Yes. And spam filters aren’t hand picked and written. Haven’t been for a few decades. They’re learning and statistical.
Like another comment said, the mails are hitting some traffic rules and having correlations in their text with phishing scams or something that pushes their score to the negative enough to “warn the user” level but not enough to file as spam or reject completely.
Also, even if “Google knows it’s a legitimate company”, it’s somewhere between stupidly hard and impossible to tell if an email came from that company. And again, nobody would keep a hand curated list of “legitimate companies” and their email for an ever growing list of companies. Even if that was possible to do.
Of course it’s possible to do. We’ve already done it for physical mail.
If (enormous if) the EU or FTC cared to issue a digital signing certificate to legally registered companies then this would basically solve the problem of trust. Now it’d be up to the government to deal with fraud cases, which would be much more manageable since spam offenders would necessarily have a uniquely identifiable certificate with a literal physical address attached (yes, fraud exists there, but the barrier to entry is orders of magnitude higher).
Plain SMTP’s trust model is broken but only legislative apathy enables Google to position themselves as the internet watchdog/bouncer.
If their spam filter is “learning,” and if new signup verification emails are a consistent decades-old practice, how much longer should we wait before it’s okay to question whether Google’s filter could do better at learning?
Yes. And spam filters aren’t hand picked and written. Haven’t been for a few decades. They’re learning and statistical.
Like another comment said, the mails are hitting some traffic rules and having correlations in their text with phishing scams or something that pushes their score to the negative enough to “warn the user” level but not enough to file as spam or reject completely.
Also, even if “Google knows it’s a legitimate company”, it’s somewhere between stupidly hard and impossible to tell if an email came from that company. And again, nobody would keep a hand curated list of “legitimate companies” and their email for an ever growing list of companies. Even if that was possible to do.
Of course it’s possible to do. We’ve already done it for physical mail.
If (enormous if) the EU or FTC cared to issue a digital signing certificate to legally registered companies then this would basically solve the problem of trust. Now it’d be up to the government to deal with fraud cases, which would be much more manageable since spam offenders would necessarily have a uniquely identifiable certificate with a literal physical address attached (yes, fraud exists there, but the barrier to entry is orders of magnitude higher).
Plain SMTP’s trust model is broken but only legislative apathy enables Google to position themselves as the internet watchdog/bouncer.
If their spam filter is “learning,” and if new signup verification emails are a consistent decades-old practice, how much longer should we wait before it’s okay to question whether Google’s filter could do better at learning?