PSA: To those of you who use Gmail linked accounts, beware

CrzRsn

So long, and thanks for all the fish
Joined
Mar 6, 2005
Messages
17,444
Location
Motor City, Michigan
Car(s)
13 Ford Mustang GT, 17 Ford Fiesta ST
I just discovered something about concerning about Gmail's linked account feature, and figured I'd warn the rest of you guys.

I have several emails that I use for various purposes, as I'm sure many of you do too. Namely a general purpose one for friends and family, a professional one for my bank, credit cards, insurance company, etc and a burner for craigslist buying/selling. For ease of use and convenience, I have them all linked together in Gmail, which is a Gmail offered feature, not 3rd party plugin. This allows me to select which email address I send from when composing a new email.

FnQPNj9.png


Well, I just was emailing someone about something I wanted to buy, thinking its from my professional email address. Went to the store to pick up what I ordered, and the invoice had my personal email for family/friends. I was certain I emailed him from my professional account. Maybe I made a mistake and forgot to switch the accounts? Just got home, and nope, I emailed him from my professional account, but somehow he received it from my personal account.

dH6yhrk.png


If you ask me, this is a huge oversight. If Google is going to provide this functionality, its expected to work properly and not give away one account when I email someone from another. How many finance companies and banks now have seen my less than professional personal account? How many craigslist people have seen an account tied to my identity?

So if you use this feature, beware.
 
Last edited:
I get that is to make it easier to check your email, but I think it is the main account is where the email will be sent from. That is why I do it all the old school way, signing into and out of each email account just to make sure that I am not mixing up where things are being sent to and from. It does make things a bit less easy, but it is more secure this way, and that is more important to me.
 
I get that is to make it easier to check your email, but I think it is the main account is where the email will be sent from. That is why I do it all the old school way, signing into and out of each email account just to make sure that I am not mixing up where things are being sent to and from. It does make things a bit less easy, but it is more secure this way, and that is more important to me.

Just did some experimenting with Victor. Sent him an email from each account to test the functionality, and in Gmail he saw the correct 'from' lines for each account. However when I sent an email to my work email and opened it in Outlook I saw "cr***@gmail.com on behalf of M**** <mi*****@gmail.com>".

So its just an alias, and its client dependent on how its displayed. And since my bank and insurance company and credit card companies all probably use Outlook, I've been making a fool of myself for years.

Digging further into it, its actually all in the header. The code shows that its sending from cr***@gmail.com and merely displaying as from the other one. It also has code in there for the recipient's client to reply back to the sending address.
 
This is fixable.

Right now when you send emails as your secondary account, they're actually coming from your primary account just with parameters set to being "From: Secondary" and such. In the headers, your primary address is revealed because that's who is actually sending it.

In order to fix this, you need to actually send emails from your secondary account using SMTP.

When you add the extra account, or edit it, you need to get it to prompt you for SMTP credentials. Instead of "Save Changes", it should show you "Next Step" and then you can enter "smtp.gmail.com" and all that.

See https://support.google.com/mail/answer/22370?hl=en&rd=1
 
Not seeing anywhere to add SMTP credentials.

Though it does have a checkbox to "Treat as an alias." Never seen that before. Lets see if unchecking that fixes it.

EDIT: Nope, thats not right

https://support.google.com/a/answer/1710338?ctx=gmail&hl=en&authuser=0&rd=1

My just added @....edu email does have SMTP settings, but the Gmail ones don't.

EDIT 2: Yeah in the linked page it has this note

If the address you?re adding is hosted by Google (either a Google Apps account or a @gmail.com address), your original address will still be included in your email header's sender field to help prevent your mail from being marked as spam. Most email clients don't display the sender field, though some versions of Microsoft Outlook may display "From yourusername@gmail.com on behalf of customaddress@mydomain.com."
 
Last edited:
Top