The default tracking domain for Google Apps users was listed as “deceptive” by Google over the weekend
Posted: Wed Dec 11, 2024 3:41 am
The default tracking domain that GMass uses for open-tracking, click-tracking, and the unsubscribe link for Google Apps users, gm.ag, was deemed suspicious by Google for a period of about 36 hours this past weekend. The domain has since been cleared and is now functioning properly, but there are some points to consider.
On Friday morning, May 27, several users reported that the domain gm.ag, was redirecting to a phishing warning page that looks like:
For GMass Google Apps users, gm.ag is the domain that is greece phone number resource used inside your email campaigns to make open tracking, click tracking, and the unsubscribe link work. A different domain is used for regular Gmail accounts, so this particular issue only applies to Google Apps Users.
What does this mean?
It means that during the time that Google had gm.ag listed as suspicious, some links to gm.ag would take the recipient to the “Deceptive site ahead” page above instead of the actual URL. For GMass users, that means that links in email campaigns that have been click-tracked and unsubscribe links may result in your recipient being taken to this page instead of the intended page. From the “Deceptive site ahead” page, the user does have the option to proceed to go to the final URL.
The issue was temporary, and Google removed gm.ag from the suspect list as of Saturday evening May 28.
As soon as we became aware of the issue, we took two steps:
We disabled the redirects from gm.ag to the specific phishing site in question and reported the corrective action to Google.
We switched the default tracking domain for Google Apps users
Why did this happen?
It happened because a single user, a phisher, used GMass to sending a scammy email, and activated click-tracking to obfuscate the destination URL. The destination URL, which Google determined was a phishing site, has since been removed from the Internet.
Why did GMass allow this phisher to use GMass?
GMass is not a traditional Email Service Provider like MailChimp or JangoMail, where a team of people approves and rejects accounts based on the user’s information. GMass is a fully automated system, and we intentionally do not police our users because:
We rely on Gmail’s own spam detection mechanisms to terminate users that are abusing GMass, and therefore abusing Gmail.
We could never build a better abuse detection system than Gmail already has. Gmail has been doing this for much longer than we have and has access to much more data than we do to make decisions as to whether accounts are legitimate or abusive.
On Friday morning, May 27, several users reported that the domain gm.ag, was redirecting to a phishing warning page that looks like:
For GMass Google Apps users, gm.ag is the domain that is greece phone number resource used inside your email campaigns to make open tracking, click tracking, and the unsubscribe link work. A different domain is used for regular Gmail accounts, so this particular issue only applies to Google Apps Users.
What does this mean?
It means that during the time that Google had gm.ag listed as suspicious, some links to gm.ag would take the recipient to the “Deceptive site ahead” page above instead of the actual URL. For GMass users, that means that links in email campaigns that have been click-tracked and unsubscribe links may result in your recipient being taken to this page instead of the intended page. From the “Deceptive site ahead” page, the user does have the option to proceed to go to the final URL.
The issue was temporary, and Google removed gm.ag from the suspect list as of Saturday evening May 28.
As soon as we became aware of the issue, we took two steps:
We disabled the redirects from gm.ag to the specific phishing site in question and reported the corrective action to Google.
We switched the default tracking domain for Google Apps users
Why did this happen?
It happened because a single user, a phisher, used GMass to sending a scammy email, and activated click-tracking to obfuscate the destination URL. The destination URL, which Google determined was a phishing site, has since been removed from the Internet.
Why did GMass allow this phisher to use GMass?
GMass is not a traditional Email Service Provider like MailChimp or JangoMail, where a team of people approves and rejects accounts based on the user’s information. GMass is a fully automated system, and we intentionally do not police our users because:
We rely on Gmail’s own spam detection mechanisms to terminate users that are abusing GMass, and therefore abusing Gmail.
We could never build a better abuse detection system than Gmail already has. Gmail has been doing this for much longer than we have and has access to much more data than we do to make decisions as to whether accounts are legitimate or abusive.