A couple of weeks ago I noted that some spammers were sending spam through Gmail. Well, I noticed it again. Whereas in those messages from two weeks ago they were stock spam, this latest batch is enlargement pill spam that contains an image, a link and French phrase for “Click here!”
Just like before, the sending IPs passed the SPF check (the IP’s reverse DNS resolves to Google) so clearly this is a case of a security flaw in Gmail’s email model being exploited. The stats we have on this particular IP suggest that it has a pretty good historical sending record. Senderbase’s Email Reputation Score is also good.
This is a case of spammers taking advantage of security flaws in large email providers. Eventually, Google will get tired of all the spam complaints and will shut this down, but I think it illustrates the regrouping capability of spammers. They are resourceful enough to track down stuff like this and use it for their own ends. I wouldn’t be bold enough to say that the next big thing in spamming will be to take advantage of senders with good historical records of email sending patterns, but I will say that for that time being, it is an interesting strategy.