[mailop] It seems very unethical that Google even allows this - wow!

Tue, 16 Dec 2025 09:11:21 -0800

It seems very unethical that Google even allows such criminal phishing scams to be sent from their systems - wow! And I cannot find any indication/identifiers about the original sender who originated this. Can you? 

https://www[.]invaluement[.]com/public_evidence/google-garbage[.]txt
(remove brackets to fix link)
NOTE: I altered this email in that link above - to try to hide my client's identity, so identifiers (such as their domain name) were changed to "example". But before that change, it was passing DKIM, including passing DKIM on the "d=google.com" DKIM header.
If a small provider had such a system that did this - would they even be allowed to survive for more than a day?
Also, this client of mine doesn't use google for any email services, but if I'm somehow wrong about this and this was somehow triggered by my own client's compromised *whatever* at google, and my client's compromised *whatever* at google triggered this? ...then please let me know. I say this partly because almost everyone uses Google for something. But I can't find any indication of that in this email, and they don't use google for email services. At the least, there ought to be some kind of chain of custody that would identify the originator of this. THAT is one of my largest complaints about this email. (And both "X-Received: by 2002:a05:622a:2513:b0:4ee:24e8:c9ae" and "X-Google-Smtp-Source:" headers aren't helping much!)
(I said "whatever" at Google - because whatever originated this might involve multiple things/services/apps/etc at Google?) 

Meanwhile, everything in the email uses "google.com":
...the Return-Path, the PTR record, the mail header From, the DKIM (and the other DKIM is also using a google domain).
Also, to be clear, the link goes to a clear criminal phishing scam page - it's a fake Microsoft 365 login page hosted at the newly registered sharefileselfservices[.]cloud domain (once you get past the CAPTCHA - if you dare try that - do that at your own risk)
PS - All the research I did on the "you have received this email because" part is pointing to this text at the end of the email being crafted by the criminal, and not actually triggered by my client. But if I'm wrong about that, let me know. 

Rob McEwen, invaluement

_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

Reply via email to