In the last couple of days, we've learned the free GMail email service from Google is not secure, and can be compromised for use as an open spam relay.  This is disturbing from a technical standpoint, but what does it mean for small and medium businesses, regardless of whether or not they use GMail?  Quite a lot, potentially.

A common practice for mailserver admins is to "whitelist", or implicitly trust, email that comes from certain domains, such as Yahoo or Google.  This trust is granted because of the reputations these companies have earned for battling spam, as well as their well-discussed security practices with regards to email.  The problem is, in this case, Google has not lived up to its end of the bargain.  Researchers have discovered that email spammers can use Google mailservers as an open door to distribute spam to the internet, using the GMail domain as the sender.  The end result is that spam is being "whitelisted" because it is coming from a Google server, and being passed directly to user email accounts.

Until Google announces the underlying technical issues have been resolved, the conservative course of action for mailserver admins is to remove Google from its email whitelist.