And I wondered why my Spam box was topping 200 per day.

Its been in BETA too long. And I would have expected more of google then to allow this blatant error.

It's apparently already fixed.

http://blogs.zdnet.com/Google/?p=434

Not sure what the zdnet reference is, but it isn't fixed yet for me!

I'm glad its fixed, at least I know that I am not the only one keeping a bunch of Google products open in Firefox all day.

It is most definitely not fixed. The "fix" mentioned is for "video.google.com" not "docs.google.com"

Thomas

Sure, until this is fixed I will logout when not using gmail. Previous harvesting of gmail is both eerie and inconsistent. Early on I got six gmail accounts which I have not yet used except for a monthly login and out. Names were specifically selected with numbers & punctuation & no vowels. I have a couple of gmail accounts which I use daily and which are recorded in many public places. Result? One of the published accounts and three of the unused accounts get the same rate of spam. The other published account and other three unused accounts get no spam at all.

This happend to my last gmail account my new one got no spam at all

Does it really matter how much spam you get? You never have to see it and you don't have to download the extra mail like you would with a normal POP3 account.

Thanks for pointing to this issue, this explains why gmail’s spam filter algo does outstanding work in detecting spam (99.9%).

Does it matter? I get 70 spam emails every day. I get about one or two a month that make it past the filters. On most other mail services, it's the other way around!

Yea. A few weeks ago I suddenly started getting spam in my spam folder... I've never gotten spam in my GMail before. It was disappointed to say the least. I know how about 5-7 spam messages in my GMail account daily. Yea, not exactly hundreds, but it used to be 0-1...

I never get spam in my inbox. I do have over 6000 emails in the spam box though. I used to get spam in my inbox but then I wrote a filter that picks up spam emails that got past gmail's filter and then archives them and gives them a label, so then later I can report them as spam.

Gmail is an online web page. The fact that it is used for email is irrelevant.

If spammers are able to access any .js files that is in a Gmail or Google.com page, then it seems to me that this is a security flaw in the BROWSER, and that ANY web page that uses JS files is at risk.

Maybe I'm wrong, but I smell a hoax.

Yeah im tired of the damn viagra messages. I can stand up fine if you know what i mean.






Fucking spammers

I guess I am going to have to find a different way to store my credit card information. I gotta stop making contacts like 5555-1332-4444-2342-1208@mastercard.com

Note that the non-malicious link picks up a heap of info from Safari even if the Gmail page window is closed but not logged off.

Could be dodgy, for sure.

I also noted that if I closed a Gmail page, then clicked on the Gmail bookmark, I go back into the previously open account without out needing a log-on name & password. I assume that feature times out if inactive.

I have never given my gmail address out to ANYONE who wasn't a personal friend (well, other than Engadget - you guys selling my info?), so I've been wondering why I currently have 815 spam emails in my spambox. Nice job, Google.

It's yet another reason why being constantly logged in to Google is a bad thing - they also record all of your searches and keep those attached to your account also. That's a recipe for disaster too, as the AOL debacle showed, but this would be even bigger if that data ever got out.

My problem is I use Google's gmail notifier, so unless I want to lose that, I basically have to stay logged in. But at that point, I may as well just go back to using Outlook, because I need to know when I get email. (Yeah, I know I can use Outlook with gmail, and I do have that set up... but the point is I hate Outlook!)

This is most definitely NOT FIXED. Thanks Engadget, especially for providing the test link. For all of you who don't think being able to read addresses is a big deal- please stay the hell away from me. And you spam discounters? It's no big deal? Jesus, I can smell a corporate tool.

WTF that seriously craps me out that clicking that link gave me all my contacts lol, f*ck. Thats pretty messed up, and lik eother people said, im friggin tired of getting viagra messages in my gmail account all the time. Although the SPAM filter gets it all pretty much, its still annoying because i can delete all spam messages one second, and then literally 5 minutes later there will be at least another 10 or 15. >=(

Does anyone know if using NoScript with Firefox will protect me if I use Google notifier? What about the gmail notifier add on in Firefox itself?
Is there anything to protect people that use IE or Netscape?

A workaround is to have your g-mail open in one browser (say safari) and do your other surfing in another (firefox or whatever). I just tested the safari/firefox setup and the engadget test link couldnt' see the google contacts. I'm not sure how this will work for folks who use the g-mail notifier since I don't use that, but it's a start until Google gets a real fix out.

Was fixed faster then reported :)
Thanks to Google for fixing this issue so fast.

Still not fixed. Google does too many things at once and overlooks too many flaws in their programs so they get stuck in beta forever. You would think a company as big as Google could get things right a lot quicker than they do.

you guys are all gay, its obviously a browser leak. why is everyone pointing fingers at google for something that ertarded microsoft should fix.
another thing,.. pretty much anyone can write a script that reads your contacts from your email account.. from a computer that you are logged into

3rd point .. who really cares if that one folder called SPAM is filled... does that little number beside it scare you? you feel like theres little aliens comming to get you if there is alot of spam? like are we a bunch of little baby girls?
suk it up, its the world wide web, it will never be 100% secure.. unless there is nothing free on it, and only people who spend alot of money on their sites can have them hosted
just deal with it

To Thomas Ricker:

The URL in your update doesn't prove anything. Of course there are URLs which will display a user's Google data when they click them. If there weren't, they wouldn't be able to use any Google services. You can post a link to the Gmail page and any user can click it and see their own e-mail if they are logged in. Does that mean that you (Engadget) can see that person's e-mail? Of course not.

The issue is whether or not javascript running in the context of a non-Google domain can acquire and transmit a user's personal Google information (contacts, whatever) to a non-Google domain.

FWIW, I'm logged into Gmail, Calendar, Docs, and Reader and the link provided in the post gives me this:

google ({
Success: false,
Errors: []
})

I tried logging into every google service i could but the link still says
google Success: false, Errors: []

tried in safari and firefox.???

Looks like it's only a problem if you're using IE7. The link doesn't work if I click on it in Firefox. Thanks Microsoft.

Just get the
google ({
Success: false,
Errors: []
})
When tried in Safari and Firefox in both XP and OSX
When tried in IE7 It tries to save it as an extentionless file called contacts

But it still doesn't show me my contacts

Whoops that was still me...

All the more reason to use Firefox and NoScript. And to use security zones in IE.

I was wondering why my spam box gets about 25 spams an hour, and then I looked at the sender and the names were similar to the ones in my contact list, instead of Mark it would be like Marok or something like that. At least it's fixed now.

Firefox gives me the false success, IE7 has me save a file called contacts. Same as everyone else. Firefox rules! Whooo! Toga partyyyyy!!

i was wondering why i had like 14,000 spam messages since ive had my gmail account for over a year.

Yeah. Firefox and Opera both give the "False" responses. Internet Explorer brings up a download file prompt for a file called "contacts". IE really sucks now and I'm happy I use Firefox. Props to Google if they fixed anything and I can relate to people because all of a sudden a couple of weeks ago I started receiving spam but at least Google is catching it.

I don't see how SPAM messages became an issue from this topic regarding a Google email bug, as if spammers have been using this bug for decades to collect email addresses. Instead of griping about Microsoft or Google, why doesn't everybody go b*tch to their coworkers, friends and relatives who proceed to ignorantly forward chain-emails and jokes that still contain the forwarded headers of every person's email address who ever received the letter? Those have got to be a spammer's wet dream -- an email with an entire listing of valid addresses, for FREE. Or what about the virii that infect your computer because you were downloading illegal porn, mp3s, or pirated software from peer-2-peer.freak.net and didn't keep your anti-virus software up-to-date? Or what about those sixteen BLOG or FORUM messages you posted last week that had your email address clearly printed and searchable for any web surfer to read? You all are so quick to blame the corporations, but won't take any of the blame yourselves for the SPAM you get. Collect all your "Why do I have spam!?!?" energy and direct towards supporting laws and data protocols that prevent spammers from ever sending you the crap in the first place.

And thank you Google, because I've been enjoying your email service ever since it started and I have only received 6 SPAM messages as a result of using Craigslist -- luckily it was an anonymous address that quits functioning after the ad is deleted.

Happy New Year.

dijitul

"As reported on Digg..."
Sense when is anything reported on Digg?

'm using this account for a long time now, earlier I never used to get any spams, now I get loads and loads of 'em ,for online dating and ofcourse like others Viagra stuff..and my boyfren thinks i'm looking for online dates :-(

Oh dear, this sounded really terrifying. But i clicked on the non-malicious link (thanks engadget) while logged into my gmail account (i'm using Firefox) and it came up with only this:

google ({
Success: false,
Errors: []
})

So does that mean it's all fixed then? Hope so...

Gmail is just a magnet for spam. When it was new, it was sure to get many more users, so spammers just randomly guessed at gmail addresses. I have several, and the one that is based on my name has been getting loads of spam since before I even gave anybody the address. The other gmail accounts that are not names, just words or other irregular things, get no spam.

So what?!?!?!?!? This is bizzare, are you suggesting that your G mail account is somehow sacredly protected?

VastOne

whatever spam I get on my gmail account is nothing compared to the shit I received on my hotmail account before I let it die.

I tried it, and got no contact information.
I even tried logging into my different gmail accounts, and doing it again.
I think it may be fixed.

My gmail was hijacked. I followed the steps listed in gmail's help section. They didn't work and google support refused to help me restore my account. Now all my contacts, passswords, account numbers, files, pictures, etc, are in some hacker's files. I'm very disappointed with google to say the least.

"ogged into Google services like Gmail, Blogger, Orkut, Reader, Calendar, etc. -- you know, the sites you typically have open all day long."

...what, you mean someone actually uses all that crap?

Insurance loans foundation Services
Northern Ontario Grow Bonds Business Loan Program
Address:Northern Ontario Grow Bonds Corporation
70 Foster Drive, Suite 200 Sault Ste. Marie ON P6A 6V8Northern Ontario
canada
Insurance loans Inc. has an easy way to get a home loan ! We can help make the home loan process easier, with lots of personal assistance, online information and tools, and loan programs that match your needs even if you have bad credit. Insurance loans Inc. has access to over 150 different mortgage investors. We offer creative and flexible financing for almost any credit situation that other institutions simply can’t offer. If you have been turned down before because of bad credit, have had difficulty finding financing, or are just looking for a great rate, Insurance loans can help you. Whether you’re looking for a California equity home loan, an equity home loan in any state,Email us. We offer a variety of bad credit home loans to suit your special needs. We can walk you through all the necessary steps with ease, even if you have a past bankruptcy.
Home Improvement
Mortgage Refinancing
First Time Home Buyer
2nd Mortgage
125 Home Equity
Debt Consolidation Loan
This loan application is not for residents of the US and Canadian only , we accept applications from residents in Alaska, Arkansas, Washington, D.C., Puerto Rico, or from any one residing outside of the United States or overseas.Email us now : Insuranceloansfoundation@consultant.com

Spam problems over? I don't think so! Here's a pretty good test case - described in an email I sent to Google today:

I am having a huge (for me) new spam problem - not with my new gmail account (????@gmail.com), but with the account listed as my gmail default from/reply to address.

I don't think you adequately inform accountholders of the exposure risk to their other email accounts, and I intend to post this correspondance online to increase public awareness of this particular security risk in using a gmail account.

The details:

I opened a gmail account last month (mid Feb). As my default from/reply to address, I chose an address I've had a few years, but seldom used (?????@?????.rr.com).

From Mar 1-13 only, I had my gmail account retrieve mail from a few of my other POP3 accounts. All mail incoming to gmail was forwarded to yet another of my addresses.

Since I opened my gmail account, I have sent only ONE email from that gmail account. I used the ?????@?????.rr.com from/reply to address. I sent it to someone I regularly mail to using my other email accounts.

In the last 14 hours (Mar 19)I have recieved over 100 spams to my ?????@?????.rr.com email address (not coming through gmail). I have never received any spam to that address before - or that much spam to all my 7 other accounts combined! (I have tight security on my systems, and use the Cloudmark spam filter.)

This new spam must be a security problem originating with gmail, since it's never been a security problem with any of my accounts (or the mail recipient's account) in the past.

Today I have removed all reference to other email addresses from my gmail account, and permanently deleted all mail.

Unfortunately, I don't expect that will solve my new spam problem.

I expect an apology from Google. More than that, I expect your prominent disclosure of NEW security risks to your accountholders' other email addresses.

Can kids get agmail account??

I had an issue today where somehow my Gmail account got used to send spam to all the people in my contacts list. I was logged in at the time and surfing. Is this the exploit/problem being talked about here? Cos all these comments make me think it's something different, like getting bombarded with spam yourself, rather than your Gmail getting used/exploited/compromised for channelling spam to your contacts by a third party. If that's the case (that it is not the same thing as happened to me today) then can I NOT assume my problem/insecurity has been fixed by Google?