That Spam in Your Gmail 'Sent' Folder Is Harmless

Quick! Check your Gmail account. Did you find anything out-of-the-ordinary in your Spam folder? If not, you can return to your Simpsons rerun, but if so, read on.

Credit: Google

(Image credit: Google)

Multiple Gmail users have reported spam messages appearing in their "Sent" folders — even if they've locked their accounts down with two-factor authentication and carefully monitored their login locations.

Is there an insidious plot to break into Google’s usually-ironclad email servers? Short answer: No. Longer answer: No, and your account is safe. But how those messages got there is still pretty interesting.

MORE: Best Antivirus Software

The first person to report the problem was Louis Morton, a Gmail user who posted on the Google product forums about his woes. He found three spammy messages in his “Sent” folder and immediately changed his password. However, two more messages appeared in his Sent folder after that, leaving him in serious doubt about his email account's security.

Other Gmail users chimed in with similar experiences, even if they had two-factor authentication enabled. (Finding an old Gmail password in a data breach isn’t that hard; fooling a two-factor authenticated account is hard to do unless you steal someone's phone number.)

Mashable contacted Google and got to the bottom of the issue. For once, there really doesn’t seem to be any cause for concern.

Google explained that no one 's account had been compromised. Rather, Gmail’s algorithms accidentally outsmarted themselves. Your information is safe; there’s nothing you need to do, and better still, Google is already correcting the issue.

"This attempt involved forged email headers that made it appear as if users were receiving emails from themselves," a Google representative explained, "which made it appear as if users were receiving emails from themselves, which also led to those messages erroneously appearing in the Sent folder."

In other words: Spammers spoof email addresses all the time. They can register a throwaway account with any dodgy email service, then use a little bit of coding to make it seem like the email is coming from anyone — a government agency, a telecom company or even your private Gmail account. This kind of spoofing is annoying, but not technically harmful (unless someone believes the spam or phishing e-mail is really from you).

However, when Gmail parsed these spoofed email headers, it assumed that the messages were coming from the spoofed accounts. As such, it moved copies of the spam emails into legitimate users' Sent folders. This is obnoxious — and a little alarming, as some users found — but there's no security flaw at work here. It’s just a misclassification, which Google will have sorted out shortly.

So if you've seen spam emails in your Sent folder, rest easy. No one has infiltrated your account, and you haven't actually sent suspicious emails to anyone.

The bad news, of course, is that your friends and family may have received spam from an email address that looks exactly like yours. All you can do is hope that they're smart enough to not click anything — and maybe recommend that they install a decent antivirus suite.

Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.