
Spoofing vulnerability in Google Inbox - eboyjr
https://eligrey.com/blog/google-inbox-spoofing-vulnerability/
======
lecarore
It's crazy how hard it is to fight fishing and spam, if I had programmed that
UI I would never have thought of that. Maybe they're waiting for someone to
actually exploit it before they make the UI less clean. It could be quite easy
to make a special case for "email-like" recipient names, but it could also
probably be cheated with some unicode wizardry.

