Researchers Reports: Gmail Carries Spoofed Messages Without Any Notice

gmail-carries-spoofed-messages

These days, Gmail is one of the most popular electronic communication media through which we can easily communicate with other people. It does not only help to communicate but also to store document and professional purposes. As we all are very familiar with its features and behavior. But it has some pretty strong spam filters that is one of its strong points. Google manage to keep out most of the spam emails or messages from hitting your inbox, still, it cannot keep out everything especially when it arrives from a spoofed @gmail.com.

Spam is normally used to deliver the malicious attachments, documents or links to the unsuspecting System users. These emails have a great chance to lurks into the user PC because they are likely to open a document by clicking on the link that coming from the untrusted or unverified sources. Spam filters may block the bulk of spam message from hitting your inbox but it won’t filter spam from spoofed @gmail.com address.

According to the Renato Marinho who is a most popular researcher from a Brazilian security form named Morphus Labs, Gmail does not warn System users about the sketchy messages from the another spam email address. He also writes that while an email appears to have comes from the other valid of legitimate Gmail account that hackers are looking to harm you. It seems only some clue left to indicate that something is wrong with the spoofed email in the sender field. You will see the Gmail address was sent from the another server.

He also explains that spoofed Gmail address pretends to be valid that message directly goes into the spam folder. According to this researcher, the email of spammers server must connect to Gmail by saying that it wants to deliver a message from his domain even if it is untrustworthy or illegitimate ones. The address is switched to the fake email address to fool Google. Then Gmail queries the spammers DNS to check if the spammers email server could send messages ob behalf of it or not.

To verify the effectiveness of protections, the malware researchers are decided to test the spoofing of Yahoo and Gmail addresses. If the SMTP server’s IP address was not allowed in SPF policy of their domain, the message would not be delivered. But when SPF policy was in place, the message was delivered in Gmail, Yahoo continued to block it. While Google does not believe the issue needs to be tracked as a security bug because it really does not affect the integrity or confidentiality of Gmail user’s data.

To be stay protected, users are highly advised to pay attention to the messages in their inbox that coming from @gmail.com or another server. They should also look at the message details which were available in the web apps by clicking on down arrow near to me. A spoofed message is like to be noticed if the full header is examined.

Posted in Latest News. Tagged with , .

Leave a Reply

Your email address will not be published. Required fields are marked *