Something seriously wrong with Sundar Pichai's and Sergey Brin's programmers at Google
Is Google going downhill?
Sundar Pichai and Sergey Brin,
What is wrong with your guys? I suspect they have nothing to do so they are now trying to ‘improve’ on their email servers to control spam with gobbledygook code. What they are trying to implement is utter rubbish.
I wrote my own eCommerce shopping cart, in PHP, that sends out invoices by email to my customers. While I was testing it out, Google blacklisted my email addresses hosted by gmail and Google Apps / Suite. It appears that they also informed Yahoo to blacklist my email addresses that are generated from my eCommerce shopping cart too. Google said that my emails were spoof. I quote them as shown in the picture below:-
“Be careful with this message
This may be a spoofed message. The message claims to have been sent from your account, but Gmail couldn’t verify the actual source. Avoid clicking links or replying with sensitive information, unless you are sure you actually sent this message. (No need to reset your password, the real sender does not actually have access to your account!)”
Aiyoo, how stupid can they get to claim that I am spoofing myself? I wonder how many idiots there are working in Google? This problem was not created by me but rather it is a bug in Roundcube and Horde webmail which is provided by cPanel. Why does Google blacklist my email addresses when it is Roundcube and Horde's fault?
Google Blocks Back Links
You know, Google knows everything about us. If you have a back link from one of your websites to another, Google knows that you are the owner of both websites and does not take into consideration that particular backlink and your SEO will not improve however many backlinks you place on your website from other websites you own.
So, if Google is that smart how come they did not know that I am the owner of all the email addresses I use when testing to check that my products are working properly? This shows that Google is not that smart, right? Worse still there are many small time developers that need to test out whether their shopping carts work properly. And the only way to do this is to send emails to yourself, right? It just goes to show how inexperienced and uneducated Google’s programmers are.
Did you notice in the image below, Google claims I have sent out too many emails and henced they have blocked my email addresses. I only test about 10 emails a day so how can that be 'too many emails sent out' over the last few weeks to the same address? Spammers send emails out to a variety of email addresses and not to the same address.
And I noticed other problems that were highlighted by hosting tech support. For some reason it got my email address spelt wrongly - 'peterr' instead of 'peter'. Shocking that this is happening on the email severs.
The emails I send out
There are only 3 types of messages that I send out when I am testing my products. They are: -
1. "Body of Message Here"
2. The message below with variation on dates and time
Hi, This message is automatically generated by ppContactForm software during installation and was created on 2022/08/26 Fri 01:15:44 We do hope you have successfully set up the SMTP configuration. If you could not get the correct settings please do contact your hosting services tech support for the correct server and port settings.
Best regards,
ppContactForm
2022/08/26 Fri 01:15:44
3. And
This third message is in HTML using tables, column and rows so that the information on items purchased is lined up properly under its own heading. Since I had to use HTML I decided to send a small banner so that the customer knows it is from me about his purchases.
Do they look spammy or spoofed? So where is the spam or spoof in all my emails? They know that I am the owner of the sender and receiver email addresses but deny it. Did I ever complain to Google that the emails are spam or spoofed or phishing or . . . etc? No.
Now just look at how many spam emails I receive every month which Google has not blocked. Get the picture?
Google’s attempt at blocking spam
It is laughable that people who do not know what to do end up ‘improving’ their systems. What do they say “Idle hands are a devil’s workshop”? That is what is happening in Google.
According to Google
Google has come out with 3 new records:-
1. SPF: Specifies the servers and domains that are authorized to send email on behalf of your organization.
2. DKIM: Adds a digital signature to every outgoing message, which lets receiving servers verify the message actually came from your organization.
3. DMARC: Lets you tell receiving servers what to do with outgoing messages from your organization that don’t pass SPF or DKIM.
Really? Why are all these extra records added for us developers to deal with?
Blocking spam or spoofing
The only way you can block spam or spoofing is :-
1. This is what I have been doing for years. My “Contact Us” form always sends an email back to the person who filled up my Contact Us form. This is to confirm his email address is genuine and he had filled up my Contact Us form. If his email address is fictitious, which is what spammers provide, then he will not receive any email for him to click on the link and whatever he filled up will be deleted after two weeks of no response. Only when he clicks on the link sent to him, which confirms he is genuine, will I be informed of the email and can respond to him. I am not the only one doing this, 'The Economist' and many others are doing this.
2. Do what PayPal is doing. When a payment request is sent to PayPal from my website, PayPal sends back the details to me to confirm I sent out the payment request. If I did not, my backend will reject the payment request. Simple system and effective. Nobody can pretend it is me by sending out spam payment requests, in my name, as my backend will reject them. This is because PayPal knows my backend URL which was set earlier at the point of registration.
Similarly, all email systems should send out a changing hidden code as part of the email. That is the hidden code changes with every email sent out. Let us say Bill sends an email to Tom but Bill claims he is Dick and sends a spoofed email using Dicks email address. When Tom receives the email, he thinks that it was Dick that sent it. If Bill’s email server has a hidden code, probably some base 64 encoded information, then when Tom’s server receives this code, it can send it back to Dick to confirm it as Dick’s email address was used. If Dick does not respond within a few minutes or rejects the code as not his, then Tom’s email server does not send the email to Tom.
We don't have to change the email issuing programs, like Contact Us forms and eCommerce shopping carts. It is the email server that needs to incorporate the hidden code and verify the received hidden codes.
No spam and no spoofing. Brilliant, right?
Horde & Roundcube webmail
Actually, if they fix the bugs in Horde and Roundcube webmail they can be excellent products. This is simply because both of them do not use Two Step Verification or OAuth 2.0. I found flaws in AOuth 2.0 and Chrome browser bypassed OAuth 2.0. Eventually, the Two Step Verification will be quietly broken by third parties because it did not protect or work for me. Worse still, this is dangerous as it gives a false sense of security to everyone. To me "no security" is better than a false sense of security. The best security is using SSL as in https:// and long passwords. Please see my article on long passwords that will take millions of years to crack. (I am in the process of changing web hosting companies so some of my websites may not be up and running during Sept 2022.)
Problems with Roundcube and Horde
The main problems with Horde and Roundcube is that they never get the sender's email address correct and they are unable to send a 'CC' copy to someone else and there is no 'Reply-To:' field. These are serious problems. In general the sender's name and email address is wrongly set as the receiver's name and email address.
And both of them are unable to have headers that specify From:, To: and Reply-To: correctly.
I wrote to Roundcube staff and they told me that the wrong email addressing is not created by Roundcube (and Horde) as theirs is an email client software. It's not involved in sending and receiving the messages which can cause my email server to be blacklisted. The real fix can only be done by the email server software. - 16th September 2022.
What is wrong with Google
Google is making a mess of my business by blacklisting my emails as spam or spoofed when they are genuine test emails to debug my eCommerce cart and get it running smoothly. The fault is in improper email server installation or buggy software. My email server is located on a different site from my website so there is a lot of testing required to check everything works properly. I think its been about a month of testing and moving website hosting companies to find a webmail that works correctly and to test my eCommerce shopping cart. What a waste of time and money. Honestly, I have never been so frustrated in my life with hosting companies and with Google.
If you want to know more about my work please checkout my article.
- Dr. Peter Achutha, 12th September 2022
Please do show me your appreciation of this article by Buying me a coffee.
And do get the "I Won" t-shirt
|