing the proper approach. They’re warning users that you refer to malware in your post without modifying the content without the sender’s knowledge, but simply adding a warning for the non-tech-savvy. And while you may argue they modified “the email”, they did not modify the actual “content”, but merely added a warning.
All your proposed options would open much worse can of worms.
Re: Re:
Though I agree their warning message is misleading.
Re: Re:
Censoring and/or unlinking? Then people would complain about Google modifying their emails… which is a far more serious breach of trust.
Google are doing the proper approach.
Uh, the point is they were ALREADY unlinking, but unlinking much more than necessary.
All your proposed options would open much worse can of worms.
By asking for less modification? How so?
I didn't see that message
Even though I use a gmail account for this site, I don’t log in to gmail in my browser.Instead Instead I use a local email client, which pulls my email down from the google server.
Re: I didn't see that message
Does it actually pull it down (eg. POP3) or access it (IMAP; cloud storage)?
Just rhetorical. Something you might like to consider. 🙂
Re: Re: I didn't see that message
POP3, but Google probably ignore the remove after 0 days and 0 hours instruction, I haven’t bothered checking. The account exists, for commenting online, so I can be somewhat anonymous, and not reveal my personal email account.
>Trusting Google
Don’t do that.
It’s amazing how many people wasted their time posting what they thought were thoughtful comments when in fact they were retarded comments because they didn’t read the article.
my email
I am trying to go to my email, at gmail, is it gone???
Re: my email
Are you looking for the techdirt newsletter in question? No, it shouldn’t be gone, but behaves as described above.
Or… Are you having some sort of trouble accessing your personal gmail account and having trouble doing that? Because there is no way any of us could know the state of your account.
(And no, the article does not imply in any way that anything happened to gmail servers or the google login servers.)
Or is this something else entirely?
Whiner
This is a worst practice in mail system engineering
“Attempting to scan content and classify links” is a known-failed tactic. Oh, sure, inexperienced people like the newbies at Gmail do it, but it’s incredibly stupid.
Thus the problem here isn’t that they did it and got it wrong, the problem is that they did it.
Of course, as everyone should know, the idiots running Gmail not only do quite a very things very poorly, but they are too arrogant to pay any attention to those of us with vastly superior knowledge. They continue to insist on their way despite the fact that we see it fail — all day, every day.
Not that the ignorant and inferior people using Gmail will admit this, of course: they’ll just blunder along and bleat like the little sheep they are about how spiffy it is, never stopping to consider that when the Internet’s senior email experts all concur…they’re probably not wrong.
Re: This is a worst practice in mail system engineering
OK, who’s been shaking the stereotype tree? Something just fell out of it.
Re: Re: This is a worst practice in mail system engineering
Yeah, my guess is they’ve never run an email server. Even for a single person box on a dynamic IP, there’s a lot of stuff to come up to speed on. For something like thousands, or tens of thousands, of users it gets real complicated fast when you’ve multiple versions of Microsoft and Apple and Linux/*BSD coming in using anything from beige box ‘386 through 64 bit or Android/iBauble.
Add in POPn, IMAP, clamav, procmail, personal taste, TLS, your ISP’s Smarthost wants you to connect using port $blah, and where do you stick your ISP password in what file to enable transmission, and which email server are you running (they all do it differently in frustrating, very educational ways)?
Life.
someone might have planted malware on your site. i’m under cyber attack and frequently hacked. see if it’s here
In conclusion...
Lets see if I got this right.
Techdirt posted the URL – in text form – of a site that used to deliver malware, but which no longer delivers malware, and Google altered the entire posting by adding a text header warning receivers of that posting that the content contained links to known malware delivery sites, and disabled all other links in the posting by deleting all the code from the posting that made those links active.
a. the link to the X-malware site was in text form, meaning nobody could inadvertently click on it and go to a malware delivery site. They would have to actively copy and paste the text into the browser address field and hit enter.
b. the site no longer delivers malware – the actual content of the article explains exactly that fact – so the header was 100% incorrect, warning receivers of the posting about something no longer in existence, and the text link was in no way a danger to anyone, whether it was an active link or not.
c. rather than delete/alter the offending text string that represented the X-malware site’s internet address, Google deleted the code that made all the other URLs in the post active links and left the offending text URL unchanged.
d. because they did not bother to identify the offending link to receivers of the posting, and did not alter that offending text in any way, receivers of the post were just as threatened by the inactive text link, as they would have been had Google done absolutely nothing.
I think that just about sums it all up.
I would have simply turned the inactive text address into an active link that took idiots who clicked on it, directly to Google’s “Learn More” application. Of course, that’s assuming that I was clueless about the fact that the site was no longer a threat.
—
This is quite strange
Sometimes I post stuff and it goes through immediately, Other days I post stuff and it gets held up with a “being checked for spam by Techdirt staff” message.
My email address hasn’t changed, so WTF?
Re: This is quite strange
I sometimes get the same thing.
Testing it by posting sequential snippets (repost the whole thing in sequential posts with just one sentence per post) tells me its a specific WORD, or PHRASE, which a spambot reacts to.
Everything gets published except the one snippet that contains either the word or phrase that the spambot is coded to react to.
Instead of being published, the offending snippet is “held for moderation”.
Simple logic should then tell you which part of the sentence is the “nasty bit”.
Reposting with the offending bits rephrased, or removed, will avoid the spambot.
The techdirt folks do not respond to inquiries about this, so the post testing was necessary to appease my own curiosity.
—
Re: Re: This is quite strange
The post you just responded to was one of those held for moderation posts. I fail to see anything spammy in it.
Re: Re: This is quite strange
Not only did they hold the message you responded to, but they are also holding my response to you, and no doubt will hold this additional response. But they are also still holding a post I made before I posted my “This is quite strange” post which started this thread.
The post in question was a response to:
Anonymous BOFH, Nov 20th, 2015 @ 12:44pm
So you want everyone to build there own email server?
automated take-downs R Us
As far as I can tell, its an automated process, and that depends on something like a data base of offending words and phrases that is probably hard coded in the wares.
As I said, the techies at techdirt will not respond to inquiries about this process – probably because it is censorship and techdirt prides itself on its openness.
However, because it is a “bot”, it could actually be something as silly as the fact that your handle contains the letters “c y a n” and the word “cyanide” might be listed in the bot – for whatever reason – as offending.
If this post is held for moderation, that will be a clue. 🙂
—
Re: automated take-downs R Us
“If this post is held for moderation, that will be a clue. 🙂“
But it wasn’t.
—
Re: Re: automated take-downs R Us
Perhaps it is not a bot and you pissed of a techdirt employee, or member of the inner circle with clout.
Since they do not discuss this aspect of the site, it is unlikely we will ever know.
Good luck.
—-
Sounds like a case of,”You give us money and we make it go away.”
Re: Re:
“Sounds like a case of,”You give us money and we make it go away.”“
Well, no, actually… not really.
Because eventually the imprisoned text is published – usually the following monday – in my case anyways.
Its more of a “naughty, naughty, slap your fingers” kinda thing as far as I can fathom.
Or, its just a silly bot that nobody can be bothered to remove, that was long ago used to prevent foul language, religious slurs, or sexual innuendoes from reaching the eyes of the unwashed masses. A ghost in the machine.
As I said, because the rulers of techdirt are struck dumb and type-less by any mention of this anomaly, we are unlikely to ever know the actual cause, or learn how to avoid it.
—
Gmail Customer service Number
Sometimes I face issue in my Gmail account.If you want to recover issue then you can vist here for clear your all issue that’s you are facing in your Gmail account.