Well it’s official and no longer just conjecture. Google’s redirection hole is now being used as a phishing redirector. I don’t know how anyone could reasonablly argue that this isn’t a problem now. It’s not me just spouting what could be or what might be, this is actually happening. Redirection without some way to whitelist is dangerous for your brand, and it’s bad for your consumers when they trust your link and go to a phishing site.
It was bad enough when it was simply being used for spam, but now we are talking about user’s accounts being compromised. I understand this is a very complex issue to fix, having dealt with these issues in the past myself. Understanding it is no excuse for not fixing it though. It’s been about six months since I first reported many of these issues.