A "serious security flaw" in Gmail turns Google's e-mail service into a spamming machine, according to a recent security report.
INSERT, the Information Security Research Team, has created a proof of concept that exploits the "trust hierarchy" that exists between mail service providers. By exploiting a flaw in the way Google forwards messages, a spammer can send thousands of bulk e-mails through Google's SMTP service, bypassing Google's 500-address bulk e-mail limit and identity fraud protections.
Want to know more?
For all the latest news, analysis and opinion on security, click here
The report notes that with the rising volume of spam, e-mail providers have turned to whitelists and blacklists to help root out IP addresses of known spammers. Because, Gmail falls into the trusted whitelist category, messages are allowed "carte blanche" to bypass spam filtering.
INSERT's report notes that no extraordinary Internet expertise is necessary to exploit the flaw:
In this regard, this document presents a vulnerability report and a proof of concept attack that demonstrate how anyone with no special Internet access privileges other than being able to connect to SMTP (TCP port 25) and HTTP (TCP port 80) servers is able to exploit a single Gmail Account in order to be granted nearly unrestricted access to Google's massive white-listed SMTP relay infrastructure.
Google has offered no official comment on the report.
It happened to my Gmail account last week. The only offering Google Help could make is 'Change your password'.
Thankfully It worked, but not after may entire email list was spammed twice and all my contacts delete by the spam software.
A lot of friends and business contacts lost an no comment from Google.