Gmail shows no warning as it delivers Spoofed Messages
It was revealed that Gmail does not filter or warn users about sketchy messages from a spoofed @gmail.com address. The email appears to have come from a Gmail account, but actually came from a non-Gmail server. Whenever a spam email with a fake Gmail address is trying to bypass Gmail spam filters, it has to connect to the Gmail’s server by appearing to be valid. Thus, the spammer can easily mask the fake Gmail address as if it is a legitimate one and go through.
Researcher found out that the spoofed @gmail.com message landed in the inbox folder rather than the spam folder and Gmail did not even display a security warning. The only indication that something might be wrong was that the sender field showed the Gmail address was sent from another server, but that information wasn't even visible in the Gmail app for iOS and Android.
Users are advised to look carefully to messages in their inbox coming from “@gmail.com” via another server, because they should normally be delivered by Gmail. Moreover, they should look at the message details, which are available in the web application, by clicking on the “down-arrow” near “to me”. A spoofed message can be noticed if the full header is examined.
Help Net Security
Latest Hacking News
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street