Published in News

Gmail a spamming service?

by on13 May 2008

Image

Major Security Flaw can be exploited

A recent security report claims that there exists a "serious security flaw" in Gmail that can turn Google's e-mail service into a spamming machine.

The warning has been issued by the Information Security Research Team (INSERT), which claims that it has created a proof of concept to exploit the “trust hierarchy” among e-mail services providers.

INSERT claims that a flaw exists in the method in which Google forwards e-mail messages; and this flaw can allow spammers to send thousands of ‘bulk’ e-mails through Google’s SMTP service. INSERT says that the flaw allows spammers to bypass Google’s e-mail limit of 500 addresses and its identity fraud protections currently available.

INSERT’s report claims that because Gmail falls into a “trusted-whitelist” category, it is not difficult to create message that will bypass spam filters. The report claims that by connecting to SMTP and HTTP servers it is not difficult to exploit a Gmail account and gain almost complete access to Google’s huge whitelist SMTP relay infrastructure.

Google had no comment on the report, but we are certain they are looking into these allegations and addressing them.

Last modified on 13 May 2008
Rate this item
(0 votes)