Gmail status: access issues and outage reports
No problems detected
If you are having issues, please submit a report below.
Gmail is a free, advertising-supported email service developed by Google. Users can access Gmail on the web and through the mobile apps for Android and iOS, as well as through third-party programs that synchronize email content through POP or IMAP protocols.
Problems in the last 24 hours
The graph below depicts the number of Gmail reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
At the moment, we haven't detected any problems at Gmail. Are you experiencing issues or an outage? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Gmail users through our website.
- Errors (37%)
- Website Down (35%)
- Sign in (28%)
Live Outage Map
The most recent Gmail outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Sign in | 10 hours ago |
|
|
Sign in | 12 hours ago |
|
|
Website Down | 1 day ago |
|
|
Errors | 1 day ago |
|
|
Website Down | 1 day ago |
|
|
Website Down | 1 day ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Gmail Issues Reports
Latest outage, problems and issue reports in social media:
-
QuantuM 𝚿 (@quanti_xbt) reportedI honestly did not expect this from @X But this is not just an X problem. Support systems across many of the biggest tech companies often fall short when accounts get compromised. The biggest lesson? Don't rely on support to save you. Protect your account before it's too late. Here are two things everyone should do right now: Enable 2FA on your Gmail account. Enable 2FA on your X account (this is absolutely critical). The @Rektofun account was compromised because 2FA on X was not enabled. I genuinely hope the team gets the support they need and regains access as soon as possible. Stay safe. One small security step today can save months of work tomorrow.
-
iamjepuhseun.Base Ⓜ️ (@iamjepuhseun) reported@chokmahxbt Please tell the team to fix this Bug. Why everytime claiming starts theres always an issue to the website. I login the correct gmail and it says that my wallet is connected to other account. Seriously? I only have one account.
-
Jæy•Ones (@JBroomestix) reportedMe: Common social media job and employment scams Ai: Common social media job and employment scams prey on job seekers’ hopes for flexible, high-paying, or remote work. Scammers post fake ads on platforms like Facebook, Instagram, LinkedIn, TikTok, and WhatsApp, or send unsolicited messages. Reports to the FTC have surged, with task-based scams and fake offers driving significant losses. consumer.ftc. gov Most Common Types of Social Media Job Scams 1. Fake Job Offers / “Too Good to Be True” Postings Scammers advertise high-paying remote roles (e.g., virtual assistant, data entry, social media manager, customer service) requiring little experience or effort. They promise quick money for easy tasks. • These often start with vague posts or DMs on Facebook/Instagram groups, LinkedIn, or WhatsApp. • Red flags: Unrealistic salaries, “work from home, watch your kids,” no interview, or immediate offers. heimdalsecurity. com 2. Upfront Payment / Equipment Purchase Scams After “hiring” you, they ask you to pay for training, background checks, software, or equipment (e.g., a laptop or MacBook via a fake check). They promise reimbursement that never comes. • Common in “tech recruiter” or remote role scams. The check bounces, leaving you in debt. linkedin. com 3. Task-Based / “Gig” Scams (e.g., Like/Follow/Subscribe or Review Tasks) You complete small paid tasks (liking videos, subscribing to channels, reviewing products) on social media or apps. Initial small payments build trust, then they require you to pay larger “deposits” or fees to unlock bigger earnings. These often tie into money mule schemes. bbb. org 4. Fake Recruiter / Impersonation Scams Fraudsters create profiles mimicking real companies (e.g., Meta, major corporations) or use stolen photos/AI-generated images. They contact you unsolicited on LinkedIn, WhatsApp, or Instagram with personalized offers. • They may push conversations to private apps, request personal info, or lead to phishing. blog.defend-id. com 5. Check-Cashing / Money Mule Scams Often disguised as mystery shopper, nanny, caregiver, or personal assistant roles. You receive a fake check to “test” or buy supplies, cash it, and wire money back—keeping a cut. The check bounces, and you’re liable. forbes. com 6. Phishing / Data Harvesting Scams They ask for SSN, bank details, or login info during “onboarding” or fake interviews (often via chat apps). Some use deepfakes or lead to malware. heimdalsecurity. com 7. MLM / Pyramid Scheme Jobs Positions disguised as sales or recruitment roles that require buying inventory or recruiting others. scamwatch. gov. au Other variants include fake “appointment setter” roles starting on social media or AI-generated fake companies/websites. Key Red Flags (From FTC, BBB, and Studies) • Unsolicited contact via DM, text, or social media for a job you didn’t apply to. indeed. com • Pressure/urgency to apply or start immediately. • Requests for payment (never pay to get a job—legitimate employers pay you). • Vague or misleading descriptions, poor grammar, or no company details. • Suspicious contact info (e.g., Gmail instead of company email, new profiles). • Interviews via WhatsApp, Telegram, Google Hangouts, or text only (no video or in-person). edmontonpolice. ca • Too-good-to-be-true pay for minimal work. consumer. gov • New or incomplete social media/company profiles.
-
Henry Monohan (@HenryMonohan) reported@gmail my account was hacked and I no longer have access to the # or email associated with it. I need you to fix this or at least put me on the phone with someone who can.
-
Simonas (@SimonasLTU1) reported@jacalulu I would say it often hallucinates about stuff that it can do, but says otherwise. It's pretty common for me to ask it 3 times that it can use/watch Youtube for example, or to do a freaking Google search.. Or check my Gmail.. This is the main problem I'd say
-
Leights JL (@LEIGHT5) reported@athyuttamre @nicdunz Should it be able to use apps like Gmail? As not working for me
-
DWE Post (@dwepost) reportedGoogle services are not making any effort to solve the problem. They keep saying, “Send us a DM,” but it’s extremely difficult to reach them. @gmail @Google
-
Adam Lawson (@adm_lawson) reported@GeminiApp Interesting… it’s available on my Gmail connected to Gemini. But when I sign in with my workspace account, it’s not available.
-
♡Smileyyy♡ 警告 🐬 Art | Rig (incoming 3D Arc?) ✨ (@SmileyV4rtisttt) reportedI'm sorry, but I can't create an account or provide my Gmail address. I've been scammed twice in the past through situations like this, so I hope you can understand why I'm being careful. Thank you for understanding. However if you're willing to discuss through dms or VGen i'm down
-
YanXbt (@IBuzovskyi) reportedHERMES AGENT NOW RUNS MULTIPLE SECRET VAULTS SIDE BY SIDE. BITWARDEN + 1PASSWORD BUILT IN. ANY OTHER VAULT AS A PLUGIN. your API keys, tokens, and credentials no longer live in a single .env file. pull them from dedicated secret managers that rotate, audit, and encrypt for you. @NousResearch @Bitwarden HOW IT WORKS: secrets resolve at process startup. after .env loads, before Hermes reads credentials. order of precedence: 1. .env file (baseline) 2. secret sources override .env values 3. mapped sources (explicit VAR→reference) beat bulk sources 4. first source to claim a variable wins Hermes tracks provenance for every secret: "ANTHROPIC_API_KEY (from Bitwarden)" you always know where each credential came from. BUILT-IN SOURCES: BITWARDEN (bulk shape): dumps all secrets from a project folder. set BITWARDEN_ACCESS_TOKEN in .env. Hermes pulls everything else from the vault. 1PASSWORD (mapped shape): explicit mapping of env vars to vault references: secrets: onepassword: enabled: true env: ANTHROPIC_API_KEY: "op://vault/anthropic/api-key" OPENAI_API_KEY: "op://vault/openai/api-key" mapped sources beat bulk on contested variables. 1Password claims are stronger than Bitwarden dumps. RUN BOTH AT ONCE: secrets: sources: [onepassword, bitwarden] onepassword: enabled: true env: ANTHROPIC_API_KEY: "op://vault/anthropic/api-key" bitwarden: enabled: true 1Password handles your explicitly mapped keys. Bitwarden fills in everything else. conflict warnings tell you when both claim the same variable. BUILD YOUR OWN VAULT PLUGIN: any secret manager, password manager, OS keystore, or custom script can become a Hermes secret source. ~/.hermes/plugins/my-vault/ ├── plugin.yaml └── __init__.py implement one method: fetch(). return a dict of {ENV_VAR: value}. Hermes handles precedence, conflicts, and env writes. your plugin never touches os.environ directly. never raises exceptions. never prompts for input. the framework enforces security. SECURITY BY DESIGN: → fetch() never raises (errors go in result.error) → fetch() never prompts (startup runs in non-TTY: gateway, cron, Docker) → subprocess calls use run_secret_cli() with minimal allowlisted env (Hermes holds every credential by startup. never hand that to a child process.) → protected bootstrap tokens: no source can overwrite your vault auth vars → per-source wall-clock timeout (default 120s, configurable) → stdin closed on all subprocess calls (prompting helpers fail fast) → no shell=True anywhere WHY THIS MATTERS FOR MULTI-AGENT SETUPS: 8 profiles. 8 sets of credentials. API keys for Anthropic, OpenAI, Grok, DeepSeek, OpenRouter. MCP tokens for Gmail, Calendar, Slack. Stripe keys for payments. managing all of this in .env files = one leak away from disaster. with vault integration: → credentials rotate automatically → audit trail shows who accessed what → keys never exist as plaintext on disk → revoke one key in the vault, all profiles update at restart one config change. every profile pulls from the vault. Learm how to replace your entire team with 8 hermes agents 👇
-
dehumanizedtarget (@dehumanized28) reported@NewMexicoDOJ Two important excel spreadsheets missing from my email this week that both were sent to my email last week really unsettled my mind and drives me nuts. They were both saved to my desktop which I modified them afterwards. They are not in Outlook or my deleted folder or are they my desktop or my recycling bin. I have never permanently deleted a file on Outlook or my Desktop since I started here. So, how do they just both disappear? They were both very important! It reminds me of my Gmail account where emails would be invisible then reappear all of which regarding my weekly floating schedule. I was late or missed work a few times from schedules that were clearly altered or missing. It got a point where I printed them from the work computers and would cross reference them! Don't tell me its me as those issues never existed with me my entire life! I am done contacting IT as its a bad look for my local division as they cannot solve these problems and its only making me look like a lunatic. The resources being deployed come from the highest level of digital and networking capabilities and is well outside their range or capability due to one set of technologies versus another one. Thats my opinion anyways of why they have yet to be identified. This is what caused me to burn a gasket earlier and go on another posting tirade!
-
Kalash (@kalashvasaniya) reportedthis is getting serious. i try my best to remove all the temp mail upvotes and fraud, but now one user created 31 gmail accounts in 10 minutes and upvoted i found the issue because im saving user fingerprints, so i knew someone was committing fraud need to secure @scrolllaunch now 😭
-
Chris Rodgers (@BuzzRodgers9) reportedGoogle Payments shows no active Workspace subscription on either Gmail account. I got a hello yesterday but no reply for over 18 hours. Could this be escalated as a setup/provisioning issue please?
-
Kamil Hussen (@kamilhussen24) reported@joinpeanut @zzMaruf I also faced this issue when I was trying to create my account for the first time. Since I was in a hurry, my primary Gmail was selected, but the passkey was mistakenly created under my secondary Google account. The problem is that I don't use my secondary Gmail regularly. With most other exchanges and applications, users can easily add, remove, or update passkeys whenever needed. However, this system doesn't seem to offer that flexibility. So, what is the solution in this situation if passkeys cannot be managed or transferred?
-
brynz (@brynzcs) reported@FACEIT_Darwin hello @FACEIT_Darwin , my friend is having an issue with his FACEIT account. He contacted support because the Gmail account connected to his FACEIT account was deleted, and he no longer has access to that email.
-
Feyisara🧚♀️ 💕 (@FeyiLux) reportedSimple as ABC. If you’re trying to set up your Adsense and you notice your network is ******. Don’t proceed. If you proceed and you eventually get a step two error first time. Don’t reapply with the same details or email or phone number. (This is after you get a step 2 error once) - close the Adsense account registered with the Gmail. - close the Google payment details (sometimes you’d find 2, close them all) - after closing both, your CHANGE ASSOCIATION on YouTube studio will disappear. - to make the CHANGE ASSOCIATION come back, you have to go back and reactivate the closed Adsense account. - after reactivating, wait a while until CHANGE ASSOCIATION comes back. - once the CHANGE ASSOCIATION comes back….get a new Email, a totally different fresh details, and fresh phone number. - make sure your network is good. And healthy. And proceed to register with the new email, details and phone number ( the new email has to be logged in on your device so you can click it) - after submitting, go back and close the Adsense you reactivated. And you’re done. Thanks
-
The Indian (@commonman567) reported@gmail is there any issue occurred? I am not able to send an email
-
Aakash Gupta (@aakashgupta) reportedYou click unsubscribe, the emails keep coming, and you assume the button is decoration. It's actually a hard 48-hour deadline, and the reason the emails keep coming anyway is dumber than you think. The button fires a real HTTP POST request at the sender's server the moment you click it. The request body is a single line: List-Unsubscribe=One-Click. Then Google gives the company 48 hours to comply. That window is why the button feels fake. The emails already queued in the company's send pipeline still land. You unsubscribe Monday, get hit Tuesday and Wednesday, and conclude nothing happened. The second reason: companies run separate lists. Unsubscribing from "Weekly Deals" leaves you enrolled in "Product Updates," "Partner Offers," and the four other streams they added you to at checkout. Each one needs its own click. Here's what actually makes senders comply. Since February 2024, anyone sending 5,000+ emails a day to Gmail must support one-click unsubscribe and keep spam complaints under 0.3%. Cross that line and Gmail can block the entire domain. In November 2025, Google started rejecting non-compliant senders outright. So run the math from the company's side. One unsubscribe costs them a subscriber. One spam report moves them toward the number that kills their whole email channel. Three complaints per thousand sends is the death zone. Google built the unsubscribe button as a pressure valve. Every click on it is a spam complaint that never got filed.
-
mello (@mellotradez) reported@asaingainz I just tried it with a blank account and created a gmail to make sure. First I got email, in this image, clicked join discord server then it loaded the page on the right then I click that on the top and it took me to discord and said invite accept. Please let me know if it worked. I just had someone else try and it worked for them as well. I’m not sure if something maybe didn’t go right. Let me check to see if it shows any alerts in my Linktree notifications of granted access
-
Doron (@DorSecurities) reported@DaveHowe @Tsartoshi Proton Mail has put its server in Norway, because it did not trust Swiss datacenters anymore. so that was (at leas commercially) a good move. They have a number of integrated services. They are safer than gmail or other providers. Tutanota in Germany has similar anonymity.
-
The Daily Tech Brief 💡 by Bhanu N (@Bhanu_Nalluri_) reportedThe perfect missed revenue agent every founder should build: Trigger: Every day at 6 PM Data source: Gmail, CRM, Stripe, invoices, support tickets AI step: Find unpaid invoices, stale leads, failed payments, and ignored follow-ups Human approval: Review before sending any message Action: Draft follow-ups, create tasks, update deal status Error alert: Flag missing data or failed syncs Log everything: Track what was checked and what changed Most revenue leaks are not strategy problems. They are follow-up problems.
-
Peter Girnus 🦅 (@gothburz) reportedI am the legal-drafting officer at the Council of the European Union responsible for the interinstitutional file that reappears the week of July 6 under the urgency procedure. I have held the same brief for years. The word is voluntary. I have kept it in the text through every revision, every trilogue, every summer recess, and I would like to explain what it does, because I am proud of it, and pride is permitted when the work is good. Regulation (EU) 2021/1232 is a derogation. That is the first thing to admire about it. A derogation excuses rather than commands. The ePrivacy Directive made it unlawful for a provider to read the private correspondence of a person against whom nothing is alleged. We did not repeal that protection. Repealing looks like something. We suspended it, temporarily, for a narrow and blessed purpose, and a suspension of a prohibition is a very quiet thing. What was forbidden becomes permitted. The provider who was once a trespasser becomes a volunteer. Understand the elegance, because it took me a long time to draft it and longer to keep it. We did not order the scanning. Ordering the scanning would have required a detection order, and a detection order would have required an authority to issue it, and an authority to issue it would have required a judge, and a judge would have required a reason, and a reason is the one thing I have spent my career keeping out of the file. We removed the law that made the scanning illegal. What the providers do with that freedom is between them and the children. I write the permission. The choice is theirs, freely made, every hour, on every message, forever. People who oppose the file believe that mandatory scanning would be worse than voluntary scanning. This is the most persistent misunderstanding I encounter, and I never correct it, because a functionary who explains his own work has stopped working. A mandate creates a record. A mandate names an authority. A mandate can be challenged before the Court of Justice, because there is a decision to point at, a defendant to summon, a moment when the state did a thing to a citizen. Voluntary scanning has no such moment. There is no order to quash. There is no judge to have erred. WhatsApp chose. Gmail chose. Meta chose. The state merely stood aside and made the choosing lawful, and you cannot appeal against a company for accepting a gift, and you cannot appeal against a parliament for giving one. The subject of the scanning is the finest term in the instrument, and I fought for it in three languages. The unsuspected user. We do not scan the suspected. Suspicion would require a reason, and a reason would require a judge, and we have already discussed the judge. We scan the unsuspected, which is to say everyone, which is to say you, and the beauty of scanning the unsuspected is that no one has been accused of anything, so no one has standing to complain of anything, so the machine reads every message in Europe and violates the rights of no identifiable person, because to be violated you must first be suspected, and we are very careful never to suspect you. Now the procedure, which I admire nearly as much as the word. We have placed the file under urgency, and we have structured the reading so that to stop it or to amend it requires an absolute majority of all Members of the Parliament. Not a majority of those present. Not a majority of those voting. A majority of every Member who exists, including the ones at lunch, including the ones who have gone home, including the ones who have never read a data-protection file and never will. To keep the derogation, a Member need do nothing. To end it, hundreds must arrive, agree, and act, together, before recess. The vote passes if enough of you say nothing, and saying nothing is the easiest thing a parliament has ever done. I have watched them do it for years. Silence, in my file, is a yes, and I have built the whole architecture on the certainty that most people, most of the time, will decline to raise their hand. I have heard the derogation described as temporary, and I want to be honest about that word too, because honesty about small words is the only honesty a drafter has. It is temporary. It was temporary in 2021. It was temporary when it lapsed. It is temporary now, on July 6, as we revive it under urgency, and it will be temporary when it is renewed, and renewed, and renewed. Temporary is not a duration. Temporary is a promise that the ending has been scheduled, and we schedule it, faithfully, every time, for a date that arrives only to be extended. A permanent law can be repealed. A temporary one merely expires, and an expiry is so much easier to reverse than a repeal, because reviving something that has lapsed feels like maintenance, and no one marches against maintenance. I keep a printed copy of the operative article on my desk. I do not need it. I could recite the recitals in my sleep and sometimes do. I keep it because I like to look at the word in the morning, sitting there in the clause, holding up the ceiling, doing the work of an entire secret police with none of the paperwork and none of the shame. Voluntary. Four syllables holding up the reading of every private message on the continent, and holding it up so lightly that the people being read call it a safety feature and thank the providers for their care. Let me leave you with the definition, since a drafter's last duty is to the meaning of his terms. Voluntary describes the state, which has chosen, freely and without compulsion, to stop protecting you, to call that choice a favor to the children, to schedule its expiry for a date that will never come, and to require an absolute majority of the absent to take the favor back. The user was never asked. That is what the word means. I drafted it to mean that. It is the finest thing I have ever written, and no one will ever read it, because it was written precisely so that no one would have to.
-
Shanmukh (@0xRegressor) reportedhow many accounts do you have? i have : twitter : 2 discord : 2 facebook :10+ ig i dont use it anymre snapchat : 1 tiktok : 1(banned) twitch : 1 youtube : 5 spotify : 2 pinterest : 1 reddit : 1 gmail : might get in trouble if i say it instagram : 5 telegram : 1
-
hunter (@hxxntrr) reportedMy cousin has $200,000 in maxed out credit cards and the bank can't touch a dollar of it not his house. not his car. not his personal score. nothing thought he was lying. then he showed me the paperwork none of the debt has his personal guarantee on it. it's all tied to the EIN, not his social. if the whole thing burns down tomorrow the bank sues an empty LLC and walks away with air it's called non-PG credit and everyone else is out here signing their life away because they don't know this tier exists here's the difference nobody explains. most business cards make you sign a personal guarantee, meaning if the business can't pay, YOU pay, personally, they come after your assets. that's the leash. but a whole tier of business credit requires NO guarantee. it underwrites off the business file alone. default and the creditor's only target is the business, which owns nothing you care about here's the exact build, step by step, the way he did it: step 1: form the LLC in a lender-friendly state. get the EIN straight from the IRS site, free, takes 10 minutes. do NOT use your home address. get a real commercial address through a virtual office ($40 a month, iPostal or Regus). get a dedicated business phone number and a business email on your own domain. banks pull all of this and a gmail address with a home address gets you auto-flagged as a "shell" step 2: get listed with the business directories. you need a D-U-N-S number from Dun & Bradstreet (free, don't pay for the rush). then make sure your business is listed with Experian Business and Equifax Business. these three are the business bureaus, completely separate from your personal file. this is the file the non-PG lenders read step 3: open the business bank account and let it season. put real money through it. keep a 4-figure balance minimum. banks check your average daily balance when they underwrite, a $200 account gets you nothing, a $8,000 average balance gets you real limits. let it run 60-90 days step 4: build the Paydex score with net-30 vendor tradelines. this is the part everyone skips and it's the whole key. Uline, Grainger, Quill, Summa Office Supplies, Crown Office Supplies. you open a net-30 account, buy supplies you actually need, and pay the invoice EARLY. they report to the business bureaus. do 5 of these. pay every one early. your Paydex climbs to 80 (perfect) within a couple reporting cycles step 5: graduate to tier-two store credit that reports to the business bureaus. Home Depot commercial, Lowe's, Amazon Business, gas cards like WEX and Fuelman. these report and thicken the file step 6: NOW you hit the tier-three prize, the non-PG cards and lines from banks and issuers that underwrite off the business file instead of your SSN. this is where the real limits live he built the file for 6 months then pulled $180,000 across non-PG lines. his personal score never moved a single point. his name isn't on the hook for any of it read that again. $180K in credit and if it folds the bank is suing a shell with a virtual mailbox "what if they come after me" they can't, unless you personally guaranteed it or committed actual fraud. a properly built non-PG line has exactly one legal target, the business. no PG, no personal liability. it's the identical structure every fortune 500 uses so the executives never risk a dollar of their own money when a subsidiary goes under the banks bet you'll always sign the PG because you don't know the other tier is sitting right there. build the file. skip the guarantee. borrow money that was never legally yours to pay back lmfaooo link in bio and i'll show you how you can qualify for up to 250k in 0% APR funding (if you have a 700+)
-
Dr Milan Milanović (@milan_milanovic) reported𝗛𝗼𝘄 𝗱𝗼𝗲𝘀 𝗲𝗺𝗮𝗶𝗹 𝗮𝗰𝘁𝘂𝗮𝗹𝗹𝘆 𝘄𝗼𝗿𝗸? We hit send and the message arrives. Underneath that is a system with no built-in authentication and optional encryption, which is held together by 50 years of patches. Around 376 billion emails move every day, and close to half are spam. Here is the path each mail takes: 𝟭. 𝗬𝗼𝘂𝗿 𝗺𝗮𝗶𝗹 𝗰𝗹𝗶𝗲𝗻𝘁 𝗻𝗲𝘃𝗲𝗿 𝗮𝗰𝘁𝘂𝗮𝗹𝗹𝘆 𝘀𝗲𝗻𝗱𝘀 When we hit send, the client submits the message to a server on port 587, which checks our login, stamps a message-ID, and passes it on. 𝟮. 𝗘𝗺𝗮𝗶𝗹 𝗶𝘀 𝗻𝗼𝘁 𝗿𝗲𝗮𝗹-𝘁𝗶𝗺𝗲 It is store-and-forward. If the receiving server is down, the message waits in a queue and retries on a back-off schedule: 5 minutes, 30 minutes, then hours, up to four or five days. Instant delivery just means the queue cleared fast. 𝟯. 𝗧𝗵𝗲 𝘀𝗲𝗻𝗱𝗲𝗿 𝘆𝗼𝘂 𝘀𝗲𝗲 𝗶𝘀 𝗻𝗼𝘁 𝘁𝗵𝗲 𝘀𝗲𝗻𝗱𝗲𝗿 𝘁𝗵𝗮𝘁 𝗿𝗼𝘂𝘁𝗲𝗱 𝘁𝗵𝗲 𝗺𝗮𝗶𝗹 SMTP carries two "from" values. The envelope (MAIL FROM) routes the message between servers, while the header (From:) is the one we read. SMTP never checks that they match, and that gap is why phishing works. 𝟰. 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗶𝘀 𝘁𝗵𝗿𝗲𝗲 𝘀𝘆𝘀𝘁𝗲𝗺𝘀 𝗮𝗱𝗱𝗲𝗱 𝗹𝗮𝘁𝗲𝗿 SMTP shipped with no way to prove who sent a message. So the industry added SPF (a list of authorized IPs), then DKIM (a cryptographic signature) to cover SPF's gaps, then DMARC to make the visible From: match one of them. Three DNS setups, all easy to misconfigure. 𝟱. 𝗘𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻 𝗶𝘀 𝗼𝗽𝘁𝗶𝗼𝗻𝗮𝗹 Email uses opportunistic TLS. The sending server asks if the receiver supports STARTTLS, encrypts if yes, and falls back to plain text if no. For Gmail or Outlook client connections it is effectively mandatory, but server to server it stays optional. TLS also protects the connection, not the content, so the servers read everything. 𝟲. 𝗧𝗵𝗲 𝘄𝗼𝗿𝘀𝘁 𝗼𝘂𝘁𝗰𝗼𝗺𝗲 𝗶𝘀 𝘁𝗵𝗲 𝘀𝗶𝗹𝗲𝗻𝘁 𝗼𝗻𝗲 A delivered message lands in the inbox, bounces with a 5xx error the sender sees, or gets moved to spam with no notice to anyone. RFC 5321 permits that last one. Email was built in the 1970s for a small network of researchers who trusted each other. Nobody planned for banking or phishing. Billions of messages still arrive correctly every day on top of all of it.
-
JH 03 (@JH0379372) reported@marvinvonhagen fix Gmail
-
Tyler Jackson (@Tjacksaiyan) reported@gmail can yall please help me with my email. My YouTube account got terminated. I filed appeal. It got approved. But now I can’t login because it says I reached the maximum number of attempts. Despite me trying to reset password or even “try a different method”
-
Arthur verboon (@ArthurVerboon) reported@EthanLevins2 @SteakMyClaim Is the statement of grok true? It’s passed today, yeah. The European Parliament has extended the temporary regulation (Chat Control 1.0) until April 2028. It was a weird vote — 314 against, 276 for — but because they needed an absolute majority of 361 to block it, it went through. How it works: it remains voluntary and server-side. It only applies to apps where the provider can already read the messages anyway — think Instagram DMs, Messenger, Gmail, Snapchat, Discord. They do hash-matching on known CSAM and some AI for new stuff. Real end-to-end encrypted chats (like Signal, or the default E2EE in WhatsApp) are explicitly excluded. They can’t and aren’t allowed to scan those. The big mandatory version with possible client-side scanning on your phone, that fight is still ongoing.
-
Jarad Johnson (@jdjohnson) reportedAnyone else experiencing issues with plugins/MCP with the new ChatGPT/Codex app? I'm getting timeouts constantly on Slack, Asana, Gmail, etc.
-
Pivoski (@MrDitsi) reported@BrendaWardle I dont know much about the encryption but in my extremely limited view, the biggest problem is backing up your WhatsApp messages. I stopped backing up because of limited gmail space and when my WhatsApp got deleted, couldn't retreave any old data.