After actually reviewing it a bit more, it seems the forwarder idea I
had was based more on what it "looked" like. What it actually seems to
be was that Google allowed the spammer to spoof the customer's domain
using Gmail's API, which of course caused a backscatter attack.
On 2025-08-19 10:55, Jarland Donnell via mailop wrote:
This might help shed some light on it: https://mxbin.io/E65Ds9
I created a catchall temporarily and allowed the email to flow in, so
that I could capture a few bounce emails. They all seem to tell the
same story, though I admittedly haven't spent as much time dissecting
that story as I have the logs.
On 2025-08-19 08:30, Julian Bradfield via mailop wrote:
On 2025-08-19, Benoit Panizzon via mailop <mailop@mailop.org> wrote:
Attacker sets up an free email account with Google or Microsoft and
activates forwarding to probably a couple of dozens 'target' support
email addresses.
I don't understand this. Gmail requires verification from the
forwardee to activate forwarding.
You could do it by pulling the replies from gmail and sending them out
to the target addresses through gmail, but I don't see how to do it
purely with Google's resources.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
