Google Mail flaw makes Open Relay

Google Mail's servers have a security flaw which could allow spammers to send unlimited amounts of spam. Given that most other providers trust gmail, this means that lots of spam could get through due to google being whitelisted. I don't *think* it affects the security of arbitrary accounts on gmail, so for individual users, no action is needed.

Whilst whitelisting for email providers is generally a good thing, it does highlight that whitelisted emails do need to be verified periodically as even trusted sources can have problems.

As I write, there is no comment from the gmail blog. The last post they made was about how to search emails.

The attack appears to be 'man in the middle' and so relies upon an interception between you and your account (or indeed, for you to be the bad guy to send spam). For most people this will mean that their computer has been taken over by a virus, or their ISP is dodgy (unlikely if the ISP wants to stay in business... but then there is phorm). However, a man in the middle attack could be more likely in a setting like an internet café. In other words, the attacker needs to get in between the user and gmail.

It seems the most likely attack would be for the spammer to open a gmail account, use it directly to spam, and then move on if it got blocked.

The details aren't fully published, and I'm a little out of my comfort zone, so I'm speculating a bit - however, I'd be surprised if this wasn't patched quickly.