VU#244112: Multiple SMTP servi... Note

VU#244112: Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement

Multiple vulnerabilities in hosted outbound SMTP servers allow authenticated users to spoof sender information, bypassing security measures provided by SPF, DKIM, and DMARC. These vulnerabilities arise due to insufficient verification of authenticated senders against allowed domain identities by hosting providers.SPF records identify authorized IP networks for sending emails, while DKIM provides digital signatures to verify specific email content, including sender addresses. DMARC builds on SPF and DKIM, adding linkage to the sender domain and reporting mechanisms for improving email authentication and protection.CVE-2024-7208 and CVE-2024-7209 exploit these vulnerabilities, allowing authenticated attackers to impersonate shared, hosted domains, circumventing DMARC policies and sender verification.This spoofing can lead to phishing attacks, malware distribution, and brand damage for domain owners.Hosting providers should verify the identity of authenticated senders against authorized domain identities to mitigate these vulnerabilities.Domain owners should implement strict DMARC policies and consider using independent DKIM facilities to protect their sender identities.Email senders requiring high identity fidelity can utilize S/MIME or PGP for enhanced security.Researchers Caleb Sargent and Hao Wang are acknowledged for reporting these vulnerabilities.