"Email Security Features Fail to Prevent Phishable 'From' Addresses"

A team of researchers discovered 18 different ways to undermine the authentication that is supposed to be provided by the three email technologies - Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-based Message Authentication, Reporting and Conformance (DMARC). According to the research team, DKIM, SPF, and DMARC have critical implementation differences that could be exploited to allow an email sent from an attacker's mail server to be verified as sent from a different legitimate-looking address. The research brings further attention to the problem with component-based software design. This article continues to discuss the failure of the three standards for email security to verify the actual source of a message.

Dark Reading reports "Email Security Features Fail to Prevent Phishable 'From' Addresses"