Threat Center Security News Gmail Can Be Redirected to Fire Spam
Gmail Can Be Redirected to Fire Spam Print E-mail
Written by Rebecca Mints   
Thursday, 08 May 2008 18:00

The "trust hierarchy" that lies between mail service providers has been found to be exploitable, and the Information Security Research Team (also known as INSERT) has developed a proof of concept demonstrating just that. By exploiting the method that Gmail uses to forward messages, INSERT was able to send 4000 messages very quickly. And without any recourse from Google either.

Many spammers like to use Google as an open email relay because Gmail is most always trusted by email providers. Gmail is thus not susceptible to most spam filtering.

Taken from INSERT's proof of concept: "Since the messages are delivered by Google’s own servers, an attack based on this flaw is able to bypass all spam filters that are based on the blacklist / whitelist concept. We were able to confirm that this vulnerability is indeed exploitable by crafting a proof of concept attack that allowed us to send forged email messages unrestrictedly through Google’s server infrastructure."

Google has yet to acknowledge the comment or show any concern. While they have had to deal with bigger issues such as the one that let hackers steal cookies or when contact lists were exposed, this would and should be a high priority for them.

Gmail can be used as “Spam Bazooka”


WTW Threat Level