Security flaw turns Gmail into open-relay server

Found on Ars Technica on Saturday, 10 May 2008

A recently-discovered flaw in Gmail is capable of turning Google's e-mail service into a highly effective spam machine.

An e-mail from johdoe@awinnerisyou.com (or the corresponding IP address block) may be automatically blocked by any given e-mail service, while an e-mail from a trusted, authenticated source such as Gmail is automatically allowed through the gateway.

E-mail sent to Yahoo and Hotmail from a blacklisted IP didn't even necessarily reach the account's spam box, while forged e-mail sent via Gmail always arrived in the intended account's inbox.

The question is why to trust Gmail more than others at all. If large volumes of spam originate from Google servers, put them on RBL's, just like every other spam source.

Browse all articles« Previous « » Next »