Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Mail Servers Enable Backscatter Spam

Posted by kdawson on from the ricochet-attack dept.

Mike Morris writes "Google email servers are responsible for a large volume of backscatter spam. No recipient validation is being performed for the domains googlegroups.com and blogger.com — possibly for other Google domains as well, but these two have been confirmed. (You can test this by sending an email to a bogus address in either of the domains; you'll quickly get a Google-generated bounce message.) Consequently spammers are able to launch dictionary attacks against these domains using forged envelope sender addresses. The owners of these forged addresses are then inundated with the bounce messages generated by the Google mail servers. The proper behavior would be for the mail servers to reject email traffic to non-existent users during the initial SMTP transaction. Attempts at contacting them via abuse@google.com and postmaster@google.com have gone unanswered for quite some time. Only automated responses are received which say Google isn't doing anything wrong."

2 of 344 comments (clear)

  1. Change the slogn by pcause · · Score: 0, Redundant

    I guess the slogan needs to change from "Do no evil" to "Do nothing about the evil".

  2. Re:A suggestion for Gmail spam-fighting by shanen · · Score: 0, Redundant

    I'm not suggesting it is an ultimate solution, but I do believe there is a certain amount of wisdom in most crowds of people. The Japanese expression is "San nin wa Monju no chie" (Very loosely translated as 'Three people have the wisdom of Buddha').

    More than that, I believe almost any weapon can contribute to making it harder for the spammers to intrude on my life. SpamCop is actually pretty good as far as it goes, but it doesn't go very far. I think their real problem is that they are now owned by Cisco, and Cisco's customers are mostly the backbone people. You can even argue that the backbone people have the ultimate powers over the Internet--but they don't care how much spam they transmit as long as someone is paying them for the packets.

    Google is in a different position, however. They really do have a vested interest in making Gmail valuable as an email system--and spam is the #1 liability of email.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.