Read this story about Spymac spamming people through GMail. I was apparently in Reid's GMail contacts and I got hit too. But what really bugs me now is that I got the spam from Spymac not via my GMail address but via my main personal email address on padawan.info, the one I gave to Google when registering to GMail, and one that neither Reid nor Spymac have (or should have). This means that either Spymac has got this address from Google or Google sent the spam on behalf of Spymac. The former looks more probable as the email source shows that the email was sent from a server named http11.spymac.net. They also got my full name. In any case, I didn't give Google the permission to share my name and private email address with a third party. (See post-scriptum below.)
This smells really, really bad.
P.S. the story still unfolds and gets uglier at each episode. Apparently Spymac has found a way to crawl one's entire GMail correspondence and spam whoever you have ever written to. That's how my personal address was hit, as Reid had sent me an email through GMail a long time ago. This is really maddening!
P.S. 2: per Reid's post and Garoo's comment below, I rule Google out as a culprit. But if what Spymac has done isn't against the Terms of Use of GMail, then Google has a problem. If it is against the ToU, as I think it is, then Google lawyers should talk to Spymac.
P.S. 3: Unfortunately, the practice extends.
Yeah, they found a crazy, scary hack that lets them access your Gmail address book: they ask you for your password. (You'd think people wouldn't fall for this nowadays, but you'd be wrong.)
this is messed up.. I am going to try to ask around..
http://www.spymac.com/details/?2280695