Bypass File Attachment Restrictions in Google Groups via Email Posting

On Google Groups, owners can restrict the ability to post messages and attachments, yet a flaw means these restrictions can be bypassed if the “Allow Email Posting” functionality is enabled.
This means that even if file upload permission has been set to owners only, regular members can get around this by emailing the group on groupname@googlegroups.com, with the attachment successfully added.
This vulnerability was submitted to Google VRP but was marked as a duplicate.
It was shared publicly anyway for educational purposes.
This could be detrimental to private and sensitive Google Groups, such as those used by enterprises, academic institutions and internal teams, so it’s worth making sure the problem has been resolved on Google’s side.

Fast Feed