Coincidence? Surely Google knows this is a legitimate company.
It’s more likely that Ente is:
- Not jumping through one of the myriad hoops Gmail has put up to not be marked spam/dangerous.
- Sending email from an IP address that has been included in a blacklist for whatever reason.
- Or actually is sending malicious emails.
All those hoops with their market share make it poisonous to the whole E-Mail space, same as Outlook. And despite that, 90% of spam i receive is from a random Gmail adress still. I strongly recommend ditching Gmail for a paid provider, better for your privacy too.
For the few things I can’t change, gmail is filtering 99% of the actual spam. Only got a handful of emails that actually went through the filter.
I’m part of the Ente team. Thanks for letting us know. I’ve passed this along.
This might help too:
https://support.google.com/a/answer/81126?hl=en
There’s a “Requirements for all senders” that’s got a note:
Starting February 1, 2024, all senders who send email to Gmail accounts must meet the requirements in this section.
Seeing lots of wrong answers here, though I can’t guarantee I’ll be any more accurate. But I have a feeling this has to do with how ente.io’s email egress is set up.
They have three email origins provided (all from Zoho): Zoho, ZCsend, and TransMail. I would expect that Zoho is for support and business email, ZCsend is for marketing, and TransMail handles transactional emails such as billing and password resets. That said, I only see a domain key for Zoho attached to their ente.io domain. This means when Gmail’s SMTP servers might not be able to successfully authenticate the email’s origin if it’s sent through ZCsend or TransMail, leading them to take the default action of marking spam for an unauthenticated marketing-/phishing-esque email.
TL;DR Google most likely isn’t doing this intentionally, but rather ente.io’s email service might not be configured the best and Gmail is unable to distinguish it from what it considers spam as a result.
“ente Verification Code” also looks like a misspelling of “Enter Verification Code”. Might also be tripping something up.
Honestly virtually all verification mail lands in spam on most free providers.
And it’s no wonder. Try running your own server sending these mails before you judge. My company needs to put a lot of work into this.
Why?
Because spam is rampant. So in return, anti-spam filters are extremely strict. And there’s dozens and dozens and dozens of hoops to jump, and holding one leg just a tiny bit wrong immediately gets you spam filtered everywhere.
You might think “This sucks, just don’t block as much!”, but you’re not seeing the thousands of mails that never even reach your spam folder because the server-to-server traffic already blocks them and they don’t make it through that. The percentage blocked is crazy. Spam is that bad.
Yes. And spam filters aren’t hand picked and written. Haven’t been for a few decades. They’re learning and statistical.
Like another comment said, the mails are hitting some traffic rules and having correlations in their text with phishing scams or something that pushes their score to the negative enough to “warn the user” level but not enough to file as spam or reject completely.
Also, even if “Google knows it’s a legitimate company”, it’s somewhere between stupidly hard and impossible to tell if an email came from that company. And again, nobody would keep a hand curated list of “legitimate companies” and their email for an ever growing list of companies. Even if that was possible to do.
Of course it’s possible to do. We’ve already done it for physical mail.
If (enormous if) the EU or FTC cared to issue a digital signing certificate to legally registered companies then this would basically solve the problem of trust. Now it’d be up to the government to deal with fraud cases, which would be much more manageable since spam offenders would necessarily have a uniquely identifiable certificate with a literal physical address attached (yes, fraud exists there, but the barrier to entry is orders of magnitude higher).
Plain SMTP’s trust model is broken but only legislative apathy enables Google to position themselves as the internet watchdog/bouncer.
When worked at Google I remember hearing a rumor from the GMail team that more than half of all messages are rejected early in the pipeline before even running the main spam filter. As in the majority of attempts to send mail to Google users is so obviously spam that it doesn’t even end up in the Spam folder. What does land in your spam folder is a tiny fraction of all spam.
People understand how bad spam is.
I wonder how much more profitable would it be for the spam mail centers to just switch over to mining crypto
Not a lot at all, as you can run a spam mail center on a potato. People underestimate how power-/hardware-inefficient crypto really is, and how that alone already makes it unusable for banking at large.
Spam = ads.
It’s also scams, malware, and data mining.
Gotta throw away the whole Google