Am 16.12.25 um 17:57 schrieb Rob McEwen via mailop:
It seems very unethical that Google even allows such criminal phishing scams to
be sent from their systems - wow!
s/seems/is/
And I cannot find any indication/identifiers about the original sender who
originated this. Can you?
https://www[.]invaluement[.]com/public_evidence/google-garbage[.]txt
(remove brackets to fix link)
NOTE: I altered this email in that link above - to try to hide my client's identity, so identifiers (such as their
domain name) were changed to "example". But before that change, it was passing DKIM, including passing DKIM on the
"d=google.com" DKIM header.
Did you fix the base64 encoded body part? If not, it contains the domain of
your client (unless that is fully fake as well).
Google's e-mail behavior has been squarely on the side of unethical for quite a while. Their cloud services can
apparently be used anonymously (or at least they don't check any customer identity). Whoever uses their cloud can
apperently send anything via their e-mail infrastructure, including forged sender addresses.
I currently fail to see which lever could be applied. Anything that blocks Google in such a way that their non-spamming
customers are affected enough to make a stink will negatively affect our customers, probably more so.
What I'm currently doing is block the Google Groups, firebaseapp, googleusercontent sources as well as I can identify
them, with the option of whitelisting sources from which my users want to receive mail. This is kinda hard to do on a
large scale, sadly.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
