What is SMTP smuggling?
In simple terms, SMTP smuggling is the process by which emails from supposedly trustworthy senders can be planted on vulnerable systems, which can then be used for CEO fraud or other phishing attacks. SPF and DMARC checks do not offer any effective protection and the recipient really believes to have received an email from Microsoft, PayPal or other legitimate senders.
How does SMTP Smuggling work?
Trustworthiness poses a problem
However, the attack only achieves its full effect when these messages are sent to the target server via trusted servers. For example, it was possible for the security researchers to send an email from a Microsoft account to a web.de account.
To the recipient, it actually looked as if the email came from a Microsoft admin account. SPF and DMARC also confirmed the authenticity of the email.
Details on SMTP Smuggling are described on the SEC Consult website: SMTP Smuggling – A new method for forging senders in emails. The Federal Office for Information Security (BSI) has also published a warning.
NoSpamProxy customers are protected
You can also find a detailed explanation of SMTP Smuggling on www.msxfaq.de (German only).
Reliable protection against SMPT smuggling – with NoSpamProxy
With NoSpamProxy you can reliably protect your company against SMTP smuggling. Request your free trial version now!