Most of us today use Gmail as our primary email platform. It is indeed a very useful platform that is known for its efficiency and effectiveness. However, Gmail may not be as effective as we think it is.
According to a recent research conducted by Renato Marinho at Morphus
More: Gmail Phishing Scam Stealing Credentials Through Infected Attachment
How can you know if it is spam?
Sadly, it is not that easy. However, one may view the address in the sender’s field as that may reveal the Gmail address to be generated from a different server. Nevertheless, this is no use since most spam emails are capable of injecting malware just by being clicked and viewed. What is more disappointing, is that for Android and iOS users, such an option of finding the server’s actual name in the sender’s field is not available.
The Mechanism
Research suggests that whenever a spam email with a fake Gmail address is trying bypass Gmail spam filters, it has to connect to the Gmail’s server by appearing to be valid. As such, the spammer can easily mask the fake Gmail address as if it is a legitimate one and go through.
“Although it has not been considered a security bug, in our opinion, it would be better if Gmail could at least adopt the same behavior we saw when trying to spoof a non-existing Gmail account in which security alerts were shown. Additionally, we suggest to make it possible to view message security details within the Gmail iOS app, as today these users have no ways to verify if they are being spoofed”, writers Marinho.
Google’s views
Although the trick can be potentially harmful, Google does not seem to be very serious about it. When asked as to what should be the course of action to counteract the problem, Google said that it is not a big issue as it does not interfere with a user’s privacy.
More: Hacker finds flaw in Gmail allowing anyone to hack any email account
An opinion such as this can jeopardize the reputation that Google has on the market. While Yahoo and Microsoft recognize such camouflaged email addresses as fake, Google does not.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.