Gmail users on the weekend complained of spam filling up their inboxes, all appearing to be sent by our Canadian wireless carrier, Telus.
Google’s email product forums saw numerous users seeking help, as emails appeared in their Sent folders noting “via Telus”. Those who changed passwords and had two-factor authentication enabled were affected.
The issue was fixed late Sunday, as a Telus spokesperson told iPhone in Canada in a statement:
We identified spam emails that were disguised to appear as if they came from telus.com. We can confirm the messages were not generated by TELUS, nor were they sent from our server. We worked with our 3rd party vendors to resolve the issue, and continue to advise our customers not to respond to any suspicious emails. https://www.telus.com/en/bc/support/article/identity-theft-fraud
When pressed for exact details on what had caused this issue, Telus did not provide any extra information, aside from the statement above.
One user named ryan-c on Hacker News attempted to break down what possibly happened:
Telus has this entry:
Reading RFC 7208, that would be expanded to
which means if that any record exists at that name, it will pass.
dig +short cl.126.96.36.199.fr.reply.f2.telus.com.spf.nssi.telus.com
trying a few other values, it seems that telus.com is saying ALL IP addresses are allowed to send for it.
This is not a "third party issue". This was an error by telus. You guys had set up your email server to allow ANY IP to send email as coming from https://t.co/MbQ92GgDpM!
— J McGregor-Coope (@ComradeCoope) April 22, 2018
According to a Google spokesperson (via Mashable), they took action to fix this “spam campaign”:
We are aware of a spam campaign impacting a small subset of Gmail users and have actively taken measures to protect against it. This attempt involved forged email headers that made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder. We have identified and are reclassifying all offending emails as spam, and have no reason to believe any accounts were compromised as part of this incident.
Image of Gmail spam email which appeared to be sent ‘via Telus’
Did your Gmail account send out any spoofing emails appearing from Telus?