It sounds like you're experiencing a joe job. This is typically a pain in the ass that most Internet users have to put up with at least once or twice a year though Google/Gmail has gotten good at catching a lot of the return flak.

The typical "consequences" are the occasional snotty e-mail from idiots who won't care to understand the concept of joe jobbing even if you explain it to them twenty times over (so don't bother, it makes them angrier to know there's a real person behind the "spamming.") Unless you've flagrantly neglected your account in some way, there is typically no penalty from Google (in all the cases I'm familiar with).
posted by wackybrit at 11:26 PM on October 19, 2010

You are 100% powerless, but you should know this: if someone complains about this, it is the *recipient's* mail server's fault. Gmail uses DKIM and SPF, and if someone receives the e-mail it means they are not checking DKIM/SPF.
posted by devnull at 11:51 PM on October 19, 2010

devnull, I'm not sure I understand your comment. I understand it to mean that this kind of thing shouldn't get through to Gmail accounts, yet I have received multiple messages of this nature (including identical multiples from the same alleged sender) to my gmail account.
posted by Lebannen at 2:29 AM on October 20, 2010

Lebannen, I meant from the other direction. If someone receives a forged e-mail claiming to be from you, and they complain to you about it, your response would be that their mail server (not gmail's mail server) is to blame.

For mailer bouncers to e-mails which you didn't send, gmail is arguably responsible.
posted by devnull at 3:01 AM on October 20, 2010

See if you can get somebody to send you one of the bogus emails complete with all headers, and make sure it wasn't actually sent from Gmail. If it was, your Gmail account password has been cracked and you need to (a) change it to a strong one (b) use Gmail's "Sign out all other sessions" feature (c) comb all your saved mail for credit card numbers, bank account details and whatnot that will have been harvested for ID theft purposes. If that is in fact what has happened to you, treat it as an opportunity to upgrade your password handling practices.
posted by flabdablet at 8:22 AM on October 20, 2010

This happened with increasing frequency to my husband just a few days before his Gmail account was completely taken over. Seconding fladablet to change your passwords and your recovery (secondary) email address. Also make sure there is no forwarding address in your Gmail that you did not put there.
posted by click at 8:52 AM on October 20, 2010

Recovery questions are often a bad security hole. My own Gmail recovery question is "What are you, stupid?" and the correct answer is another password, also stored in my KeePassX safe, that's just as strong as the main one.
posted by flabdablet at 9:16 AM on October 20, 2010

This thread is closed to new comments.