There is no vulnerability. Its Gmail trying to sell its two factor authentication as well as SPF, DMARC and DKIM . Almost no-one has implemented all these protocols and any, if not all users have experienced disabling problems. The solution is to turn off this new setup and go back to the previous standard international protocols.
this thread is closed.