Gmail’s Spam Filter Not Impenetrable For Hackers

[NeophobiA 1,503]

Google does not send spoofed @Gmail based emails to spam folder – Using this loophole scammers can trick users into identity theft, phishing or malware scam.

 

 

Most of us today use Gmail as our primary email platform. It is indeed a very useful platform that is known for its efficiency and effectiveness. However, Gmail may not be as effective as we think it is.

According to a recent research conducted by Renato Marinho at Morphus Labs, Gmail does not seem to spam emails that are sent with the @gmail.com address, even if it is a fake one. The trick is used to bypass Google’s spam recognition system and hence the email seems valid when in reality, it has been generated from another server altogether. This means such an email does not go to the spam folder; rather, it appears in one’s inbox.

 

How can you know if it is spam?

Sadly, it is not that easy. However, one may view the address in the sender’s field as that may reveal the Gmail address to be generated from a different server. Nevertheless, this is no use since most spam emails are capable of injecting malware just by being clicked and viewed. What is more disappointing, is that for Android and iOS users, such an option of finding the server’s actual name in the sender’s field is not available.

 

The Mechanism

Research suggests that whenever a spam email with a fake Gmail address is trying bypass Gmail spam filters, it has to connect to the Gmail’s server by appearing to be valid. As such, the spammer can easily mask the fake Gmail address as if it is a legitimate one and go through. 

“Although it has not been considered a security bug, in our opinion, it would be better if Gmail could at least adopt the same behavior we saw when trying to spoof a non-existing Gmail account in which security alerts were shown. Additionally, we suggest to make it possible to view message security details within the Gmail iOS app, as today these users have no ways to verify if they are being spoofed”, writers Marinho.

Google’s views

Although the trick can be potentially harmful, Google does not seem to be very serious about it. When asked as to what should be the course of action to counteract the problem, Google said that it is not a big issue as it does not interfere with a user’s privacy.

 

An opinion such as this can jeopardize the reputation that Google has on the market. While Yahoo and Microsoft recognize such camouflaged email addresses as fake, Google does not.

 

 

 

 

 

[Tech 425 3,942]

Well I guess don't email me as I won't even look