The Information Security Research Team reported that Gmail is vulnerable to a "man in the middle" attack that could enable a spammer to send thousands of messages through the service's SMTP server without being detected, and to bypass identity fraud safeguards and the 500-address limit on bulk mail.

According to INSERT, one of the serious impacts of the potential for Gmail to be used in sending spam is the level of trust that exists between the major free email services, Gmail, Yahoo! and Microsoft's Hotmail. In the whitelist- and blacklist-reliant system used in a great deal of spam filtering, the big three email services are extremely well regarded. This could enable spam emails sent from Gmail, a trusted source, to make their way into inboxes.

INSERT says it tested the theory and found spoofed emails sent using the flaw making their way directly into Yahoo! and Hotmail inboxes.

The dual impact of that situation on a large scale would be that spam filtering would become less effective - with much more spam reaching inboxes - and more difficult - combating that kind of access would necessitate a decrease of trust between major email providers.

As of Tuesday morning, it was not clear whether the loophole has been closed yet, but it is probably safe to assume that Google has either already fixed, or will soon fix, the flaw. INSERT posted an update Monday afternoon saying the exploit was still possible.

INSERT says the report is notable largely as an illustration of the fact that in an ecosystem that relies on trust, as is the case with spam filtering, a lack of verification means a security flaw in one product can quickly compromise other products.