"Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections"

A novel way to exploit a decades-old protocol that has been used to send emails allows attackers to bypass Domain-based Message Authentication, Reporting, and Conformance (DMARC) and other email security mechanisms, putting organizations and individuals at risk for targeted phishing attacks. According to security researcher Timo Longin, senior security consultant at SEC Consult, using a technique called "SMTP smuggling," attackers can exploit Simple Mail Transfer Protocol (SMTP) on vulnerable servers to send malicious emails with fake sender addresses that pass typical email security checks. The technique, which can be used with both inbound and outbound messages, involves zero-day flaws in Microsoft, GMX, and Cisco messaging servers. This article continues to discuss the SMTP smuggling method.

Dark Reading reports "Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections"

Submitted by grigby1