Oh dear. Gmail misidentifies Adobe password reset message as spam

GmailOn Thursday, Adobe announced that hackers had broken into its systems, stealing some of its source code and stealing information on some 2.9 million customers.

Adobe's security team said that it was contacting customers via email to tell them how they can change their passwords, as well as sending letters to those who had credit card information exposed.

It's somewhat disappointing then to discover that Gmail, one of the world's most popular webmail providers, is mistakenly blocking Adobe's warning as spam.

Here's how the message, sent by Adobe Customer Care with the subject line "Important Password Reset Information", appears in Gmail's spam folder.

Adobe email warning

Google has added the (incorrect) warning that users should be cautious of the email:

Be careful with this message. Similar messages have been used to steal people's personal information. Unless you trust the sender, don't click on links or reply with personal information.

It's not clear quite why Gmail has mistaken this legitimate email from Adobe as spam, but clearly the Google service has misidentified it as an attempt to phish details from users.

Possibly a lot of Gmail users have received the message and mistakenly flagged it as spam, tricking Gmail's systems into believing that the message is bogus.

It's just speculation on my part, but I wonder if Gmail would have thought the email less suspicious if each message had been customised with the recipient's name in its body ("Dear Graham Cluley") rather than identical generic wording?

Of course, users *should* be wary of the email. And indeed *any* other email telling them to visit a webpage to reset their passwords. After all, there *are* plenty of phishing messages which might attempt to trick you like that.

But this wasn't one of them.

Gmail users who have accounts at Adobe might wish to check their "spam" folder, but if you can't be bothered to go hunting here is the link to reset your Adobe password: www.adobe.com/go/passwordreset

Tags: , , , ,

Subscribe to the free GCHQ newsletter

, , , ,

Leave a reply

11 Comments on "Oh dear. Gmail misidentifies Adobe password reset message as spam"

Notify of

Sort by:   newest | oldest | most voted
October 7, 2013 1:04 am

That's just what happens when you depend on automation…

You have to wait for something not to work so you can be notified then tweak it for certain items.

Dylan Hinde
October 7, 2013 7:35 am

What do you expect, if that message was sent 2.9 million
times then surely the Gmail systems would notice that? Can you not
blame google, most people check their spam folder anyway, and
besides, the lack of a name in the email led it to look a little

Dave Smythe
Dave Smythe
October 7, 2013 5:07 pm

Yes, lets blame Google because the uber-secure Adobe (can
you say Adobe vulns 5 times fast) sent a generic e-mail notifying
the world that they were compromised. Pleeeaaasssseeee. If they
can't secure their product, or their systems, why would
you think they would actually be able to send e-mail with any hint
of user security?

Pam Mastin
Pam Mastin
October 11, 2013 2:13 am

I think you're being a little reactionary. The
Geeks that Be are constantly encouraging computer users to beware
of any emails that look suspicious and I thought this one did, too,
until I did an online search. Give us a little break here, fella.
BTW, Gmail did not flag Adobe's email as spam for me.
Thank you.

Giovanni Gervasio
October 11, 2013 7:06 am

I received this message in Gmail, not tagged as spam, and immediately deleted it. It has all the marks of a phishing message. In my opinion Google did the right thing. Adobe ought to have contacted them in advance.

October 23, 2013 7:18 pm

It reads like a phising email, even contains a link to
reset my password, it doesn't address the reader by name.
I got one and tagged it as suspicious as it had arrived in an
account I only ever use for family

Morten Sørensen
November 26, 2013 5:41 pm

It looks likes the address to the password reset page is not clickable (not hiding another domain in the link), you have to copy and paste it.

Mike Nesbitt
Mike Nesbitt
October 11, 2013 4:29 pm

Adobe did it all wrong to begin with! They NEVER should
have included the link to the reset webpage in the first page. All
they should have done was ask the users to go to the Adobe web page
with a cut and page web address, not hotlinked.

October 21, 2013 10:44 pm

I found the email in one of my Gmail addresses today. I was suspicious because I use only Adobe Flash Player. Which has never asked for a password to the best of my recollection.

October 23, 2013 8:05 pm

In Google's defense, I was irritated when I first saw it in my inbox because I thought it was a phishing expedition and almost marked it as spam myself.

October 25, 2013 12:54 pm

Adobe should know better. They sent and email that looks exaxtly like the dozens of phishing emails we've all gotten.