A recent study by Information Security Research Team(INSERT) has revealed flaws in Google's e-mail service turning Gmail into a highly effective spam machine. According to the INSERT, Gmail is susceptible to a man-in-the-middle attack that allows a spammer to send thousands of bulk e-mails through Google's SMTP service. Despite the fact that Google has identity fraud protection mechanisms and a limit of 500-messages on bulk e-mail but still allows spammers to send a potentially unlimited number of messages .The attack specifically exploits Gmail’s email forwarding functionality.
Situation seems even worse when we consider the fact that E-mail that originates from Google, are well-regarded by both Yahoo and Hotmail. If you try to send spam mails directly to Yahoo and Hotmail from a blacklisted IP, mails don't even necessarily reach the account's spam box, while forged e-mail sent via Gmail always arrived in the intended account's inbox. Hence exploiting the trust hierarchy among Email Servers.
As Spam messages represents 95% of all email communications, it is simply not feasible to apply the full power of spam filtering to every single message that is received by email servers. Thus to tackle this problem Servers do blacklisting of IP addresses of spam ofenders . This way, messages from blacklisted IP's are reject before even entering the system, and whitelisted addresses are granted ' to bypass most of the filters.
Source: Information Security Research Team
Situation seems even worse when we consider the fact that E-mail that originates from Google, are well-regarded by both Yahoo and Hotmail. If you try to send spam mails directly to Yahoo and Hotmail from a blacklisted IP, mails don't even necessarily reach the account's spam box, while forged e-mail sent via Gmail always arrived in the intended account's inbox. Hence exploiting the trust hierarchy among Email Servers.
As Spam messages represents 95% of all email communications, it is simply not feasible to apply the full power of spam filtering to every single message that is received by email servers. Thus to tackle this problem Servers do blacklisting of IP addresses of spam ofenders . This way, messages from blacklisted IP's are reject before even entering the system, and whitelisted addresses are granted ' to bypass most of the filters.
Source: Information Security Research Team
Sphere: Related Content
No comments:
Post a Comment