email security
The Register’s Thomas Claburn details a recently shared research paper exposing troubling examples of loopholes in email authentication, allowing bad guys to spoof messages via email forwarding. Thankfully, some of the potential loopholes reported have already been addressed by specific email service providers. Some might say “don’t share this, as we don’t want to give the bad guys more ideas,” but I think it’s important for everyone to read and understand potential limitations and/or bugs in how things are implemented today, so that we can focus on addressing those problems, sooner, rather than later.Click on through to read “If you’re struggling to secure email forwarding, it’s not you, it’s … the protocols” over at The Register. (Great title, though it’s not always the protocols — sometimes it’s the implementation thereof.)
DKIM replay attacks are one of the new big things lately, and they work like this: Take a DKIM signed email message, and re-send it to a billion other people. Maybe add another header (or change the subject, if the signature doesn’t cover the subject), or maybe change nothing. Just take that message and randomly spam a million people. The mail will pass DKIM authentication checks, as long as it is sufficiently unchanged, and thus it authenticates as if it were a legitimate email message. Even if you weren’t the original intended recipient. Even if it was sent only to one person but then recent to a million other people, just to annoy them. That’s not a good thing — it can damage a sender’s domain reputation, because people unhappy about that unwanted mail will report it as spam, and spam reporting processing mechanisms will tie it back to the
Rackspace appears to have suffered a security issue related to their Hosted Exchange mailbox environment, starting on December 2nd. You can find more information here, here and here.From what I can tell, their Hosted Exchange systems make up only a small portion of the overall mailbox provider infrastructure hosted by Rackspace. Doing a quick check against the top 10 million domains suggests that the vast majority of mail traffic to Rackspace is handled by their non-Exchange infrastructure. Less than 1% of the Rackspace-hosted domains in the top 10 million domains point at the affected Exchange services. Rackspace’s MX records typically look like mx*.emailsrvr.com for non-Exchange-using domains, and mex*.emailsrvr.com for Hosted Exchange infrastructure-using customers.Sender impact is thus likely to be small — you’ll see a bit of bouncing at a handful of affected domains, as they’re not able to accept mail at this time. If you’re a mail/IT admin at an
It’s always good to take another look at email functionality through a security lens. Head on over to Krebs on Security to check out “The Security Pros and Cons of Using Email Aliases,” by the man himself, Brian Krebs. (And a side note to Brian: DALL-E can be great help and a bit of fun if you’re struggling to figure out what kind of graphic to include in a new blog post!)
We all know the benefits of email, but we should also be aware of the risks. The biggest risks include bad actors who try to take advantage of the potential vulnerabilities of email systems to infiltrate them with phishing attacks, malware, ransomware, and more. That’s why email defenses are always getting stronger: to protect recipients […] The post How to Send a Secure Email for Access and Delivery appeared first on SendGrid.
Here’s one I almost missed, from a couple of weeks ago: According to Wired, Cloudflare is moving into the email security space. The goal? To better protect against email-delivered threats (think phishing). They see a gap there; one I’ve noticed myself.From the article Cloudflare Is Taking a Shot at Email Security by Lily Hay Newman: “Prince says that Cloudflare employees have been “astonished by how many targeted threats were getting through Google Workspace,” the company’s email provider. That’s not for lack of progress by Google or the other big providers on anti-spam and anti-malware efforts, he adds. But with so many types of email threats to deal with at once, strategically crafted phishing messages still slip through. So Cloudflare decided to build additional defense tools that both the company itself as well as its customers could use.”I’m using a bit of cheeky hyperbole up there in my choice of title, but…