Worrying New Gmail Scheme Makes It Seem Like You're the One Sending Spam

Illustration for article titled Worrying New Gmail Scheme Makes It Seem Like Youre the One Sending Spamem/emem/emem/em
Image: Sam Rutherford (Gizmodo)

Getting rid of spam is a never ending game of cat and mouse. Just as soon as email hosts figure out how to thwart spammers’ latest tricks, the spammers come up with new ways to fill your inbox with junk you don’t want.


But recently, spammers have found a new method of bypassing Gmail’s spam filters, and it makes it look like you are the one sending out the junk. As first reported by Mashable and later confirmed by Google, a new spam campaign uses forged headers to spoof Gmail users’ own email addresses. Because these spam emails appear to be sent by the recipient to themselves, Gmail erroneously filed them to affected users’ “sent” folders.


The scheme had some questioning whether their login info had been compromised. Thankfully, in a statement issued by Google, the company claims it has “no reason to believe any accounts were compromised as part of this incident.”

One way to tell if you are affected is to check if any suspicious emails in your sent folder are listed as being sent “via telus.com.” While Telus, a Canadian telecom company, has said that its network and servers aren’t actually being used to propagate this latest batch of spam, it seems many of the forged email headers list Telus as the email host.

As with a lot of email issues, this latest batch of spam is mostly just an annoyance, though because this incident made it seem like spammers may have hacked your account, this one is a bit more frightening than normal. Google says it is working to fix the issue, so here’s hoping the company can stay ahead of the spammers next time.



Senior reporter at Gizmodo, formerly Tom's Guide and Laptop Mag. Was an archery instructor and a penguin trainer before that.

Share This Story

Get our newsletter


I wouldn’t call this new. Spammers have been spoofing email addresses for years. This is a daily annoyance to us in IT as I get questions from users constantly “Is blah blah blah email legit?” I show them how to identify the spam and report it. That said, this seems to be an issue with how gmail handles mail more than anything, if I’m understanding the issue correctly. What I’m curious about, is if you’re being spoofed as the sender, how is it ending up in your mail in the first place, unless it’s sent to you?