On 16.12.2025 at 18:13 Rob McEwen via mailop wrote: It seems very unethical that Google even allows such criminal phishing scams to be sent from their systems - wow! And I cannot find any indication/identifiers about the original sender who originated this. Can you?
https://www[.]invaluement[.]com/public_evidence/google-garbage[.]txt […] Meanwhile, everything in the email uses "google.com": ...the Return-Path, the PTR record, the mail header From, the DKIM (and the other DKIM is also using a google domain). Also, to be clear, the link goes to a clear criminal phishing scam page - it's a fake Microsoft 365 login page hosted at the newly registered sharefileselfservices[.]cloud domain (once you get past the CAPTCHA - if you dare try that - do that at your own risk) PS - All the research I did on the "you have received this email because" part is pointing to this text at the end of the email being crafted by the criminal, and not actually triggered by my client. But if I'm wrong about that, let me know. It is using a Google domain because it was sent via Googles infrastructure, namely via Googles Application Integration infrastructure, which is a low-code tool for data integration within GCP. Among other things it contains actions to send emails / alerts, which send messages with the sender address noreply-application-integration [at] google.com. As every service on the internet that can be used to send out messages with customizable content, it is abused by spammers and scammers, but I don’t believe that offering such services makes Google an unethical company. Google should provide a better abuse management, but this isn‘t really news (unfortunately). Chris Robertson has documented such an attack involving Googles application integration platform in more detail: https://www.linkedin.com/pulse/youre-dead-legal-call-google-signed-email-phone-prompt-robertson-f8sgc/ You are correct that the email is a phishing attempt and of course your client does not need to use any Google services himself to receive emails from google.com. — BR Oliver ________________________________ dmTECH GmbH Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe Telefon 0721 5592-2500 Telefax 0721 5592-2777 [email protected]<mailto:[email protected]> * www.dmTECH.de<http://www.dmtech.de> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher ________________________________ Datenschutzrechtliche Informationen Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie hier<https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832>.
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
