Angry at Google Apps

ukgangster · 20 Oct 2009, 07:06 PM

Had a phishing attempt today on a Google apps domain I manage. The supposed message came from one the users, and on first look, it seemed authentic, expect I am the sole admin for that Google Apps account. Anyway, to warn other GApps admin, heres the text of the email:

Dear user of the xxxxx.xxxx mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox (xxxxx.xxx) settings were changed. In order to apply the new set of settings click on the following link:

http://xxxx.xxxx/owa/service_directo...x&fromname=xxx

Best regards, xxxxx.xxx Technical Support.

What annoys me most is that I have set a strict -spf record for the domain and Google Apps is the sole email provider for the affected domain, yet Google choose to ignore it and let it through as a legit email. Thats bad, they should have at least tagged it as spam or possible phishing attempt.

FMRocks · 21 Oct 2009, 07:48 AM

I'm not sure I understand the complaints. You don't want Google to let email through, if, for example, one of the users of your domain were to send an email to you using their email address in your domain but from their home computer's email client, using their ISP's SMTP? Because if Google were to block all the emails coming with your domain as the return address but not originating from Google Apps itself, that would be the result.

ukgangster · 21 Oct 2009, 05:38 PM

Quote:

Originally Posted by FMRocks

I'm not sure I understand the complaints. You don't want Google to let email through, if, for example, one of the users of your domain were to send an email to you using their email address in your domain but from their home computer's email client, using their ISP's SMTP? Because if Google were to block all the emails coming with your domain as the return address but not originating from Google Apps itself, that would be the result.

Ok, let me explain things more clearly:

There are 2 users in the G Apps account, myself and the one other. I have set up the other person's computer so her email is sent only through Google's SMTP, if not, she uses the webmail instead. So there are no other SMTP servers involved here, only Google's. We have had so many problems with self-spamming (i.e. where spam comes from your own email address), setting a strict -spf record seems to solve the problem and until now kept nearly all spam where it belongs - in the spam folder.

Surely Google would do a simple look up and see that, oops, this email is from User2 to User1 in XYDomain, but hang on, its not from Google Mail's servers according to the SPF, so label it spam or warn the user its a phishing attack? Otherwise the whole spf system would be a waste of time.

FMRocks · 21 Oct 2009, 06:10 PM

I certainly understand your point and your circumstance, but realistically, Google cannot be expected to let only SPF verified email through since other Google Apps (and other systems) users may use their ISP's SMTP servers to send email. If they implemented strict SPF verification the way you are asking for, a lot of legitimate mail will be going to spam. Now, they can set this up only for you I suppose, and only for your domain, but I don't think they will customize to that level.

By the way, do you have Google Apps Standard or Premier edition?

ukgangster · 22 Oct 2009, 02:25 AM

Quote:

Originally Posted by FMRocks

By the way, do you have Google Apps Standard or Premier edition?

Standard. I'll just have to accept things as they are, but I'm not too happy about it.

20 Oct 2009, 07:06 PM	#1
ukgangster Member Join Date: Jan 2009 Posts: 77	Angry at Google Apps Had a phishing attempt today on a Google apps domain I manage. The supposed message came from one the users, and on first look, it seemed authentic, expect I am the sole admin for that Google Apps account. Anyway, to warn other GApps admin, heres the text of the email: Dear user of the xxxxx.xxxx mailing service! We are informing you that because of the security upgrade of the mailing service your mailbox (xxxxx.xxx) settings were changed. In order to apply the new set of settings click on the following link: http://xxxx.xxxx/owa/service_directo...x&fromname=xxx Best regards, xxxxx.xxx Technical Support. What annoys me most is that I have set a strict -spf record for the domain and Google Apps is the sole email provider for the affected domain, yet Google choose to ignore it and let it through as a legit email. Thats bad, they should have at least tagged it as spam or possible phishing attempt.

21 Oct 2009, 07:48 AM	#2
FMRocks The "e" in e-mail Join Date: Sep 2002 Location: FM does NOT refer to Fastmail (anymore). Posts: 4,034	I'm not sure I understand the complaints. You don't want Google to let email through, if, for example, one of the users of your domain were to send an email to you using their email address in your domain but from their home computer's email client, using their ISP's SMTP? Because if Google were to block all the emails coming with your domain as the return address but not originating from Google Apps itself, that would be the result.

21 Oct 2009, 06:10 PM	#4
FMRocks The "e" in e-mail Join Date: Sep 2002 Location: FM does NOT refer to Fastmail (anymore). Posts: 4,034	I certainly understand your point and your circumstance, but realistically, Google cannot be expected to let only SPF verified email through since other Google Apps (and other systems) users may use their ISP's SMTP servers to send email. If they implemented strict SPF verification the way you are asking for, a lot of legitimate mail will be going to spam. Now, they can set this up only for you I suppose, and only for your domain, but I don't think they will customize to that level. By the way, do you have Google Apps Standard or Premier edition?