<<< Date Index >>>     <<< Thread Index >>>

Re: Exploiting Google MX servers as Open SMTP Relays




> From: <pablo.ximenes@xxxxxxx>
> Date: 7 May 2008 20:37:46 -0000
> To: <bugtraq@xxxxxxxxxxxxxxxxx>
> Subject: Exploiting Google MX servers as Open SMTP Relays
> 
> 
> Vulnerability Report:
> 
> As part of our recent work on the trust hierarchy that exists among email
> providers throughout the Internet, we have uncovered a serious security flaw
> in Ggoogle's free email service, Gmail.
> 
> Disclosure:
> We have contacted Google about this issue and are waiting for their position
> before releasing further details.
> 

Don't hold our breath.. I have tried to get them to close this very hole for
maybe a year now.

(see/'google' for posts in bugtraq and spamassassin users group showing
headers from unrelated domains sending spam through google mail servers..
They ignore the emails to abuse@xxxxxxxxxx)


-- 
Michael Scheidell, CTO
>|SECNAP Network Security
Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________