July 18, 2024 at 02:23PM
Three novel attack techniques chaining vulnerabilities found in email-hosting platforms allow spoofing of emails from over 20 million trusted organization domains. Researchers at PayPal discovered flaws that bypass SPF, DKIM, and DMARC protocols, affecting large email service providers. They plan to disclose these vulnerabilities in an upcoming conference. The attacks leverage SMTP smuggling and abuse of DKIM and SPF records.
The meeting notes highlight critical findings by security researchers at PayPal regarding novel attack techniques that exploit vulnerabilities in email-hosting platforms. These attack techniques, referred to as SMTP smuggling, enable threat actors to spoof emails from over 20 million domains of reputable organizations. The vulnerabilities identified include bypassing SPF, DKIM, and DMARC security protocols. The research team plans to present their findings at the upcoming Black Hat USA conference and disclose affected vendors, which could number more than 50, as part of a responsible disclosure process.
Furthermore, the notes detail three attack techniques, each exploiting different vulnerabilities in email verification processes. The researchers also plan to introduce a method for detecting SMTP smuggling attacks, which involves analyzing the difference between Message-IDs added by outbound and inbound SMTP servers.
Finally, the meeting notes make strong recommendations for organizations to enforce DMARC, DKIM, and SPF security controls, alongside implementing email-filtering solutions and adhering to RFC standards for authentication and authorization as part of a multilayered approach to enhance email security and prevent phishing and spoofing attacks.