Most Of Us Don't Think Too Much About The "from" Address Bar On Our E-mail, Which Is Usually Filled Out By Mail Programs Or Web Services. On The Recipient Side, The Security Tool Can Check The Address Against The Sending Server To Verify Whether The Mail Is Legal However, The SMTP Relay Server Between The Server And The Inbox Will Allow Mail To Pass Through, Even If The Addresses Do Not Match, Which Is Why Some Marketing Organizations Can Send Mass Emails Without Being Blocked
[![]()](/article/2022/05/4499e616cc5ee57.jpg)
[![]()](/article/2022/05/0662eb12ce969bc.jpg)
Gmail Happens To Have SMTP Transfer Facilities, Which Makes It Possible To Send Non Gmail Mail Through Google Server. Avanan Researchers Found That Hackers Are Manipulating Google's Services, Pretending To Be A Reputable Brand, Sending Thousands Of E-mails, Bypassing Security Tools And Directly Entering Users' Inboxes. Hackers Are Taking Advantage Of A Flaw In Google's SMTP Relay Service To Send Phishing Messages, Which Are More Likely To Reach The Harassed Person's Inbox Without Interference. Avanan Observed A Significant Increase In The Number Of Such Attacks, With More Than 27000 Such Emails Sent In Just Two Weeks In April.
Google Was Informed Of The Vulnerability On April 23. To Guard Against Attacks, Security Researchers Recommend Checking The Sender's Address Before Interacting With Any Email, Using Email Security Solutions, Using A Variety Of Indicators To Determine Whether The Email Is Malicious, And Always Hovering Over Any Link To View The Target URL Before Clicking On It.
Learn More:
https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit