Suspicious hop on gmail

I received a suspicious message today from a friend of mine’s inbox, I suspect it’s been compromised.

I analyzed the header and obviously coming from the mail server gmail has all the authentication parameters configured (SPF,DKIM,DMARC) and correctly passed.

I’m suspicious of the first hop that the mail performs on an IPV6 with HTTP protocol

msgHeaderHop

Is it considered a regular activity?

Gmail shows my photo after I enter my emaill address (but before my password)

If I have a profile photo associated with a Google account, then when I enter my email address into GMail, but before I enter my password, the photo is shown.

Is there a possible security breach there? For instance, if someone guesses at an email address, perhaps after obtaining part of it, the photo appearing confirms ownership, without that someone needing to know my password.

I know not to associate a picture with my account, others may not; but let’s discuss Google’s side of things, not the account holder’s.

If I send a plaintext e-mail using Gmail to somebody, including my PGP public key block, is that secure?

I’ve been trying to figure out “practical encryption” (AKA “PGP”) for many years. As far as I can tell, this is not fundamentally flawed:

  1. I know Joe’s e-mail address: cool_joe@gmail.com.
  2. I have a Gmail e-mail address: me_78@gmail.com.
  3. I have GPG installed on my PC.
  4. I send a new e-mail to Joe consisting of the “PGP PUBLIC KEY BLOCK” extracted from GPG.
  5. Joe received it and can now encrypt a text using that “PGP PUBLIC KEY BLOCK” of mine, reply to my e-mail, and I can then decrypt it and read his message. Inside this message, Joe has included his own such PGP public key block.
  6. I use Joe’s PGP public key block to reply to his message, and from this point on, we only send the actual messages (no key) encrypted with each other’s keys, which we have stored on our PCs.

Is there anything fundamentally wrong/insecure about this? Some concerns:

  1. By simply operating the e-mail service, Google knows my public key (but not Joe’s, since that is embedded inside the encrypted blob). This doesn’t actually matter, though, does it? They can’t do anything with my public key? The only thing it can be used for is to encrypt text one-way which only I can decrypt, because only I have the private key on my computer?
  2. If they decide to manipulate my initial e-mail message, changing the key I sent to Joe, then Joe’s reply will be unreadable by me, since it’s no longer encrypted using my public key, but Google’s intercepted key. That means Joe and I won’t be having any conversation beyond that initial e-mail from me and the first reply by him (which Google can read), but after that, nothing happens since I can’t read/decrypt his reply?

Gmail Email id, dot(.) recognition [closed]

I keep on receiving email which is intend to be received by a gmail id similar to be mine, with no dots(.) in gmail id of other party. For example : my email id is john.grisham@gmail.com the inbox of above email ids, get emails intended to be received by johngrisham@gmail.com

Question 1: The other party will also be receiving my emails ? Question 2: How can i get rid of this problem?

Is Gmail Undo pattern enough for bulk mailing? What are the better alternatives?

We are in the early process of creating a mail client that would send out email campaigns to thousands of users (Mailchimp would be a similar product to compare) There are ideas and opinions, and one of them is adding an undo options to the mailing.

The owner of this approach convinced that this would raise the confidence level of the users, I’m defending an opposing idea which is adding an extra step that would review the mail content and recipients and ask for final approval.

While my solution adding extra friction to the flow, it also adds a higher level of confidence to the user’s activities.

Now everything above is assumptions and we will test these with users but I would like to hear more about the subject, especially the personal opinions.

I use Gmail every day and personally seeing that undo functionality adding more stress in my life. It happened once or twice that I undo the email and edited a few details, but if I couldn’t it wouldn’t be a disaster either.

On the other hand, I think, when a user sends a bulk mail, the user needs a better understanding of what are she/she about to do.

What are your thoughts? Are there other alternatives?

PS: I read already this question about the same functionality, while I understand the assumptions here I would like to hear more.

Fake back and forth conversation in gmail – how was it done? [on hold]

I have been accused of something nefarious and the “evidence” is solely an e-mail correspondence between my gmail account and another, with several replies back and forth.

I did find a remote desktop app on my laptop that would have been in operation when these e-mails were made (or at least the dates on the replies).

GMail Hack with 2-Factor Auth enabled

I have my business email on GMail. I use 2-factor authentication for access to said business email. I access my business email from 2 computers and 1 mobile Android device. I do not use Outlook or any email client I access it solely through the web browser. I run Webroot AV on both computers and have run MalwareBytes, Hitman Pro and Sophos Virus Removal tool with 0 hits on all.

Yesterday, spoofed emails of my business email account originating from all over the world were sent out to my customers with an attached, password protected file that was a virus. In itself this is not unusual, however, each of the emails was a actual reply from a valid email I had received previously. I immediately looked at my google account settings and verified 2-factor auth, I looked at the devices that were using my email and could verify each one. I could find no proof that someone had gained access to my email other than myself.

Does anyone have any suggestions on where I should look for this breach? I am at a loss and dreading a second round of emails going out.

GMail / Chrome battery drain

(K)Ubuntu 19.04 on XPS 13 – 9360 UHD display

The subject line says it all. While battery life on Ubuntu 19.04 is pretty good overall, whenever I use Gmail I can see consumption spike up. More precisely, the estimated battery life (I use KDE, but the same is true under Gnome) drops precipitously. Composing emails seems to really hammer power consumption.

Web browsing in general is tough on battery consumption, but Gmail is a particularly egregious offender. I am using Chrome, but I tried Firefox as well and it was basically the same.

Am I the only one seeing this? Any thoughts? Thank you!!!