A small percentage of Gmail users have been reporting spam in their Sent folders to unknown contacts. Despite changing passwords and changing authentication settings, users have been unable to block the spread of spam messages from their accounts. With users panicking and assuming their accounts have been compromised, there has been no explanation whatsoever of why the emails are being generated.
Users with two-factor authentication have also been affected, and Gmail’s help forum has been unable to help thus far. Google has responded stating that they are aware of the issue and are taking measures to protect users from the spam campaign. The spam campaign in question is known to generate forged email headers and make it look like Gmail users are spamming themselves, which makes it look like their messages are wrongly appearing in the Sent folder.
All users who have been affected by the issue are being requested by Google to report the spam from the Help Center so Google can resolve the issue with their accounts. All of the offending emails have been classified as spam and should not be appearing anymore on users’ sent accounts.
If you are a victim of the issue, change your password immediately and set up two-factor authentication just to avoid the instance of your account being compromised. Once you do that you can head to the Google Forums and post your problem to get a customer service representative to look at your problem if the spam does not stop.
The spam issue is similar to what many users faced last year. Spammers managed to bypass Gmail’s spam filters that were reported by ZDNet last year. Gmail does not filter any spam if it generates from a valid Gmail address. Google chose to not track the bug as a known security flaw last year since it did not affect data integrity or confidentiality. Their stance on this issue is not known this time around except that the team is trying to resolve the issue for all users.