[Heads Up] SMTP Smuggling - How It Easily Circumvents Your Email Defenses



SMTP Smuggling Technique Bypasses Email Authentications Establishing LegitimacyA newly-discovered technique misusing SMTP commands allows cybercriminals to pass SPF, DKIM and DMARC checks, allowing impersonated emails to reach their intended victim.

Earlier this month, Timo Longin, security researcher with cybersecurity consulting firm SEC Consult published details on what is now referred to as SMTP Smuggling. Simply put, he detected miscommunications using the SMTP protocol that allowed message content to be submitted to a receiving email server in a way that makes the protocol simply accept the message and process its delivery to the intended recipient.

While rather in the weeds in terms of how it works, in essence cybercriminals take advantage of what should be the end-of-data sequence near the beginning of the submission of an email message, entire emails are “smuggled” within the process, therefore bypassing normal steps that include checking SPF, DKIM and DMARC.

csm_SMTP_Smuggling-SMTP_smuggling_GMX__16__754993e69e

Source: SEC Consult

In the image above, you’ll note the initial short email with the email body of “lorem ipsum.”  But then there’s this extra email with the email body of “I am the admin now!”  The specific content is irrelevant (other than to provide an example of something benign vs. malicious in nature), but it shows how SMTP smuggling occurs.

According to Longin, this method can be used to impersonate emails from any high-profile brand. This is where it becomes a real problem.  Users that have not undergone security awareness training will be more prone to believing an email is actually from the company it claims to be, falling for the socially-engineered scam within.

The vulnerability was initially reported to vendors in late July.  Microsoft has since rolled out a patch, but other vendors, including Cisco, have yet to do so.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.


Find out which of your users' emails are exposed before bad actors do.

Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4's Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

EECPro-1Here's how it works:

  • The first stage does deep web searches to find any publicly available organizational data
  • The second stage finds any users that have had their account information exposed in any of several thousand breaches
  • You will get a summary report PDF as well as a link to the full detailed report
  • Results in minutes!

Get Your Free Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/email-exposure-check/



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews