Giter Club home page Giter Club logo

gmail-spamfilters-paypal-security-messages's Introduction

If Paypal can't get past Gmail's Spam filter, then who can?

Using Google GSuite for business and PayPal for business.

After adding a new user to the account, I got this (the email was expected, but the fact that it's marked as Spam is not):

Screenshot showing Gmail classifying a PayPal security notification as Spam

Explanation

I don't trust Gmail's Spam filter, it has created many false positives for me in the past (including putting people's invoices into Spam so they didn't get paid).

That's why I've disabled it by creating a filter that prevents anything going to Spam.

In the above we can see that, had I not done that, an important security message from Paypal (connected straight to my bank account) would have gone to Spam.

If Paypal's security team can't reliably send email to Gmail users, then who can?

Update: Google's response

A few hours after I posted this on Hacker News, I got contacted by a member of Google's G Suite Security team, leading to the eventual explanation:

Our analysts are taking a look, it seems there was nothing wrong on Paypal's end or your domain configuration. They have already deployed a short-term fix for this issue, you should not have this issue specifically with paypal again. We're still looking into whether we can use this to improve the quality of our filters in general.

Response timeline

  • 2019-02-07
    • I create this repo and Hacker News post
    • a few hours later, I get an email from a member of the G Suite Security team, asking whether I approve investigating this and whether I can provide details (I do)
  • 2019-02-08
    • I am told that it's an issue on Google's side, and that they have rolled out a short-term fix specific to Paypal

While the issue is annoying and I don't know what the state of a full solution to this type of problem on their side is, the response time, time-to-workaround, and general communication in this were impressive.

Update: Gmail spamfilters Stripe as well

On 2019-03-31, the same happened to an equally legitimate security notification from Stripe, when I tried to log into my Stripe account.

Gmail tells me that the only reason the email didn't go to Spam is because I disabled its Spam filter.

Screenshot showing Gmail classifying a Stripe security notification as Spam

You can see the sanitised email headers in stripe-headers.txt if you want to analyse them.

gmail-spamfilters-paypal-security-messages's People

Contributors

nh2 avatar

Watchers

Kris Rott avatar James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.