Collaborate Disseminate
Is there a way to harden Exchange Online to prevent spoofing of internal addresses using SMTP?
For example, if I connect to Outlook’s SMTP server and issue the following commands:
HELO domain.com
MAIL FROM: ceo@domain.com
RCPT TO: employee… Continue reading Internal Address Spoofing using Outlook SMTP Server [migrated]
Can SMTP be relied on to send confidential information and attachments in 2023?
With the concentration of email accounts in big cloud platforms belonging to Microsoft, Google and others, is email more secure today than it was a few years a… Continue reading How secure is SMTP email today? [duplicate]
In setting up SMTP MTA Strict Transport Security (RFC 8461) for my domain, I’ve noticed some contradictory advice and practice: although the maximum value for the max_age policy value is around one year and the RFC states that "implem… Continue reading What are the risks of an MTA-STS policy with a long max_age?
I have an account within an organisation that provides e-mail-services within their infrastructure. These can be connected to via IMAP/SMTP and Exchange and always require password authentication. Today I learned that when I change the Fro… Continue reading Is it acceptable/common for an SMTP server to not verify the From-Address of authenticated users?
I’m using Apache Airflow and I was troubleshooting built-in smtp setup. A mass email occurred on "ops@myexample.com". It was used as a "From:" email in a mass email attack.
Chronology: Started docker by running an exten… Continue reading Malicious Mass Email Attack Occurred, Do I Still Have Problem?
The spf record for my domain is:
v=spf1 a:smtp.(my-isp).com ip4:(my-static-IP) -all
I have recently added smtp.(my-isp).com to the spf record.
I have sent some test emails to gmail where the outgoing SMTP server was smtp.(my-isp).com but … Continue reading SPF problems using my ISP’s SMTP out-bound server
How can I send an email with a spoofed ‘from’ field with nodemailer and SMTP? I know that SMTP does not provide any authentication check to see if the ‘from’ field is actually correct, so why is it not as easy as just changing the ‘from’ h… Continue reading Send spoofed email with nodemailer
Assuming I am creating an online service that allows my clients to send email (using their SMTP credentials), what risks should I consider and how to prevent them?
The sender of the emails will always be the username of the SMTP credential… Continue reading Risks sending emails with my servers using clients’ SMTP credentials
I was surprised to see that the French cybersecurity agency tolerates an SMTP relay server in the DMZ (which collects emails received from the Internet) to reach the Email server in the LAN.
In my opinion, the relay SMTP server in the DMZ … Continue reading Why it is so widely tolerated to allow SMTP server in DMZ to initiate connection to the LAN
I am trying to send an e-mail via Windows Powershell ISE using Office365’s hosting server, on behalf of another user which is specified in FROM part of the code using. But when I try to do this, I get: "STOREDRV.Submission.Exception:S… Continue reading Bypassing Office365 Server Send As Denial