Top Deliverability’s Blog
DMARCIAN: Google Groups Security Vulnerability
- December 15, 2023
- Posted by: Top Deliverability
- Category: DMARC DMARCIAN Email Authentication Email Services Industry News
DMARCIAN just released a new engaging blog:
Recent discussions in the email security ecosystem have highlighted a security loophole concerning Google’s handling of emails sent to a Google Group. This issue arises particularly when the emails come from a domain with a DMARC policy set to p=quarantine or p=reject. Google Groups functions similarly to a mailing list. When a group address receives an email, Google forwards a copy to each group member, retaining the original From: header. This From: header is crucial, as it’s what recipient systems use to determine which domain to check against for DMARC compliance. In essence, when Google forwards these emails, it’s as if Google is spoofing the domain being forwarded. This becomes problematic with domains like AOL or Yahoo, where the receiving system will reject the email, recognizing that Google isn’t authorized to send on their behalf. How scammers exploit Google Groups’ email forwarding Domain Acquisition: Scammers start by acquiring a new
Read more: Google Groups Security Vulnerability
P.S. Do you need help with Email Authentication? Ask for a Consultation
Leave a Reply Cancel reply
Email Service Providers Handbook
The most comprehensive “Handbook of Email Service Providers“!
SPAMASSASSIN RULES
All SpamAssassin rules in one place, EXPLAINED!
SMTP COMMANDS
& REPLY CODES
All SMTP/ESMTP commands and reply codes in one place, EXPLAINED!
Free DNS Tool
Check the DNS records of your domain with our free DNS tool.
Deliverability Glossary
The most comprehensive Email Deliverability and Marketing Glossary!