Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections


By exploiting vulnerabilities in Microsoft, GTX, and Cisco Secure Email Gateway servers, attackers may generate targeted phishing attacks by impersonating millions of email addresses. Attackers can now circumvent Domain-based Message Authentication, Reporting and Conformance (DMARC) and other email security measures by using a novel method to abuse a decades-old protocol that has been used to send emails since the Internet’s inception. This puts people and organizations at risk of targeted phishing attacks that mimic authentic sources.

Security researcher Timo Longin, senior security consultant at SEC Consult, disclosed in a blog post published on December 18 that attackers can use a method known as “SMTP smuggling” to take advantage of Simple Mail Transfer Protocol (SMTP) on servers that are susceptible to vulnerability. This allows the attackers to send numerous malicious emails with fictitious sender addresses that evade standard email security checks.

Read More…