Google Mail Servers Enable Backscatter Spam

Mike Morris writes "Google email servers are responsible for a large volume of backscatter spam. No recipient validation is being performed for the domains googlegroups.com and blogger.com — possibly for other Google domains as well, but these two have been confirmed. (You can test this by sending an email to a bogus address in either of the domains; you'll quickly get a Google-generated bounce message.) Consequently spammers are able to launch dictionary attacks against these domains using forged envelope sender addresses. The owners of these forged addresses are then inundated with the bounce messages generated by the Google mail servers. The proper behavior would be for the mail servers to reject email traffic to non-existent users during the initial SMTP transaction. Attempts at contacting them via abuse@google.com and postmaster@google.com have gone unanswered for quite some time. Only automated responses are received which say Google isn't doing anything wrong."

Re:*goes change his gmail password*

[kylehase]

I take it you weren't using noscript.

Re:*goes change his gmail password*

[lnjasdpppun]

How about the fact that I get someone elses emails in my account (and they probably get mine in theirs)?

As far as I can tell it's caused by Google ignoring '.' in any email address, I have the account [lastname].[first initial]@gmail.com and someone else has [lastname][first initial]@gmail.com (don't ask me how they let us both sign up with the 'same' address).