Gmail open relay exploit?May 7th, 2008, by dcawley
A vulnerability report posted to the BugTraq section of the SecurityFocus website suggests that Gmail smtp servers can be abused by spammers. For the moment the exact details of the attack are not being disclosed to give Google an opportunity to respond to these claims.
The report gives a high level description of the vulnerability as follows:
This issue is related to the risk of a malicious user abusing Gmail’s email forwarding functionality. This is possible because Gmail’s email forwarding functionality does not impose proper security restrictions during its setup process and can be easily subverted. By exploiting this problem an attacker can send unlimited spam and phishing (i.e. forged) email messages that are delivered by Google’s very own SMTP servers.
Pablo Ximenes claims that this technique can be used to circumvent spam filters that use whitelists and that they’ve developed a proof of concept attack that enabled them to e-mail out forged messages without any rate restrictions.