

Gmail Tampers with Outgoing Email - leephillips
http://lee-phillips.org/gmailRewriting/

======
emmelaich
My summary: user is authenticating to Google's authenticated smtp server as
one user but sending as a completely unrelated user. Google modifies the
headers to reference the authenticated sender.

Frankly I'm not surprised. I think that the fact that is not a relay server
but a specifically provided for the use of the MUA of a user with which they
have a relationship gives themselves a lot of 'wiggle room' .

The use of 'tamper' in the heading is a little over the top too.

------
tokenrove
AFAIR, registering your other email addresses with gmail ("Send as") works
fine to prevent this behavior.

~~~
emmelaich
That is not the case here; that is specifically addressed in the article.

~~~
silverlight
Where? I didn't read anything about him Pre-clearing the address with GMail as
a verified email...

~~~
emmelaich
Apologies, I misread your comment. I thought you were referring to the second
paragraph ending in

"...Google makes this straightforward to set up"

Do you have a link for the pre-clearing?

Anyway, while I'm here, I'd take issue with

"and their correspondents will never know they are using gmail"

They can easily find out if they inspect the headers.

