Employees repeatedly fall for vendor email compromise attacks https://www.helpnetsecurity.com/2025/06/09/vendor-email-compromise-attacks-vec/ #emailsecurity #AbnormalAI #report #survey #email #News

#Citibank emailed me an alert. The same bank that constantly warns me about email scams. And, yet, they misconfigured their email so it comes as a spoofed email. My email provider delivered it anyway because Citi has a "relaxed" policy in their DNS that says that EMAIL FROM A SPOOFING SERVER CAN BE DELIVERED so long as the signature passes. Yep, servers spoofing them are not a major red flag and the email should be delivered to the inbox anyway. The email provider is not to blame here.

A major bank should not do it this way.

The spoofing SMTP server check failed because the sending IP address is not authorized by Citibank's SPF record for info6.citi.com to send their email. This has been going on for years. Do you want Citibank email from a server not authorized by them to send it?

This relaxed attitude by corporations is why people get scammed.

Authentication-Results: mail.protonmail.ch; spf=fail smtp.mailfrom=info6.citi.com
Authentication-Results: mail.protonmail.ch; arc=none smtp.remote-ip=173.213.5.122

Mail relays | Are you forwarding mail without checks, validation, or spam filtering? You could be creating a real mess.

Typos, spamtraps, and forged senders can quickly snowball into blocklistings and delivery failures.

In part two of our short series on mail relays, we jump into the chaos careless forwarding can cause, and what you can do to avoid it:

https://www.spamhaus.org/resource-hub/deliverability/mail-relays-part-2-problems-with-forwarded-mail

1. Hacker News, a #CyberSecurity newsletter, is sent from a domain where DMARC policy is p=none, which tells email providers, like gmail, to deliver all email that is screaming, "I am a Hacker News spoof email sent by a POS scammer" to the intended recipient anyway. p=none means take no action, even if you know it's a scam. Spam folder optional. Email services and clients will oblige. WTF Hacker News?

2. Hacker News is also using an insecure signature algorithm for signing their newsletter.

3. An extremely well-known Cybersecurity expert is sending the newsletter from a domain that has no DMARC record at all, so all spoof emails claiming to be from them will be delivered. And likely this is being constantly exploited. A DMARC policy of p="reject" would have those spoof emails trashed and not delivered. But no DMARC policy means "whatever, and I don't want to know". So, spoof emails go through unstopped and no reports of abuse are being sent to this person either. And it's their job to tell us how to stay secure and not be fooled by spoof emails. WTF?

Sometimes I don't understand how things work in the world.

I received an "important email" from #Dreamhost about my domain registration. You'd think that #email security would be paramount for them.

They have no DKIM setting, so it's impossible to see if the email was tampered with in transit and if it was sent by the claimed sender. And, their DMARC policy is p=none, which tells email providers, "don't do anything special if you can't verify me".

Their dreamhostregistry.com domain is wide open for spoofing because they've configured it to be wide open for spoofing.

How can a web hosting company be so lax about email security? How can I trust emails they send to me if I have no assurance they sent it, and it wasn't modified in transit?

Overkill. With many receivers treating no SPF as a blanket '-all' it does very little to make it explicit.

However, if you really feel that you must give SPF records to every subdomain, make sure to also give them null MX records to drive the point home that the subdomain is not for #email.

#InfoSec #EmailSecurity https://infosec.exchange/@ais_security/114556032057865718

We keep being asked why Findalyze suggests SPF records for all (sub)domains of an org, so we wrote a blog post about it.

TL;DR: spoofing does not care from which domain you normally send emails because receivers don't know this either

https://www.findalyze.com/en/blog/know-how/faq-how-can-spf-records-for-every-single-sub-domain-help-to-prevent-phishing?utm_campaign=blog-content&utm_medium=social-media&utm_source=mastodon-ais

Email authentication used to be something only big players worried about. Not anymore. While small senders may not feel the heat yet, it’s only a matter of time before it reaches them...

Want to stay ahead of the curve?

Learn how authentication can be implemented at the relay level to improve deliverability, prevent abuse, and protect your reputation before problems hit.

https://www.spamhaus.org/resource-hub/deliverability/mail-relays-part-1-authenticate-your-outgoing-mail/

Russia-linked hackers target webmail servers in Ukraine-related espionage operation https://www.helpnetsecurity.com/2025/05/15/espionage-operation-roundpress-webmail-servers/ #RussianFederation #cyberespionage #emailsecurity #News #ESET #APT #XSS

From today, Microsoft is enforcing DMARC for high-volume email senders, to boost inbox security, reduce spam, phishing, and spoofing threats targeting consumer mail users.

https://techcommunity.microsoft.com/blog/microsoftdefenderforoffice365blog/strengthening-email-ecosystem-outlook%E2%80%99s-new-requirements-for-high%E2%80%90volume-senders/4399730

Microsoft's Outlook is now the world's strictest email bouncer! "Sorry, your 5,000+ emails aren't on the list without proper authentication."

No SPF, DKIM, or DMARC? Then you're not getting past the velvet rope. Time to clean up that email game!

#Technology #EmailSecurity

https://it.slashdot.org/story/25/05/05/1817247/microsoft-cracks-down-on-bulk-email-with-strict-new-outlook-rules

Our Houston-based client is looking for a 𝗿𝗲𝗺𝗼𝘁𝗲 (must be in Mexico) Senior Email Security Analyst with experience with Abnormal Security or a similar email security platform. If you're interested, please apply in English :

https://recruiterflow.com/nsc/jobs/38