gmail – Do email providers somehow validate/control “Send email as: ” feature?

Let’s start with, “What if a scammer pretends to be a bank ? It looks like it’s very much possible to send an email as There must be some sort of protection against this?

This is why we have standards such as Sender Policy Framewark (SPF). can (should) publish an SPF record in its DNS to specify the SMTP servers that are authorized to send mail from senders at If a spoofer tries to send a message appearing to be from *, he is unlikely to be able to relay the message through one of’s SMTP servers. If he tries to send the message through a SMTP server other than one that is designated in the SPF record for, the recipient’s spam filter would likely detect this mismatch and determine that there is a high likelihood that this message was spoofed.

So, how does Gmail provide its ‘send email as:’ feature, without breaking SPF?

See, where it explains how to use this service. Note where it reads,

For school or work accounts, enter the SMTP server (for example, or and the username and password
on that account.

As you can see, Gmail relays the message through the SMTP server that is already designated for that domain. This avoids breaking SPF.