Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections

By exploiting vulnerabilities in Microsoft, GTX, and Cisco Secure Email Gateway servers, attackers may generate targeted phishing attacks by impersonating millions of email addresses. Attackers can now circumvent Domain-based Message Authentication, Reporting and Conformance (DMARC) and other email security measures by using a novel method to abuse a decades-old protocol that has been used to send emails since the Internet’s inception. This puts people and organizations at risk of targeted phishing attacks that mimic authentic sources.

Security researcher Timo Longin, senior security consultant at SEC Consult, disclosed in a blog post published on December 18 that attackers can use a method known as “SMTP smuggling” to take advantage of Simple Mail Transfer Protocol (SMTP) on servers that are susceptible to vulnerability. This allows the attackers to send numerous malicious emails with fictitious sender addresses that evade standard email security checks.

Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections

18-Dec-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address