According to Cotten, if users manipulate the "from" header in a specific way, they can hide their details from displaying in the gmail inbox of the recipient, instead just displaying the email's subject line.
Once the email is opened, the sender's address is still left blank, while replying to the message also does not reveal the sender's identity.
To uncover the sender's address, Cotten said, users must navigate to the raw info section of the show original option – a process most Gmail users won't know about.
This bug provides significant opportunities for phishing scammers to position their emails as system notifications – asking users to click on links to secure their accounts, for example.
Just a few days ago, Cotten also highlighted how it was possible to replace a sender's address with a fake address in Gmail.