According to a recent report by the Information Security Research Team, a flaw in Google’s email service makes it vulnerable to becoming a massive spam machine. The team claims to have successfully created a proof of concept exploiting the “trust hierarchy” that exists between mail service providers, allowing them to send 4000+ messages in a short period of time from a single account.
The study explains that IP addresses of spam offenders are often blacklisted, while those of known good sources – such as Gmail – are immune to most spam filtering. The vulnerability enables a malicious user to bypass these blacklist / white-list based email filters and freely forge all fields in an email message by having Google’s SMTP servers tricked into functioning as open SMTP relays. There has been no official comment by Google on this matter yet, but hopefully the problem will be resolved in short order.