Google Fixes Gmail Spoofing Vulnerability
Google has fixed a security issue affecting Gmail and G Suite that could have been exploited to spoof email messages and make them appear to be compliant with Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Google was notified of the issue on April 3, 2020.
The first exploit takes advantage of an internal server which is trusted to relay email, which can potentially work on any email service. Make sure that your email relays are configured to relay email only from authorized services and verify which domains can send email on your behalf. Make sure you verify your SPF, DKIM, and DMARC settings are set and working as intended.