Sunday, September 06, 2009

Death of email part XI: forwarded emails with big red phishing warnings

I own a few domains, including a Google Apps domain we use for our family [1]. My immediate family members, excluding Kateva (canid), have calendars and emails in the family domain. Overall, it works pretty well. It pounds Apple's warped MobileMe into the sand. Savagely.

For reasons that aren't worth trying to describe, I've used an email redirector for some of these accounts. This is forwarding at the domain level, not forwarding from an email account.

This used to work pretty well, but when I tested it on a new account two problems appeared:
  1. It was filtered to Google spam.
  2. A BIG RED PHISHING warning appeared when I opened the email.
I was able to correct this by marking it as 'not spam' and 'not phishing' (the UI for the latter is a bit non-obvious, I had to follow the help link in the phishing notice).

This is a great example of the tech churn meme I wrote of yesterday. Email is in a troubled state as it painfully moves from the old world of the naive net to the new world of authenticated messaging [2].

This redirect mechanism is clearly not going to work, perhaps because the redirecting domain has been used by spammers in forged email headers [3].

Ouch. This is definitely a problem. I have some workaround ideas, but this will be a bugger to test since Google doesn't talk much about what it's doing.


[1] Free edition. If google drops the price on their small business product I'd upgrade to get some customer support options.
[2] One reason people like facebook messaging is that it's deeply authenticated.
[3] The curse of old, private, domains. Mine is very old. There's no defense against such forgery. See also two 2006 posts about a related problem (this isn't new)

No comments: