Jump to content

Gmail spam false positive

Gmail spam false positive

Its good to receive a mail when a staff promotes a user to translator but Gmail tells to most users that the message is a spam which is a false positive.

Gmail tells to most users that this message is a spam which is not
Cigaryno (talk)13:45, 15 July 2022

It is not false positive: the mail is actually sent directly by TWN, but its "From:" address is not from TWN as actually specified; that indeicated sender has an email address outside the translatewiki.net domain. Google just says that it cannot check the indicated origin (and thatemail was not forwarded first by a valid mail server on the domain of the indicated author). There's no way for TWN to obfuscate that sender's domain, so everything is sent by TWN itself.

My opinion is that the TWN web server should send its emails using its own SMTP servers, but but not pretend that this is on behalf of someone else, without adding additional metadata, just like what mailing lists do: this allows ayuthenticating the actual source (TWN itself), giving a verified address for abuse requests, that TWN adds some addiotnal signatures to secure their domain and declare their outgoing SMTP server (not jut their SMTP server for incoming mails), and then adds relevant data identifying the user for which it acts on behalf, and that it shuold be digitally signed with the domain of TWN's sending SMTP server.

Technically SMTP outgiong servers used by TWN are quite basic. And they are not correctly authentified, so anyone could as well be using fake origins, pretending that this comes from TWN (if its outgoing SMTP server IP addresses are not properly registerd and secured in their domain) and then with faked "From:", "Reply-To", or "X-Forwarded-To:" headers. For this reason, Google is right with this message: it cannot verify at all that this messages was coming from Abeejit (whose email address is on Gmail, and Google can easily check that the message was NEVER sent from Abijeet's email provider and has never transited through Gmail, the onlyj thing it can check is that it comes from translatewiki.net domain, that attempts to impersonate itself as someone else that is NOT in their own domain)

In my opinion, TWNB should use a specific email address created implicitly on @translate.wikinet for every TWN user account, and use it (and should use also an address such as abuse@translatewiki.net for abuse reports (it could use any other email address if it provides and secures it publicly on their domain data, but that administrative mail MUST be managed: it should never have a mailbox full, and valid reports must be acted rapidly, otherwise it will also be blacklisted; this requires some permanent administrator to handle those requests at least once a week, and not let them cumulate over months.

But as you are new on TWN, you can act yourself in your Gmail interface: use the "This is not spam" feature, so that you instruct Gmail to accept such mail as an exception, and you can empower thatsetting by sending a reply to that mail after yuo've placed it back to your normal mailbox, and click the button to consider this mail as important; then archive it in yoru mailbox. Your Gmail account will then remember that you accept these emails (it may take some time with enough emails accepted by your from TWN, so that Gmail will ignore that default check: you've made the check yourself (note that whitelisting Abijeet's email address will have no effect: Abijeet's email is still protected by Gmail so that no one can impersonate him)

Verdy p (talk)09:19, 16 July 2022