"Phishers Exploit Google's SMTP Relay Service to Deliver Spoofed Emails"

Researchers have observed phishers exploiting a flaw contained by Google's SMTP relay service to deliver malicious emails that spoof popular brands. There has been a significant surge in SMTP relay service exploit attacks in the wild since April 2022. Organizations use Google's SMTP relay service to perform activities such as sending out promotional messages to a large number of users without running the risk of their email server getting blocklisted. However, the relay service has a vulnerability that could allow any Gmail tenant to spoof another tenant, meaning a hacker can use the service to spoof legitimate brands and distribute phishing and malware campaigns. Since Gmail's SMTP relay servers are generally trusted, and recipients see a legitimate-looking email address in the "From:" field, email security solutions are bypassed. Users could notice something is wrong only by checking the headers of the messages. According to Avanan researcher Jeremy Fuchs, this brand impersonation technique only works if the impersonated company has not enabled its DMARC reject policy. DMARC is a DNS-based authentication standard that protects organizations against impersonation attacks by preventing malicious spoofed emails from reaching targets. This article continues to discuss the exploitation of Google's SMTP relay service to deliver spoofed emails, Google's response to this discovery, and the importance of enforcing the DMARC reject policy. 

Help Net Security reports "Phishers Exploit Google's SMTP Relay Service to Deliver Spoofed Emails"