Security flaw turns Gmail into open-relay server
A recently-discovered flaw in Gmail is capable of turning Google’s e-mail service into a highly effective spam machine. According to the Information Security Research Team (INSERT), Gmail is susceptible to a man-in-the-middle attack that allows a spammer to send thousands of bulk e-mails through Google’s SMTP service without fear of detection. This attack bypasses both Google’s identity fraud protection mechanisms and the current 500-address limit on bulk e-mail.
A flaw in Gmail that allows spammers to send a potentially unlimited number of messages is definitely a problem, but there’s another, external factor that could exacerbate any potential spam attack. As the volume of spam has risenÃ¢â‚¬â€it currently accounts for 95 percent of all e-mail trafficÃ¢â‚¬â€many e-mail providers have adopted whitelists and blacklists as a first line of defense against the flood. An e-mail from email@example.com (or the corresponding IP address block) may be automatically blocked by any given e-mail service, while an e-mail from a trusted, authenticated source such as Gmail is automatically allowed through the gateway.
Full story: arstechnica.com