fyi: post in bugtraq. You may wish to look for and remove any whitelists
based on google, googlegroups, or gmail accounts until google fixes this.

--=20
Michael Scheidell, CTO
>|SECNAP Network Security

Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer

------ Forwarded Message
> From:
> Date: 7 May 2008 20:37:46 -0000
> To:
> Subject: Exploiting Google MX servers as Open SMTP Relays
>=20
>=20
> Vulnerability Report:
>=20
> As part of our recent work on the trust hierarchy that exists among email
> providers throughout the Internet, we have uncovered a serious security f=

law
> in Ggoogle's free email service, Gmail. This vulnerability exposes Google=

's
> email servers in a way that allows an attacker to use them as open spam a=

nd
> phishing relays. This issue is related to the risk of a malicious user ab=

using
> Gmail's email forwarding functionality. This is possible because Gmail's =

email
> forwarding functionality does not impose proper security restrictions dur=

ing
> its setup process and can be easily subverted. By exploiting this problem=

an
> attacker can send unlimited spam and phishing (i.e. forged) email message=

s
> that are delivered by Google's very own SMTP servers. Since the messages =

are
> delivered by Google's own servers, an attack based on this flaw is able t=

o
> bypass all spam filters that are based on the blacklist / whitelist conce=

pt.
> We were able to confirm that this vulnerability is indeed exploitable b
> y crafting a proof of concept attack that allowed us to send any number =

of
> forged email messages without restriction through Google's server
> infrastructure. We have also verified that this flaw allows attackers to
> bypass spam filters by using our method to send messages that are usually
> flagged as spam. While sending these messages directly from our network i=

n the
> traditional way had the messages classified as spam, by sending the very =

same
> messages using our exploit, the messages were delivered directly to the
> victim's inbox, thus bypassing filters.
>=20
> Impact:
>=20
> All email providers that offer Google's SMTP servers any special level of
> trust (e.g. whitelist status) are vulnerable.
>=20
> Disclosure:
> We have contacted Google about this issue and are waiting for their posit=

ion
> before releasing further details.
>=20
> For more information, visit our homepage:
> http://ece.uprm.edu/~andre/insert
>=20
>=20
> Regards,=20
>=20
>=20
> Pablo Ximenes, Andr=E9 dos Santos
>=20
> INSERT - Information Security Research Team
> University of PR at Mayaguez (UPRM), USA
> State University of Cear=E1 (UECE), Brazil
>=20
> pablo.ximenes@upr.edu, andre@dossantos.org
>=20


------ End of Forwarded Message

__________________________________________________ _______________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
__________________________________________________ _______________________