Due to missing verification when configuring mail routes, both Gmail’s and any G Suite customer’s strict DMARC/SPF policy may be subverted by using G Suite’s mail routing rules to relay and grant authenticity to fraudulent messages. This is notably not the same as classic mail spoofing of yesteryear in which the From header is given an arbitrary value, a technique which is easily blocked by mail servers using the Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC).