Plenty of dumps of stolen personal Gmail usernames+passwords, that anyone can feed into a bot that will use browser automation to sign into Gmail on those accounts and “hand write” some spam messages to send.
(If you haven’t realized, this is why Gmail has SMTP message origination disabled by default — these days requiring not only enabling it for your Gmail account, but also fiddling with app passwords to get it working. If it was enabled by default, the “spam from stolen credentials” problem would be so, so much worse. Whereas, at least with the webapp route, Google can block you if you look like a bot [i.e. if you’re doing an insufficiently good job at fooling them.])
I've seen mail from my work Google Workspace that I sent to my own personal Gmail get flagged as spam. It's me sending to me. Google to Google. Logged into both account on the same computer.
If anything I'm nervous to recommend Google because they flag too many legitimate emails as spam. After years of not checking, I'm checking spam again.
> mail from my work Google Workspace that I sent to my own personal Gmail
Does your company do outbound marketing/sales?
I've seen multiple companies spin up outbound email marketing campaigns where someone compiles a list of 5000 email addresses based on certain demographics, and then send automated emails (that look not automated) over the course of a month, rinse, repeat. Google Workspace will let you do this, but if you're too aggressive with email volume it can kill the reputation, and therefore deliverability of any email from that domain.
(Which is why most companies send outbound sales emails from a domain other than their primary domain to separate out the sending domain reputation)
