spam

Last month, we were able to report a vulnerability to Google where we were able to  email from any domain that has not been claimed by its owner previously. For example, using google itself as a victim, we were able to claim domains such as ytimg.com and gstatic.com.

http://nahamsec.com/lack-of-domain-verification-by-google/