So I’ve been getting fraud email from @gmail users lately (ironically purporting to be @yahoo users). I simply made sure I had the header information and I forwarded the entire message with a brief “please investigate” message at the top to their “abuse” team.
I expected Google, like most companies, to parse my email with an automated system and send some sort of generic response. Alas, instead I was given the following answer:
Hello,
Thank you for the abuse report. To help us process your request quickly,
please fill out the form specific to your situation.– If you believe that your account may have been compromised, please
visit: https://services.google.com/inquiry/gmail_security1– To report a message that violates the Gmail Terms of Use or Program
Policies, please visit:
https://services.google.com/inquiry/gmail_security2– To report an established account for sale, please visit:
https://services.google.com/inquiry/gmail_security3– To report all other security and/or abuse-related issues, please visit:
https://services.google.com/inquiry/gmail_security4WHAT HAPPENS WHEN YOU REPORT ABUSE?
Reports entered through the form are given our highest priority. Google
takes abuse situations like this very seriously. As appropriate, we may
warn users or discontinue Gmail service for the account(s) in question.
For privacy and security reasons, we may not reveal the final outcome of
an abuse case to the person who reported it. To read the Gmail Terms of
Use, please visit: http://gmail.google.com/gmail/help/terms_of_use.html.If your issue is not related to abuse, you may want to visit our Help
Center at http://gmail.google.com/support/, or by clicking ‘Help’ at the
top of any Gmail page within your account.We appreciate the urgent nature of your message, and thank you for your
cooperation.Sincerely,
The Google Team
Sincere indeed. Perhaps instead of “To help us process your request quickly” they should have been honest and just said “Ooops, you sent us an email but we don’t know how to handle it. Mind if you put all the information from your email into a web form for us?”
Perhaps instead of the “form letter” (pun intended) we should create a shim that takes email input and submits to their form automatically. Now that would process requests quickly. What’s the rate limiting factor that Google assumes? 10 submits in an hour? 100? Let’s say hypothetically that I’m a security administrator for a large enterprise and I want to pursue all the fraud originating from their servers. Do they really expect me to have my staff manually enter every message into a little form? Their current method makes it such a pain to report fraud that I wonder if I’ll be seeing more and more @gmail abuse in the near future.
Incidentally, I filled out the form and did not receive any confirmation of receipt. Perhaps that comes after they have a human review the submission…since a form is also not immune from data integrity issues.
UPDATE: Google’s response above was emailed to me as #60445059 “Fw: Subject”. I just received another response from them, two days later, as #60655802 “Account Status”. What are the chances that they crossed their wires and I was sent the response for someone else’s ticket. Or maybe 210,743 other tickets really went through their system in the time it took to be resolved? They kindly report that “You can also help stop these individuals by sending a copy of such unlawful messages to the Federal Trade Commission at spam@uce.gov.” Nice. Does that mean they want users to actually forward a copy themselves because Google requires a form instead of a copy? Oh, the irony.