Forged Email Headers Strike Fear In Gmail Users

Gmail users got a bit of a shock when they discovered over the weekend that "they" had sent spam emails to themselves. Several people complained about the issue on Google's support forums and social media, and by Sunday, the company announced that it had figured out the problem. The message's sender forged the email's header to trick Gmail into putting the message in the "sent" folder instead of the inbox.

This might not seem like that big of a problem--many people's email accounts have been used to spam other people before. Yet with growing awareness of security and privacy issues, the possibility that someone hacked into a Gmail account was enough to worry the affected users. It's not about sending a spam email to yourself; it's about the fear that someone managed to gain access to your Gmail account.

Gaining access to those accounts could prove disastrous. Many services use email to reset passwords, offer automatic sign-in links, and share information, and of course many people use email for private conversations. Penetrating Gmail's defenses could give someone almost unfettered access to the rest of their victim's digital life. It makes sense, then, for Gmail users to be worried that their accounts were taken over.

Fortunately, that isn't what happened here. On Sunday, a Google community manager named Vanessa posted this message on the company's forums:

We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as spam. More information on how to report spam can be found by visiting our Help Center.

Google hasn't clarified how the email headers were forged or why Gmail can't identify when someone hasn't sent a message to themselves. But it does seem like this particular issue has been resolved, and with any luck the company's efforts to address this problem will stop similar ones from happening in the future. Spam email is bad enough when it doesn't make you worry that someone has hacked your email account.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • redgarl
    LOL^^^ Best comment ever, especially in the context! Upvote!
  • caduzalak
    Werr werr werr. I can't fully use microsoft hotmail anymore because when I hover a link in an email it reads something like "htp::0:/email.protec.safelink006" or something like that which means only 1 thing: me "thinking wtf is that", I had trouble when the web transitioned from slashes in urls like "bean/jelly" into using dots like this "jelly.bean" imagine now....
  • caduzalak
    safelink,webprotec,dildoid, i mean is that some hackers or did microsoft forgot to tell me wtf is up