Gmail's spam filtering is top-of-the-line, which accurately analyses spam emails and automatically keep them off the main inboxes. But Google had a bit of snag in its email providing platform over the weekend as users found spam in their inbox folder and panicked.
Google acknowledged the issue and said that it has impacted a "small subset of Gmail users". After seeing spam emails sent from their own accounts, the first instinct that kicked in was if the account was hacked. But Google assured that no accounts were compromised.
"We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident. If you happen to notice a suspicious email, we encourage you to report it as spam. More information on how to report spam can be found by visiting our Help Center," Google said in a statement, according to Mashable.
The lack of an immediate solution from Google forced users to act upon their instinct and change their account passwords, which is the first recommended step following any suspicions of being hacked. But it did not seem to help with the spamming issue.
One of the users affected by the problem complained that the spam emails continued to pour from his account even after changing the password. The spam issue also affected those who had two-factor authentication enabled on their accounts.
"My email account has sent out 3 spam emails in the past hour to a list of about 10 addresses that I don't recongnize[sic]. I changed my password immediately after the first one, but then it happened again 2 more times. The subject of the emails is weight loss and growth supplements for men advertisements. I have reported them as spam. Please help, what else can I do to ensure my account isn't compromised??" a user wrote on Gmail Help Forum on Sunday.
The Gmail filters were tricked by the spam emails arriving in the inbox with a "Me" marker, but a different name appeared in the "From" line along with spam content in the body when the email was opened.
Some users also reported that the spam emails appear to come from a Canadian telco TELUS, to which the company responded saying "the messages are not being generated by TELUS, nor are they being sent from our server."
Several users also took to Twitter to complain about the problem, but there's no immediate resolution.
Has your Gmail account (perhaps with 2FA enabled) been sending out spam? https://t.co/bOEY22KO12 pic.twitter.com/EOy6oiDSyR
— Graham Cluley (@gcluley) April 22, 2018
When you get junk mail from "yourself" and it's for funeral insurance ? @gmail pic.twitter.com/eABKnqXy4C
— Solange Francois (@solangefrancois) April 22, 2018
Well, at least it's not just me. #gmail #spam #google #gmailspam pic.twitter.com/8sl5In4swx
— B (@benbanner) April 22, 2018
My spam folder is full of emails ostensibly sent by me, except they weren't sent by me, but apparently it's possible to forge an email header to such an extent that even gmail can't really tell that it didn't send that email
— you heard it here first: facebook is bad (@alexhern) April 22, 2018
Google has been testing new features for Gmail, including a revamped web design, expiring emails via "confidential mode". It's not clear if the latest spamming issue is a result of some sort of backfire from one of the testing features, but it is highly unlikely as Google performs beta testing internally before publicly rolling it out. Stay tuned for updates.