undefined | Better HN

0 pointsmassaman_yams8y ago0 comments

Re: others forging your domain by using Gmail - this is only true in narrow edge cases like this one (which appears to have been relatively quickly fixed by Gmail).

In practice, the Gmail and G suite UIs provide enforcement mechanisms to ensure you own a domain/address before allowing you to send from it.

Does it potentially open you up to spoofing if another loophole/exploit like this is discovered? Sure. But as risk factors go, depending on who you are, that's probably relatively low on the list.

0 comments

herbst8y ago

Adding to this. You can only use Gmail for sending with your own domains when you have 2FA enabled.

innocenat8y ago

Not really. It also works if you also lower your account security setting to low to enable 'Less-secured app' to login.

herbst8y ago

Sure that is still available? Pretty sure this is disabled for a few years now. At least it was when I checked last time.

j / k navigate · click thread line to collapse

0 comments

herbst8y ago

Adding to this. You can only use Gmail for sending with your own domains when you have 2FA enabled.

innocenat8y ago

Not really. It also works if you also lower your account security setting to low to enable 'Less-secured app' to login.

herbst8y ago

Sure that is still available? Pretty sure this is disabled for a few years now. At least it was when I checked last time.

j / k navigate · click thread line to collapse