While playing around with gmail, I found out that you can send from any smtp server emails to gmail pretending you are someone else's gmail account. There is no way of seeing from gmail that it isn't the trusted sender. The fake email is associated with social details from the real account. Weird right?