Columbus | Medina | Painesville | Akron | Cleveland
 GET A CUSTOMIZED PROPOSAL

Technology Tips

  • HOME
  • BLOG
  • Popular Service Being Used To Send Phishing Emails
May 27, 2022

Popular Service Being Used To Send Phishing Emails

Written By Randy Hall

Google SMTP relay service is wildly popular and used every day by legions of users.  Unfortunately, hackers around the world are aware of this and increasingly they've begun abusing the SMTP relay service.

The basic idea is as follows. Some clever hackers have figured out that they can bypass email security products and deliver malicious emails to their intended targets if they take advantage of certain weaknesses in Google's SMTP relay service.

Researchers at the security firm Avanan have been tracking the phenomenon and have confirmed a sudden, dramatic spike in threat actors abusing the SMTP relay service beginning in April of this year (2022).

The relay service is offered by Google as part of Gmail and Google Workspace as a means of routing outgoing user emails.

Use of the SMTP relay is mostly a matter of convenience, as it means that users don't have to manage an external server for marketing emails. So there's no worry that their mail server may get added to someone else's blocked list.

It is very handy but unfortunately, hackers have discovered that they can use the SMTP relay service to spoof other Gmail tenants without being detected, with one very important catch and caveat. If those domains have a DMARC policy configured with the 'reject' directive, the game is up, and the hacker's attempt will fail.

Although this can be a serious problem, it also has a simple solution.  Just set a fairly strict DMARC policy and you'll minimize your risk of your users falling victim to this type of attack.

As Google indicated on a recent blog post on this very topic:

"We have built-in protections to stop this type of attack. This research speaks to why we recommend users across the ecosystem use the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. Doing so will defend against this attack method, which is a well-known industry issue."

It's good advice.  If you aren't sure whether you've got a strict DMARC policy set, find out from your IT staff. If not, have them implement one right away.
Picture of Randy Hall
About The Author
Randy Hall, CEO & Founder of Securafy, is a seasoned IT leader specializing in cybersecurity, compliance, and business resilience for SMBs. With deep technical expertise and decades of experience, he shares strategic insights on cybersecurity risks, AI in cybersecurity, emerging technology, and the economic challenges shaping the IT landscape. His content provides practical guidance for business owners looking to navigate evolving cyber threats and leverage technology for long-term growth.

Join the Conversation

Subscribe to our newsletter

Sign up for our FREE "Cyber Security Tip of the Week!" and always stay one step ahead of hackers and cyber-attacks.

Securafy Inc.
5900 SOM Center Rd. #12-142 Willoughby, OH 44094
(330) 906-8888
Info@Securafy.com 
Company
Resources
Free Cybersecurity Tips

By subscribing, you agree to our privacy policy and will receive occasional promotional emails.
© 2025 Securafy, Inc.