Time to Get Strict With DMARC

October 18, 2024 at 03:41PM As of early 2024, DMARC adoption surged, with a 60% increase in domains implementing it due to Google and Yahoo’s requirements. However, many businesses remain hesitant to adopt stricter enforcement policies, fearing that legitimate emails may be lost. Improved compliance and awareness of DMARC’s importance are crucial for email security. … Read more

Proofpoint settings exploited to send millions of phishing emails daily

July 29, 2024 at 09:57AM The ‘EchoSpoofing’ phishing campaign exploited Proofpoint’s email protection service, sending millions of spoofed emails impersonating major companies. The emails aimed to steal personal info and incurred charges, while passing SPF and DKIM checks. Guardio Labs discovered and helped fix the security gap, leading to Proofpoint tightening security and introducing new … Read more

DPRK’s Kimsuky APT Abuses Weak DMARC Policies, Feds Warn

May 2, 2024 at 05:06PM North Korean hackers use weak DMARC configurations to impersonate organizations in phishing attacks against individuals targeted by the Kim Jong Un regime. FBI and NSA warn about APT Kimsuky’s exploiting of this vulnerability, posing significant risks. Proper DMARC, SPF, and DKIM configuration are crucial for preventing such cyber threats. Based … Read more

Middle East Leads in Deployment of DMARC Email Security

March 4, 2024 at 02:26PM Organizations globally and in the Middle East are swiftly adopting email authentication technologies, especially following recent mandates from Google and Yahoo. Strong adoption has already been seen in countries like Saudi Arabia and the United Arab Emirates. The trend is not only driven by regulations but also a proactive approach … Read more

Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections

December 18, 2023 at 03:20PM Attackers have developed a novel method called “SMTP smuggling” to exploit vulnerabilities in email servers, allowing them to send spoofed emails from legitimate domains and bypass email security checks. This technique affects servers from Microsoft, GMX, and Cisco, potentially putting organizations at risk for targeted phishing attacks. Microsoft and GMX … Read more