Security flaw turns Gmail into open-relay server

by admin May 11, 2008 at 2:33 pm

A recently-discovered flaw in Gmail is capable of turning Google’s e-mail service into a highly effective spam machine. According to the Information Security Research Team (INSERT), Gmail is susceptible to a man-in-the-middle attack that allows a spammer to send thousands of bulk e-mails through Google’s SMTP service without fear of detection. This attack bypasses both Google’s identity fraud protection mechanisms and the current 500-address limit on bulk e-mail.

A flaw in Gmail that allows spammers to send a potentially unlimited number of messages is definitely a problem, but there’s another, external factor that could exacerbate any potential spam attack. As the volume of spam has risen—it currently accounts for 95 percent of all e-mail traffic—many e-mail providers have adopted whitelists and blacklists as a first line of defense against the flood. An e-mail from (or the corresponding IP address block) may be automatically blocked by any given e-mail service, while an e-mail from a trusted, authenticated source such as Gmail is automatically allowed through the gateway.

Full story: