Avanan states that threat actors can utilize Google's SMTP relay service to spoof other Gmail tenants without being detected, as long as those domains do not have a DMARC policy configured with the 'reject' directive.
Support the originator by clicking the read the rest link below.