Security News > 2022 > May > Google SMTP relay service abused for sending phishing emails
Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users.
According to a report from email security firm Avanan, there has been a sudden uptick in threat actors abusing Google's SMTP relay service starting in April 2022.
Google offers an SMTP relay service that can be used by Gmail and Google Workspace users to route outgoing emails.
The following email, spotted by Avanan, appears as if it comes from Trello.com, but it's in reality from jigokar.com and passed through Google's relay service.
The emails are likely bypassing spam detections because all Gmail tenants who use this relay likely set up SPF records that place Google's SMTP relay service on the trusted sender list for their domain.
While these threat actors are abusing Google's relay service, Avanan says that any other relay service is succeptible to the same type of abuse.