In collaboration with the SEC Consult Vulnerability Lab, Timo Longin discovered a new technique for email spoofing using the SMTP (Simple Mail Transfer Protocol). This technique, known as SMTP smuggling, allows threat actors to send malicious emails from arbitrary email addresses, enabling targeted phishing attacks. Multiple vulnerabilities were discovered and reported to vendors in 2023. The article provides a detailed explanation of SMTP, email authentication mechanisms like SPF, DKIM, and DMARC, and how SMTP smuggling works. The author also shares findings from their analysis, including a vulnerability in GMX’s SMTP server that allows for SMTP smuggling.
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/