GitHub notifications are suppressed as Phishing SPAM by Gmail

GitHub notifications sent to ed@willink.me.uk are not received once redirected to ed.willink@gmail.com.

Reconfiguring the redirector to tee the messages to ed@edwillink.plus.com as well confirms that the messages are sent and redirected but suppressed by Gmail but not by PlusNet.

Once the obscure Gmail Spam folder is examined, the messages are there and, after opening, the offence is diagnosed as Phishing, or rather a failure to diagnose not-phishing. Gmail could not verify that it actually came from github.com.

For test purposes I seem to have set my preferences to get very fine-grained m2e notifications. These are frequent and (?almost) all suppressed. Examining them there is a provocative tail such as:

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/eclipse-m2e/m2e-core/issues/249#issuecomment-1153311993", "url": "https://github.com/eclipse-m2e/m2e-core/issues/249#issuecomment-1153311993", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

which seems to be just a minor bloat; certainly as far as Thunderbird is concerned.

My initial suspicion was that this was treated as gibberish by the Spam filter, but now that I see that it's a phishing issue perhaps the github links after redirection crash the phishing detector.

In https://bugs.eclipse.org/bugs/show_bug.cgi?id=580140#c1 I caused the same tail to be sent as part of a Bugzilla message. It was successfully delivered to both email recipients.

Theory: the sent email has a sending-signature that enables the recipient to confirm that it is as signed by the original sender regardless of dodgy intermediaries. For the Bugzilla notification test, the provocative tail is part of the regular message and so causes no trouble to the Gmail phishing detector. For GitHub notification, perhaps the tail is added after the sending signature is computed and so Gmail fails to confirm it or fails to apply an appropriate phishing validation for the tail.

Bottom line: Gmail rejects github mesages despite 5 days of marking m2e messages as not-SPAM. It is bloat anyway. Please remove the provocative tail bloat.