Exploiting Google mail servers as open SMTP relays – ( securityfocus.com )

Gmail’s normal approach to messages sent though its SMTP service is to rewrite some of the Message Body headers to prevent identity fraud. By exploiting this flaw, an attacker can easily bypass this restriction. This happens because attack messages are disguised as legitimately destined to a compromised account. This way, Gmail will deliver the message to the attack target without modifying any of the Message Body Headers, and more importantly, it will preserve even forged sender’s identity information intact. Since the attack message can be forged at the attacker’s will and can be forwarded by Google’s servers any number of times, this vulnerability is a major spam and phishing threat concern.

More info here – http://ece.uprm.edu/~andre/insert/gmail.html

There aren’t many publicly released details yet though I do hope that they come clean on this.

In any case, I’ve recently received a fair bit of spam from a few MSN email accounts – a sign of either a broken sign up verification process or some spammer who’s decided to go manual with legions of minions working away in virtual sweatshops. They were caught by Spamassassin but even so, they managed to pass the usual RBL checks by using MSN/Hotmail’s SMTP relays. Clearly, be it a mutual relationship or a one-way thing, it’s a good time to review the trust relationships between free email service providers and your organization.

Related posts:

1. From Port 25 to the World
2. backscatter mail
3. gmail attacks
4. Community DNS
5. PHPBB2 Attack – a user’s perspective

1. pat Says:
   May 9th, 2008 at 10:09 pm

   ben!! we missed you today! you missed class photo-taking! :( anyways, hope you’re fine!