Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Spammer's delight: Gmail weirdly doesn't see spoofed @gmail.com addresses as junk

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Spammers could have a field day with Gmail users, simply by spoofing real Gmail accounts, according to a security researcher.

 

original-53c6066ac0a7eafbdf9a6ee4f5fa2e6

Spoofed @gmail.com messages arrive in the inbox rather than the spam folder, with no Gmail security warning.

 

 

Google's Gmail spam filters may block the bulk of spam from hitting your inbox, but according to one researcher it won't filter spam from a spoofed @gmail.com address.

No one likes spam and for the most part Google does a great job of keeping inboxes free of it. For Safer Internet Day, Google highlighted the "geeky detective work" it does to ensure the average Gmail inbox has less than 0.1 percent spam.

 

 

Gmail, for example, "tracks where a message originated, to whom it's addressed, and how often the sender has contacted the recipient". This approach helps Google cull spam before the user sees it.

 

 

But, according Renato Marinho, a researcher from Brazilian security firm Morphus Labs, Gmail doesn't filter or indeed even warn users about dodgy messages from a spoofed @gmail.com address. That is, the email appears to have come from a Gmail account, but actually came from a non-Gmail server. It's not hard to imagine the fun that hackers and spammers could have with this behavior.

 

 

Marinho demonstrated it to ZDNet using a setup he describes in a post, and the spoofed @gmail.com message arrived as promised in our inbox rather than the spam folder. Gmail did not display a security warning either.

 

 

The only indication that something might be amiss was that the sender field showed the Gmail address was sent 'via' another server, but that information wasn't even visible in the Gmail app for iOS and Android.

"Messages coming from @gmail.com addresses are not filtered by Gmail anti-spam in a specific condition," explained Marinho.

 

 

First, the spoofed Gmail address needs be pretending to be a valid Gmail address. If it's not a valid Gmail address, the message goes straight to Gmail's spam folder. Marinho also demonstrated this process for ZDNet.

Secondly, the email server that sent the message must be authorized via the Sender Policy Framework of the SMTP sender address domain.

 

 

For that to happen, the spammer's email server first connects to Gmail and says it wants to deliver a message from his domain, such as Im-a-spammer.com, but the spammer switches the address to a fake Gmail address.

 

 

Gmail then queries the spammer's Im-a-spammer.com domain name service (DNS) server to check if the spammer's email server could send messages on behalf of it, which of course the spammer approves.

Marinho says he informed Google of the issue but was told it would not be tracked as a security bug since it did not substantially affect the confidentially or integrity of Google users' data.

 

 

He also said Yahoo rejected the spoofed email while Microsoft's Outlook moved the spoofed message to spam. But he believes a serious issue here is the trust Gmail users have in Google reliably filtering out spam.

"The higher our belief in the provider, the lower tends to be our attention to the risks. The main advice here is to revisit this 'trust logic'. Even highly reputable services may fail, and we need to be careful all the time to avoid risks," he wrote.

 

 

One sure way to tell if a sender address has been spoofed is by examining the full message headers.

It's not clear why Gmail doesn't block these emails or hide them in the spam folder. ZDNet has asked Google for a response and will update the story if it receives one.

 

By Liam Tung 

http://www.zdnet.com/article/spammers-delight-gmail-weirdly-doesnt-see-spoofed-gmail-com-addresses-as-junk/

 

Link to comment
Share on other sites
  • Replies 5
  • Views 765
  • Created
  • Last Reply
tao

tao

Posted
Posted

Gmail Delivers Spoofed Messages Without Warning

 

Spoofed emails could easily land in user’s Gmail inboxes without even warning them of suspicious activity, security researchers have discovered.

 

While spam is normally used to deliver malicious documents or links to unsuspecting users, spoofed emails have a bigger chance of luring potential victims, because they are likely to click on a link or open a document coming from what they believe is a trusted contact. When it comes to spoofed messages, the sender is impersonated or changed to another, thus making messages appear legitimate.

 

Which users may expect Gmail to warn them of such suspicious activity, researchers at the Morphus Segurança da Informação recently discovered that this doesn’t always happen. According to them, users should revise the trust they have on Gmail blocking messages with spoofed senders, even when no alert is displayed regarding the legitimacy of that message....

 

At:  < http://www.securityweek.com/gmail-delivers-spoofed-messages-without-warning-researchers-find >

 

Link to comment
Share on other sites
Agent 86

Agent 86

Posted
Posted
12 hours ago, adi said:

Spoofed emails could easily land in user’s Gmail inboxes without even warning them of suspicious activity, security researchers have discovered.

not good gmail
 

Link to comment
Share on other sites
  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted
19 hours ago, adi said:

Thanks!

Apologies.  :(

 

 

 

No need to. Threads merged. Report it in such cases though.

Link to comment
Share on other sites
tao

tao

Posted
Posted
3 hours ago, DKT27 said:

No need to. Threads merged. Report it in such cases though.

धन्यवाद (Thanks)!  :)

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...