Writing an email pretending to be for example You, can be very easy, if your company has not implemented measures against this. Google is very good at what the do, and they do take these issues seriously. But the reality is that their user base is so vast and heterogenous that even Google can not do it properly...
Take a test: DMarcian Phisholator.
I have implemented email security for company email:
- Sender Policy Framework (SPF) is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain.
- DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain's administrators.
- Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system designed to detect and prevent email spoofing. It is build upon SPF and DKIM, DMARC policy describes to the email receiving organisation that if the checks do not pass, what to do. Nothing at all, or reject at once. DMARC policy also describes reporting means for your organisation, so that you can be aware of what is going on in the name of your company.
These technologies combined guarantee that your company mail can not be abused and for example your subordinates will not receive email seemingly signed by you but being fake.
If you got interested, please contact me for a discuss.