We just got an user impersonated email from a consumer gmail. Wondering if anyone has seen where they use an encoding of the From header as shown below. Google shows this as "From: Impersonated User <random@gmail.com>"
This is completely new to me, and I've opened a case with Google and Mimecast to investigate if this is some sort of injection technique being used. My guess is that the sender used SMTP so that they could modify the header From because I'm not sure where you would modify this in the GUI...
From: =?UTF-8?B?ThisIsTheImpersonatedUsersName?= <some random numbers@gmail.com
