Google Groups Posting Security Loop hole….

 Today I found out an important security loop hole in Google groups which is related to posting of messages

I am a owner of a small Proxy Google group  with 1000 members  and only I had the right to post and moderate messages.Today a  noticed a couple of management tasks pending(Pending messages) in my Group,even though I have not given posting permissions to anybody…

After that I  reviewed the messages which were spam sent through anonymailer.net

Google groups has a  posting defect which allows any non-moderator and non google account holder to post messages directly by using the Group owners email address…

To check this I also sent out a mail to my proxy group using  a php script by using my mail address (Group owner mail address)

To check for yourself   go to

http://www.anonymailer.net/

Example: http://groups.google.com/group/unblocktheblocked ( I am taking this proxy group as example)

From address:unblocktheblocked@gmail.com (Owner address)

To address  :unblocktheblocked@googlegroups.com

subject: New asdpasdpaspdasd (Any thing)

Message: asdasdasdasdas(Any thing)

Sender :unblocker(some name)

then  submit it  and after few minutes you will notice a new post  http://groups.google.com/group/unblocktheblocked

Thus it Google  groups allows even a non google account holder to post message where it should not allow emails from masked addresses….