• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Android Infotech

Android Infotech

Android Tips, News, Guide, Tutorials

  • News
  • Root
  • Firmware
  • Applications
  • Knowledge
  • Tutorial
  • I’m Bored
  • Deals
  • Donate
  • 🔎Search
Home » News » Gmail Blue Checkmark Issue Explained

Gmail Blue Checkmark Issue Explained

June 13, 2023 by Selva Ganesh Leave a Comment

The Gmail Blue Checkmark issue has raised concerns among users regarding the authenticity of verified senders. In early June, a new method used by scammers to abuse the trust-based system was discovered. Despite the Blue Checkmark being intended to indicate messages from authenticated businesses and institutions, scammers found a way to manipulate this feature and display the checkmark on their statements. In this article, we will examine the factors that contributed to the failure, the tactics used by scammers to manipulate the system, and the steps taken to rectify this problem.
Gmail Blue Checkmark in Mobile App

Table of Contents

  • Email Authentication
  • Uncovering the Gmail Blue Checkmark Issue
  • Solutions for Gmail Blue Checkmark Issue
  • FAQs
    • What steps can I take to safeguard myself from becoming a victim of email scams?
  • Wrap Up

Email Authentication

Email has been a popular means of online communication for several decades. Over time, various systems have been developed to combat abuse and ensure secure transmission. One of the critical mechanisms in place is DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC builds upon the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to prevent email spoofing and verify the authenticity of the sender’s name in the “from” field.

Gmail also employs VMC (Verified Mark Certificate) to indicate sender legitimacy. This digital attestation is based on legally trademarked information, helping establish brand identity. VMC is further utilized in BIMI (Brand Indicators for Message Identification), the system responsible for displaying a company’s icon alongside its messages in the Gmail inbox.

Buy Samsung Galaxy S22 Ultra from $6.46/mo for 24 Months with Eligible Trade-In.
Buy Samsung Galaxy Z Fold 5 from $25/mo for 24 Months with Eligible Trade-In.

Authenticated emails from recognized organizations display the company logo and feature the blue “verified” checkmark when properly configured.

Also Read-  You can grab the Samsung Galaxy A14 5G for Free with Cricket Wireless

Uncovering the Gmail Blue Checkmark Issue

A cybersecurity engineer, Chris Plummer, noticed something amiss when he received emails in his Gmail inbox from suspicious-looking addresses. To his surprise, these emails included the company’s logo and the Blue Checkmark. Examining the example shared below, we can see that although the message appears to be from a UPS.com account, the presence of a gibberish subdomain and an unusual account suggests spoofing.

Gmail Blue Check Mark Spoof

Upon investigating the matter, Google disclosed that the issue is “a third-party security vulnerability allowing bad actors to appear more trustworthy than they are.” The crux of the problem lies in the coexistence of SPF and DKIM authentication methods and how BIMI handles cases where one pass but the other fails.

Since UPS trusted Microsoft to send emails on its behalf, when Gmail received a message from a scammer through a Microsoft server, it considered it a legitimate UPS email that complied with BIMI standards. This occurred despite the presence of a spoofed subdomain. Gmail did not delve deeper into the chain of email systems the message passed through or whether it failed any prior validation attempts. The Blue Checkmark would appear if the most recent test looked good.

Solutions for Gmail Blue Checkmark Issue

The Gmail Blue Checkmark issue raises concerns about the average email user’s ability to discern the authenticity of a sender. Should users abandon trust in email altogether? Assume that every message could be fake. Fortunately, measures are already being taken to address this problem.

One notable action taken was UPS removing Outlook as an authorized mail server in its SPF record. This adjustment prevented this specific attack.

When issues like this arise, it is crucial for all parties involved to resist the temptation of adopting a “my part works, the problem must be your part” attitude. Even now, the group responsible for BIMI appears somewhat dismissive, claiming that the incident merely highlights a long-standing issue with SPF, predating BIMI and DMARC. It is essential for the involved parties to proactively resolve known problems rather than waiting for hackers to exploit them. Only then can we have confidence in our trust in online communications?

Also Read-  Google explains Nest Cam and Door Bells Battery issues during Winter

FAQs

Can scammers still send spoofed emails without the Blue Checkmark?

Yes, scammers can still send spoofed emails without the Blue Checkmark. The Blue Checkmark is to provide an additional layer of verification for business authentication and institutions, but scammers found ways to bypass it.

What steps can I take to safeguard myself from becoming a victim of email scams?

To safeguard yourself against email scams, exercise caution while opening emails from unfamiliar senders or those with dubious addresses. Refrain from clicking on suspicious links or downloading attachments from such emails. Verify the sender’s credibility through alternative methods, such as contacting the company directly.

Are other email providers vulnerable to similar issues?

While the Gmail Blue Checkmark issue was specific to Gmail’s implementation of BIMI, other email providers may face similar challenges. Email authentication systems are continuously evolving to mitigate risks and enhance security.

How can businesses ensure their emails appropriately have Authentication?

Businesses can implement robust email authentication measures by correctly configuring DMARC, SPF, and DKIM. Monitoring and updating these settings is essential to maintaining a secure email environment.

Will the Gmail Blue Checkmark issue be fully resolved in the future?

The Gmail Blue Checkmark issue has prompted discussions and actions within the email community to address the vulnerability. Email authentication systems are evolving, and companies fixing the vulnerabilities are patched. Such problems are expected to be mitigated.

Wrap Up

The Gmail Blue Checkmark issue exposed a vulnerability in the system that scammers exploited to appear as verified senders. We can understand the complexity of email authentication from the interplay between DMARC, SPF, DKIM, VMC, and BIMI. Actions are currently being taken to tackle this problem and guarantee that email recipients can have confidence in the authenticity of Senders. By implementing proactive strategies and addressing identified weaknesses, we can uphold the integrity of online communication.

Also Read-  How to Solve Google I/O 2021 Virtual Event Date Reveal Puzzle?

Source, (2)

Selva Ganesh

Selva Ganesh is the Chief Editor of this Blog. He is a Computer Science Engineer, An experienced Android Developer, Professional Blogger with 8+ years in the field. He completed courses about Google News Initiative. He runs Android Infotech which offers Problem Solving Articles around the globe.

Related Posts:

  • Use WhatsApp to Get Instagram Two Factor Verification Code
  • How to do Tinder Blue Tick Video Verification?
  • Restoring Emails Marked as Spam to Gmail Inbox
  • 74% of Twitter Two factor Authentication Users have to Pay for SMS…
  • How to Signup for Twitter Organization Verification?
  • Twitter Celebrities with Million Followers Once Again Eligible for…
Share This Post:

Filed Under: News Tagged With: Gmail, Google, Security System

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Join With Us

Deal of the Day

Samsung Galaxy S22 Ultra For $6.95/mo at Samsung Online Store.

Recent Posts

Person Paying in Shop with GPay

Fix Google Wallet is not working After Android 14 QPR1 Beta Update

Amazon Prime Video in TV and Mobile

Amazon to Introduce Ads on Prime Video Starting 2024

Nio Phone in Hands

Car Maker Nio launched a Smartphone with Flagship Mobile Specs

Samsung Galaxy A14 5G Unlocked Screen

You can grab the Samsung Galaxy A14 5G for Free with Cricket Wireless

Twitter Bird Animation

Twitter X is Going to charge Monthly Subscriptions for All

Advertisement

Footer

Copyright © 2023 AndroidInfotech.com, All Rights Reserved, Android is a trademark of Google Inc. All contents on this blog are copyright protected and should not be reproduced without permission.

  • Subscribe
  • Sitemap
  • About Us
  • Contact Us
  • Privacy Policy
  • Disclaimer
  • Our Image License
  • Hosted on Google Cloud
  • Ad Partner Ezoic
  • Corporate Office